Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: wblommaert
wblommaert Author
User level: Level 1
8 points

PHP development on Apple Silicon and AES-256-GCM encryption

Hi,


I also asked this question on StackOverflow but nobody seems to know, so I'm hoping someone here can shed some light.


Recently at work we've had a new hire to work on a project of ours that utilizes AES-256-GCM encryption and decryption via PHP's sodium extension. Since we all use Macbooks, the new employee received a 2020 Macbook Air with M1 chip running macOS Big Sur.


The first attempt at getting the aforementioned project up and running was using a HomeBrew setup, which runs the following components:

  • Apache 2.4
  • PHP 7.4
  • MySQL 5.7


We quickly noticed that sodium_crypto_aead_aes256gcm_is_available() was returning false in our PHP code, indicating that AES-256-GCM was not supported by the hardware of the Macbook. Running openssl list-cipher-algorithms | grep "GCM" on the other hand gave us this list:


id-aes128-GCM
id-aes192-GCM
id-aes256-GCM
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM


Running openssl speed -elapsed -evp aes-256-gcm also returned the expected output, so openssl seems to have access/is able to use it.


You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 26616041 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 6757776 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 1647975 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 411604 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 51239 aes-256-gcm's in 3.00s
LibreSSL 2.8.3
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available


The second attempt using the dockerized version of the project yields the same results and also claims AES-256-GCM with AEAD is unsupported by the hardware, which was to be expected since it runs on the same host hardware. This was done using the official PHP 7.4 image from Dockerhub.


Are there any known issues regarding the combination of M1 chips, AES-256-GCM using (lib)sodium and PHP? We've spent several days scouring here and on the support boards, but this combination seems to be quite niche. For now I've recommended that every developer remains on Intel based Macbooks, since everything works out of the box on that platform.

MacBook Air (2020 or later)

Posted on Jul 3, 2021 4:26 AM

Reply
Question marked as Best reply
User profile for user: etresoft
etresoft
User level: Level 8
47,060 points

Posted on Jul 3, 2021 2:49 PM

wblommaert wrote:

So basically we'll be dead in the water when trying to use libsodium in PHP on Apple Silicon and I guess other ARM based architectures like a Raspberry Pi, until they (libsodium) finally implement hardware acceleration specifically for ARM?

That's what it looks like.

Unfortunately the sodium extension in PHP is preferred over the openssl extension, so we've been locked into using that specific extension and its provided functionality.

Always a bad idea to get yourself locked into something.

I suppose my recommendation at work to stick with Intel based Macbooks for the time being wasn't entirely a bad call for this project specifically then.

I would agree with that recommendation, but only as a short-term solution. I found this bug report from early 2016 that was closed with no action in 2019. People who have commented on it have even included a link to a public domain implementation of the algorithm from a pretty reputable source.


At this point, it is a pretty safe guess that libsodium will still not have support for this algorithm when you are no longer able to buy new Intel Macs. What are your plans then? Switch to PCs? Switch to OpenSSL? Move away from PHP? If you eventually wind up being a PC-only, PHP shop, you might not have to worry too much about hiring new employees. 😄

View in context

Similar questions

4 replies
Question marked as Best reply
User profile for user: etresoft
etresoft
User level: Level 8
47,060 points

Jul 3, 2021 2:49 PM in response to wblommaert

wblommaert wrote:

So basically we'll be dead in the water when trying to use libsodium in PHP on Apple Silicon and I guess other ARM based architectures like a Raspberry Pi, until they (libsodium) finally implement hardware acceleration specifically for ARM?

That's what it looks like.

Unfortunately the sodium extension in PHP is preferred over the openssl extension, so we've been locked into using that specific extension and its provided functionality.

Always a bad idea to get yourself locked into something.

I suppose my recommendation at work to stick with Intel based Macbooks for the time being wasn't entirely a bad call for this project specifically then.

I would agree with that recommendation, but only as a short-term solution. I found this bug report from early 2016 that was closed with no action in 2019. People who have commented on it have even included a link to a public domain implementation of the algorithm from a pretty reputable source.


At this point, it is a pretty safe guess that libsodium will still not have support for this algorithm when you are no longer able to buy new Intel Macs. What are your plans then? Switch to PCs? Switch to OpenSSL? Move away from PHP? If you eventually wind up being a PC-only, PHP shop, you might not have to worry too much about hiring new employees. 😄

Reply
User profile for user: wblommaert
wblommaert Author
User level: Level 1
8 points

Jul 3, 2021 10:59 AM in response to etresoft

Hi etresoft


Thanks for your reply! So basically we'll be dead in the water when trying to use libsodium in PHP on Apple Silicon and I guess other ARM based architectures like a Raspberry Pi, until they (libsodium) finally implement hardware acceleration specifically for ARM?


Unfortunately the sodium extension in PHP is preferred over the openssl extension, so we've been locked into using that specific extension and its provided functionality. I suppose my recommendation at work to stick with Intel based Macbooks for the time being wasn't entirely a bad call for this project specifically then.

Reply
User profile for user: wblommaert
wblommaert Author
User level: Level 1
8 points

Jul 3, 2021 3:16 PM in response to etresoft

The project right now is in a minimum viable product stage, so short-term solutions are alright for now. I found the same bug report while doing some research after reading your reply earlier today. It felt like, since it was closed without further follow-up, that for the time being they do not seem interested in providing the hardware acceleration that we would require to run libsodium on ARM based environments. Unfortunately the link provided in the issue on Github refers to something we have no experience in.


Regarding the fact the project is locked into the libsodium PHP-extension: I'll file a suggestion to look into alternatives or perhaps at least providing a fall-back solution that uses OpenSSL instead. Either way we'll be depending on something, so certain requirements for runtime environments will always be present.


Thanks for your insights and recommendations!

Reply

PHP development on Apple Silicon and AES-256-GCM encryption

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up