ZF3 will move to PHP 5.5 and we have a native password_verify() and password_hash() there.

Will Zend\Crypt\Password\Bcrypt be deprecated or even removed from ZF3? Or has Zend\Crypt\Password\Bcrypt any advantage over the native PHP implementation?

This PR adds the GCM and CCM authenticated encryption mode for OpenSSL for PHP 7.1. This is a new feature of PHP 7.1 proposed in PHP RFC: OpenSSL AEAD support. Read this blog post for more information about the usage of these encryption modes in PHP. I've updated the Zend\Crypt\BlockCipher documentation for this new feature.

Note: I opened this bug #73478 on bugs.php.net. I fixed the zend-crypt code to prevent this issue.

This PR adds the hybrid cryptosystem support (OpenPGP like). It allows also multiple encryptions using a keyrings of public/private keys. This can be useful in multi users scenarios to encrypt data only for specific users.

php -dmbstring.func_overload=7 test.php

<?php
var_dump(strlen("\xF0\x9D\xA5\xB3"));
// int(1)

Using strlen() and substr() for crypto can be dangerous, especially since you work with raw binary.

Support for Argon2 is apparently coming in PHP 7.1 and will be the default in PHP 7.2. It would be ideal if we could utilize this via Zend as well.

Not sure how multi-hashing functionality should be supported, perhaps that should be another ticket?

This PR contains the new OpenSSL symmetric adapter for zend-crypt ver. 3.0. We used this new adapter instead of Mcrypt in FileCipher and we suggested to use it in the documentation for all the other encryption needs. Mcrypt is an outdated extension and it will be deprecated) with PHP 7.1.

Moreover, this PR contains the Zend\Crypt\Password\Bcrypt refactor using the password_hash() and password_verify() functions of PHP 5.5+.

I updated the documentation according to these changes.

Note: All the changes included in this PR are backward compatible. I provided some unit tests as proof.

Zend\Crypt\Symmetric\MCrypt rely on libmcrypt and php-mcrypt/

Libmcrypt is a dead cow, unmaintained for ~8 year, rely on such things can't be serious.

I understand it is not easy to drop such feature, especially for applications using ZF2, but probably it could be possible to deprecate this class, to encourage user to switch to something else, and to be able to drop it later.

This repository use many internal php function. For example in my application when I use Zend\Crypt\BlockCipher class hash_hmac function is call 10k times and take ~23ms! This change should have perfomance visible impact

Should remove "ecb" as a mode and add "ctr". Also, if padding is set to a value of "0", openssl_encrypt() does PKCS7 padding internally

Zend Framework 2.4.6-2.5.3, Zend\Filter\Encrypt\Openssl.php I believe the unset should read unset($options['compression']); , lines 90-93.

if (array_key_exists('compression', $options)) {
    $this->setCompression($options['compression']);
    unset($options['compress']);
}

The code above I believe results in 'Undefined index: compression' later in code. Current workaround is to use ...->setCompression($string) .

https://github.com/zendframework/zend-crypt/search?utf8=%E2%9C%93&q=base64

The way base64_encode() and base64_decode() are implemented in php-src leads to the possibility of cache-timing attacks. We maintain a MIT licensed constant-time implementation of all the RFC 4648 encodings meant for cryptography libraries in particular.

https://github.com/paragonie/constant_time_encoding

This PR adds an extra class for the argon2i password hash algorithm introduced with PHP7.2.

There are some open questions with this:

1. Do we really want to have 1 new class for each algorithm PHP addes? "Argon2id" is just around the corner...

2. PHP's password_verify() accepts currently both Bcrypt and Argon2i hashes. So basically you could either use the Bcrypt class or the Argon2i class to verify either hashes. This makes it pretty easy to migrate users from Bcrypt to Argon2i:

• Use the new Argon2i class as the dependency
• old bcrypt passwords are still verified correctly
• new password will be created with argon2i

3. Do we need a wrapper function for password_needs_rehash() ? This would mean we need some kind of inter-class upgrade path (from class Bcrypt to Argon2i in future php-versions). Although we dont know WHY password_needs_rehash() returns false: is it because of the algorithm or the cost value(s)?

4. This class is marked as PHP7.2+ only (it throws an exception in the constructor). Do we want to provide fallbacks of some kind for older PHP Versions?

5. Other than the algorithm no other PHP7.2+ specific features were used in this class (e. g. scalar type hints and return types) because a syntax error is much more heavy and harder to catch than a constructor-exception (Pre 7.0). Should type hints and return types get added because its a PHP7.2+ class anyway?

From Fedora QA https://apps.fedoraproject.org/koschei/package/php-zendframework-zend-crypt?collection=f28

We encounter erratic test suite failure

• Test suite fails when builder is an arm computer
• Test suite passes everywhere else

There were 4 failures:
1) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorSalsa208Core
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f81'
+'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f484900000000065397009'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:56
2) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptBlockMix
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'a41f859c6608cc993b81cacb020cef05044b2181a2fd337dfd7b1c6396682f29b4393168e3c9e6bcfe6bc5b7a06d96bae424cc102c91745c24ad673dc7618f8120edc975323881a80540f64c162dcd3c21077cfe5f8d5fe2b1a4168f953678b77d3b3d803b60e4ab920996e59b4d53b65d2a225877d5edf5842cb9f14eefe425'
+'65926f050000000028b57eb7d8079020dea4b71fcf1a2ba072c0cab4c93fb6556e2447cb6713f9c4e77fea859a18026c175d2aaba5f4849000000000653970092a7c7e69abf6e67f2bf8f0b400000000b769a515b7db8485d347f4e2abe448101012149261772322a53e07fdc1ba1c14f0f8df09abdae6ca620f98f800000000'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:90
3) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScryptROMix
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'79ccc193629debca047f0b70604bf6b62ce3dd4a9626e355fafc6198e6ea2b46d58413673b99b029d665c357601fb426a0b2f4bba200ee9f0a43d19b571a9c71ef1142e65d5a266fddca832ce59faa7cac0b9cf1be2bffca300d01ee387619c4ae12fd4438f203a0e4e1c47ec314861f4e9087cb33396a6873e8f9d2539a4b8e'
+'226231f300000000c5eefc3d0000000038da7f66d108c506ee48cef300000000e8b3ef4ffcf1b396d308bfe0c90c825800000000073b2afc3cf1324600000000f73554500000000099e71816a8457c49a8e6ce14a6af6b0e88636ac921c78dbe8b3ddc7f1e0c19bf8b30e6b0436369ec867beb125b63f26059db393c297e83f3'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:124
4) ZendTest\Crypt\Key\Derivation\ScryptTest::testVectorScrypt
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'d33c6ec1818daaf728f55afadfeaa558b38efa81305b3521a7f12f4be097e84d184092d2a2e93bf71fd1efe052710f66b956ce45da43aa9099de7406d3a05e2a'
+'caf1c85d0594b50d3ad3b16de5fcda6e5b814fa32bf16bdbd5b43e60af6b227f8496a2a619338c13a996a24d0d8e6bb014e499ba00823121524939f66b4f1c35'
/builddir/build/BUILD/zend-crypt-514cef5556bac069e36c2cbded40e529b86bb3f2/test/Key/Derivation/ScryptTest.php:142

P.S. arm is quite common on low cost devices (ex: raspberry pi)

https://github.com/paragonie/sodium_compat#cryptography-primitives-provided

Zend\Crypt users interested in modern ECC may want to see sodium_compat adopted in the near future. In particular, public-key encryption via ParagonIE_Sodium_Compat::crypto_box_seal() and digital signatures via ParagonIE_Sodium_Compat::crypto_sign_detached().

I would, however, wait until sodium_compat has been audited first: https://github.com/paragonie/sodium_compat/issues/8