The ext-sodium API exposes the following functions: * sodium_crypto_stream(int $len, string $nonce, string $key): string * sodium_crypto_stream_keygen(): string * sodium_crypto_stream_xor(string $message, string $nonce, string $key): string (And the new XChaCha variant landing in PHP 8.1, of course.) This is good for, like, 99% of the use cases for the crypto_stream API. However, there is a missed opportunity: Being able to seek arbitrary starting points in the XSalsa20 or XChaCha20 keystream when encrypting/decrypting data. The underlying libsodium API has a distinct feature for this: Functions with the _ic suffix <https://github.com/jedisct1/libsodium/blob/6d566070b48efd2fa099bbe9822914455150aba9/src/libsodium/crypto_stream/salsa20/ref/salsa20_ref.c#L64-L66> .. Let's add an optional integer argument to the following PHP functions: - sodium_crypto_stream_xor - sodium_crypto_stream_xchacha20_xor The only question I have is: Should this land in 8.1 (it's small and self-contained) or 8.2?
Development for 8.1 is already closed. You can only target this for 8.2
--GTM6K6x37UsxE2HZhQSt027k5rOhZ6txp Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Paragon Initiative Enterprises Security Team wrote on 9/2/21 15:25:> The only question I have is: Should this land in 8.1 (it's small and> self-contained) or 8.2? >=208.1 is in feature freeze. Since this is adding functionality, it needs to target 8.2. Cheers, Ben --GTM6K6x37UsxE2HZhQSt027k5rOhZ6txp--