sodium_crypto_stream - PHP code example

PHP Function Sodium_Crypto_Stream

php function sodium_crypto_stream is a cryptography library based on libsodium, providing high performance, easy to use cryptography. This library supports a variety of functions such as encrypting/decrypting data, authenticating messages and generating MACs. It also provides a framework for more advanced crypto abstractions.

libsodium enables a number of security-enhancing features, such as inline encryption/decryption and buffer reuse. It also offers a secure hashing algorithm, called blowfish. This hash is designed as a solid alternative to the older DES standard. When used with the crypt() function, it requires a salt to prevent a brute force attack and provides better protection than the default md5 hash.

The crypt() function in PHP supports the IETF ChaCha20-Poly1305 construction for encrypting text. However, this construction can only encrypt a limited number of bytes because it does not protect against chosen-ciphertext attacks. It is recommended that you combine the ciphertext with a Message Authentication Code, such as sodium_crypto_aead_chacha20poly1305_ietf_encrypt(), in order to improve the security of your message.

Another libsodium function, sodium_crypto_stream_chacha20_ietf_xor_ic (), is a cipher that expands the key and nonce into a keystream of pseudorandom bytes. This stream can then be XORed with the plaintext to create a ciphertext that can't be reversed. This cipher is IETF-standard and is recommended for use in secure communication. However, if you want to be more secure than this, you should use a more advanced cipher, such as sodium_crypto_stream_chacha20_ietf_xor_ic(salt, key, nonce). Then, only the plaintext can be guessed by attackers.

sodium_crypto_stream example

ParagonIE_Sodium_Core_Util::declareScalarType($key, 'string', 3);

        /* Input validation: */
        if (ParagonIE_Sodium_Core_Util::strlen($nonce) !== self::CRYPTO_STREAM_NONCEBYTES) {
            throw new SodiumException('Argument 2 must be CRYPTO_SECRETBOX_NONCEBYTES long.');
        }
        if (ParagonIE_Sodium_Core_Util::strlen($key) !== self::CRYPTO_STREAM_KEYBYTES) {
            throw new SodiumException('Argument 3 must be CRYPTO_STREAM_KEYBYTES long.');
        }

        if (self::useNewSodiumAPI()) {
            return sodium_crypto_stream($len, $nonce, $key);
        }
        if (self::use_fallback('crypto_stream')) {
            return (string) call_user_func('\\Sodium\\crypto_stream', $len, $nonce, $key);
        }
        if (PHP_INT_SIZE === 4) {
            return ParagonIE_Sodium_Core32_XSalsa20::xsalsa20($len, $nonce, $key);
        }
        return ParagonIE_Sodium_Core_XSalsa20::xsalsa20($len, $nonce, $key);
    }

    /** * DANGER! UNAUTHENTICATED ENCRYPTION! * * Unless you are following expert advice, do not use this feature. * * Algorithm: XSalsa20 * * This DOES NOT provide ciphertext integrity. * * @param string $message Plaintext message * @param string $nonce Number to be used Once; must be 24 bytes * @param string $key Encryption key * @return string Encrypted text which is vulnerable to chosen- * ciphertext attacks unless you implement some * other mitigation to the ciphertext (i.e. * Encrypt then MAC) * @throws SodiumException * @throws TypeError * @psalm-suppress MixedArgument */