halite icon indicating copy to clipboard operation
halite copied to clipboard
verified publisher icon paragonie

No sodium for 7.2

Open aolko opened this issue 8 years ago • 9 comments

apparently you don't need to apt install php7.2-sodium anymore https://github.com/oerdnj/deb.sury.org/issues/747

https://kinsta.com/blog/php-7-2/

Starting from version 7.2, PHP includes the Sodium library into the core.

aolko avatar Mar 02 '18 11:03 aolko

You need to because libsodium is considered an option on install. Travis CI does not include it in their images. So if you use the built in libsodium function without manually installing with the Travis configuration, errors would pop up saying undefined function.

https://github.com/travis-ci/travis-ci/issues/8863

On Fri, Mar 2, 2018, 6:37 AM aolko [email protected] wrote:

apparently you don't need to apt install php7.2-sodium anymore oerdnj/deb.sury.org#747 https://github.com/oerdnj/deb.sury.org/issues/747

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/paragonie/halite/issues/101, or mute the thread https://github.com/notifications/unsubscribe-auth/Ac5oMw99Lbw4BMBZbAkRJdkcxe1DDQS8ks5taS73gaJpZM4SZxZQ .

Nenglish7 avatar Mar 02 '18 13:03 Nenglish7

so that's the travis issue, otherwise this package is retired...at least for ondrej ppa (as linked in the first post)

aolko avatar Mar 03 '18 14:03 aolko

The OS needs to include libsodium with PHP 7.2. Failure to do so is a sign that your OS vendor is asleep at the wheel regarding the PHP community.

paragonie-scott avatar Mar 03 '18 15:03 paragonie-scott

~~For Ubuntu/Debian the package is php-libsodium.~~

Nevermind. Do not install php-libsodium since this actually conflicts with the libsodium included in PHP. PHP 7.2 requires the libsodium23 package on Ubuntu.

multiwebinc avatar May 09 '18 03:05 multiwebinc

does this make https://github.com/paragonie/halite/blob/master/doc/Install-Guides/Ubuntu.md redundant?

pavarnos avatar Feb 10 '19 22:02 pavarnos

When I use the Ubuntu 16.04, add the ondrej/php repository.

And try to find php7.2-sodium and php7.3-sodium and they've been removed.

My executed commands are as follows:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-cache search php7.2-sodium
sudo apt-cache search php7.3-sodium

And the result is nothing to be presented.

lee@PowerEdge-R730:~$ sudo apt-cache search php7.2-sodium
lee@PowerEdge-R730:~$ sudo apt-cache search php7.3-sodium
lee@PowerEdge-R730:~$

peter279k avatar Aug 27 '19 08:08 peter279k

What is the output of the following PHP script?

<?php
if (extension_loaded('sodium')) {
    $key = sodium_hex2bin('ba6d0a2309dc546d1131f4be04dfa14da9d7e8a5430f99b7446f4207405473d5');
    $nonce = sodium_hex2bin('94417152051bd43661f12dff58709b1566f052aba4fd7806');
    $c = sodium_hex2bin(
        'd2207e8651189c0b4d3a51d544f7811b51f899ca55a6dc0630e5c9dd262c34' . 
        'bb0af2fd248493899c3dfb007a2bc366faf300034a602bbe8b54d38df135dd' . 
        '2a70086f89c711e86d60e44ac1826909c4527c7f8cc55a3c4e45a79ae573da' . 
        '1c352ed618b3'
    );
    echo sodium_crypto_secretbox_open($c, $nonce, $key), PHP_EOL;
} else {
    echo 'Not loaded', PHP_EOL;
    exit(1);
}

paragonie-scott avatar Aug 27 '19 12:08 paragonie-scott

@paragonie-scott, thanks for your reply. The result is available here after executing the code snippets you mention:

And the test.php contains the code snippets you mention.

lee@PowerEdge-R730:~$ php -v
PHP 7.2.21-1+ubuntu18.04.1+deb.sury.org+1 (cli) (built: Aug  7 2019 09:53:51) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.2.21-1+ubuntu18.04.1+deb.sury.org+1, Copyright (c) 1999-2018, by Zend Technologies
    with Xdebug v2.7.2, Copyright (c) 2002-2019, by Derick Rethans
lee@PowerEdge-R730:~$ php test.php
PHP Fatal error:  Uncaught SodiumException: nonce size should be SODIUM_CRYPTO_SECRETBOX_NONCEBYTES bytes in /home/lee/test.php:11
Stack trace:
#0 /home/lee/test.php(11): sodium_crypto_secretbox_open()
#1 {main}
  thrown in /home/lee/test.php on line 11
lee@PowerEdge-R730:~$

Why? According to the sodium_crypto_secretbox_open function reference, it should be the sodium_crypto_secretbox_open ( string $ciphertext , string $nonce , string $key ) : string.

Your code snippets seem to be have the incorrect argument order. After exchanging the $nonce and $key, it presents following message:

lee@PowerEdge-R730:~$ php test.php
All is working as expected. Libsodium is installed in core, not a separate package.
lee@PowerEdge-R730:~$

peter279k avatar Aug 27 '19 13:08 peter279k

Sodium is installed in php7.2 just check with:

php -m | grep sodium
=> sodium

approached avatar Aug 14 '20 08:08 approached