Skip to end of metadata
Go to start of metadata
You are viewing an old version of this page. View the current version. Compare with Current  |   View Page History

<ac:macro ac:name="unmigrated-inline-wiki-markup"><ac:plain-text-body><![CDATA[

Zend Framework: Zend_Crypt Component Proposal

Proposed Component Name Zend_Crypt
Developer Notes
Proposers Pádraic Brady
Dmitry Stogov, Zend liaison
Revision 1.1 - 12 September 2007 (wiki revision: 6)

Table of Contents

1. Overview

The purpose of Zend_Crypt is to offer PHP5 implemented cryptographic and encryption algorithms for use by other components (e.g. Zend_Mail, Zend_OpenId) and application developers themselves. In proposing Zend_Crypt, a primary goal is to reduce reliance on disparate implementations within the framework by offering very flexible implementations which will utilise available PHP5 core extensions. This reduces duplication and centralises maintenance of essential core cryptographic algorithms.

The two initial Zend_Crypt implementations of the Hashed Message Authentication Code (HMAC; RFC 2104) and Diffie-Hellman Key Exchange (DH; RFC 2631) are proposed first since they are required algorithms of the OpenID 2.0 Authentication Specification which is being implemented as Zend_OpenId. Others will follow should the proposal be accepted.

A base Zend_Crypt class will additionally collate static methods for common tasks such as hashing and random number generation which may rely on more than one PHP extensions or functions.

2. References

Related PEAR proposals for PHP5/PEAR2

RFC References

3. Component Requirements, Constraints, and Acceptance Criteria

  • Must be accompanied by comprehensive unit tests reflecting any RFCs which illustrate a testing framework
  • Must implement Hashed Message Authentication Code (RFC2104)
  • Must implement Diffie-Hellman Key Exchange (RFC2631)
  • Must implement Math methods for enabling big integer (> 32 bit) support and methods for transforming big integer strings to binary forms, and vice versa.
  • Must contain ability to use future ext/openssl support for Diffie-Hellman computations.

4. Dependencies on Other Framework Components

  • Zend_Exception

5. Theory of Operation

Zend_Crypt will form a collection of cryptographic and encryption classes. As such each component can be used in isolation, or to perform aggregate operations (e.g. using Diffie-Hellman to negotiate an HMAC). Operation is intended to be flexible, with support for input and output (where warranted) forms like big integers and binary. General purpose static methods will be contained in a base Zend_Crypt class.

Part of each class's responsibility will be to implement each algorithm with support for a range of PHP extensions. This will increase support coverage for all PHP5.1+ versions where arbritrary precision math and hashing extensions may vary widely. At a minimum support for ext/hash, ext/mhash, ext/bcmath, ext/openssl (from PHP 5.3) and ext/gmp will be implemented.

Please refer to Use Cases for additional API overviews.

6. Milestones / Tasks

  • Milestone 1: Implement Hashed-Message-Authentication-Code (HMAC) and Diffie-Hellman-Key-Exchange (DH)
  • Milestone 2: Verify operation using Unit Tests based on RFC test examples and which test both standard and binary output.
  • Milestone 3: Documentation

7. Class Index

  • Zend_Crypt
  • Zend_Crypt_Hmac
  • Zend_Crypt_DiffieHellman
  • Zend_Crypt_Math

8. Use Cases

  • All use cases take the form of Unit Tests*
  • Zend_Crypt_Hmac *

Please note that these simple Unit Tests are matched with far more realistic tests using big integers. The above are simple test cases used for illustrative purposes. HMAC tests in particular follow an RFC which defines the test data and expected results.

  • Zend_Crypt_DiffieHellman *

Diffie-Hellman Key Exchange involved two parties, communicating across an insecure communication channel, negotiating a shared secret key which cannot be guessed or reverse engineered by a third party. If it looks a bit unintuitive - bear in mind the private keys are never exchanged. Without the private keys, a third party can have every single piece of data but remain unable to re-perform the shared key computation.

Please note that these simple Unit Tests are matched with far more realistic tests using big integers. The above are simple test cases used for illustrative purposes.

9. Class Skeletons




Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.