How should we reconcile your standard recommendations with NaCl proper and how libsodium is used in other languages?
I'll try to loop Frank Denis in on this conversation again, but any specific objections (esp. bikeshedding) would probably be best moved towards new issues on the jedisct1/libsodium GitHub repository. On May 25, 2015 2:10 AM, "Yasuo Ohgaki" <yohg...@ohgaki.net> wrote: > Hi Scott, > > On Thu, May 21, 2015 at 10:15 AM, Scott Arciszewski <sc...@paragonie.com> > wrote: > >> Hi Internals Team, >> >> I'm sure everyone is really focused (and excited) for PHP 7.0.0 later this >> year, and many of you might not want to discuss what 7.1.x looks like yet. >> >> The current state of cryptography in PHP is, well, abysmal. Our two main >> choices for handling symmetric cryptography are libmcrypt (collecting dust >> since 2007) and openssl, which lacks a streaming API (e.g. mcrypt_generic) >> and GCM support. >> >> While mcrypt is slowly decomposing in the corner and code is being >> desperately migrated towards openssl in case a critical vulnerability is >> discovered in the abandonware choice, the libsodium extension has been >> growing steadily. Thanks to Remi, it should soon be compatible with both >> PHP 5.x and 7.x (decided at compile-time). The libsodium library itself >> has >> landed in Debian 8 and Ubuntu 15.04 and adoption is expected to persist by >> the next Ubuntu LTS is released. >> >> I think now is a good time to talk about the possibility of making >> libsodium a core PHP extension, depending on where things are when we near >> the 7.1 feature freeze. >> >> I've just opened an RFC for precisely this purpose: >> https://wiki.php.net/rfc/libsodium >> > > These are examples from github > > $nonce = Sodium::randombytes_buf(Sodium::CRYPTO_SECRETBOX_NONCEBYTES); > $key = [a binary string that must be CRYPTO_SECRETBOX_KEYBYTES long]; > $ciphertext = Sodium::crypto_secretbox('test', $nonce, $key); > $plaintext = Sodium::crypto_secretbox_open($ciphertext, $nonce, $key); > > We have coding standard. > https://github.com/php/php-src/blob/master/CODING_STANDARDS > > 6. Method names follow the 'studlyCaps' (also referred to as 'bumpy case' > or 'camel caps') naming convention, with care taken to minimize the > letter count. The initial letter of the name is lowercase, and each > letter that starts a new 'word' is capitalized:: > > Good: > 'connect()' > 'getData()' > 'buildSomeWidget()' > > Bad: > 'get_Data()' > 'buildsomewidget' > 'getI()' > > > To include as a core extension, you need standard method names. > Keeping old names as alias is fine for me, but main names should be > standard names. > > Regards, > > -- > Yasuo Ohgaki > yohg...@ohgaki.net >
