PHP development on Apple Silicon and AES-256-GCM encryption
Hi,
I also asked this question on StackOverflow but nobody seems to know, so I'm hoping someone here can shed some light.
Recently at work we've had a new hire to work on a project of ours that utilizes AES-256-GCM encryption and decryption via PHP's sodium extension. Since we all use Macbooks, the new employee received a 2020 Macbook Air with M1 chip running macOS Big Sur.
The first attempt at getting the aforementioned project up and running was using a HomeBrew setup, which runs the following components:
- Apache 2.4
- PHP 7.4
- MySQL 5.7
We quickly noticed that sodium_crypto_aead_aes256gcm_is_available() was returning false in our PHP code, indicating that AES-256-GCM was not supported by the hardware of the Macbook. Running openssl list-cipher-algorithms | grep "GCM" on the other hand gave us this list:
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM
Running openssl speed -elapsed -evp aes-256-gcm also returned the expected output, so openssl seems to have access/is able to use it.
You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 26616041 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 6757776 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 1647975 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 411604 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 51239 aes-256-gcm's in 3.00s
LibreSSL 2.8.3
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The second attempt using the dockerized version of the project yields the same results and also claims AES-256-GCM with AEAD is unsupported by the hardware, which was to be expected since it runs on the same host hardware. This was done using the official PHP 7.4 image from Dockerhub.
Are there any known issues regarding the combination of M1 chips, AES-256-GCM using (lib)sodium and PHP? We've spent several days scouring here and on the support boards, but this combination seems to be quite niche. For now I've recommended that every developer remains on Intel based Macbooks, since everything works out of the box on that platform.
MacBook Air (2020 or later)