Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt Component Proposal

Proposed Component Name Zend_Crypt
Developer Notes http://framework.zend.com/wiki/display/ZFDEV/Zend_Crypt
Proposers Pádraic Brady
Dmitry Stogov, Zend liaison
Revision 1.0 - 13 July 2007 (wiki revision: 4)

Table of Contents

1. Overview

The purpose of Zend_Crypt is to offer PHP5 implemented cryptographic and encryption algorithms for use by other components (e.g. Zend_Mail, Zend_OpenId) and application developers themselves. In proposing Zend_Crypt, a primary goal is to reduce reliance on disparate implementations within the framework by offering very flexible implementations which will utilise available PHP5 core extensions. This reduces duplication and centralises maintenance of essential core cryptographic algorithms.

The two initial Zend_Crypt implementations of the Hashed Message Authentication Code (HMAC; RFC 2104) and Diffie-Hellman Key Exchange (DH; RFC 2631) are proposed first since they are required algorithms of the OpenID 2.0 Authentication Specification. Others will follow should the proposal be accepted.

2. References

Related PEAR proposals for PHP5/PEAR2

RFC References

3. Component Requirements, Constraints, and Acceptance Criteria

  • Must be accompanied by comprehensive unit tests reflecting any RFCs which illustrate a testing framework
  • Must implement Hashed Message Authentication Code (RFC2104)
  • Must implement Diffie-Hellman Key Exchange (RFC2631)
  • Must implement Math methods for enabling big integer (> 32 bit) support and methods for transforming big integer strings to binary forms, and vice versa.

4. Dependencies on Other Framework Components

  • Zend_Crypt_Math
  • Zend_Exception

5. Theory of Operation

Zend_Crypt will be a collection of cryptographic and encryption classes. As such each component can be used in isolation, or to perform aggregate operations (e.g. using Diffie-Hellman to negotiate an HMAC). Operation is intended to be flexible, with support for input and output (where warranted) forms like big integers and binary.

Please refer to Use Cases for additional API overviews.

6. Milestones / Tasks

  • Milestone 1: Implement Hashed-Message-Authentication-Code (HMAC) and Diffie-Hellman-Key-Exchange (DH)
  • Milestone 2: Verify operation using Unit Tests based on RFC test examples and which test both standard and binary output.
  • Milestone 3: Documentation

7. Class Index

  • Zend_Crypt_Hmac
  • Zend_Crypt_DiffieHellman
  • Zend_Crypt_Math

8. Use Cases

  • All use cases take the form of Unit Tests*
  • Zend_Crypt_Hmac *

Please note that these simple Unit Tests are matched with far more realistic tests using big integers. The above are simple test cases used for illustrative purposes.

  • Zend_Crypt_DiffieHellman *

Diffie-Hellman Key Exchange involved two parties, communicating across an insecure communication channel, negotiating a shared secret key which cannot be guessed or reverse engineered by a third party. If it looks a bit unintuitive - bear in mind the private keys are never exchanged. Without the private keys, a third party can have every single piece of data but remain unable to re-perform the shared key computation.

Please note that these simple Unit Tests are matched with far more realistic tests using big integers. The above are simple test cases used for illustrative purposes.

9. Class Skeletons

Zend_Crypt_Hmac

Zend_Crypt_DiffieHellman

]]></ac:plain-text-body></ac:macro>

Labels:
None
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.