AES-256-GCM 在 M1 Macbook 上的 PHP ext-sodium 中不可用

Question

Recently at work we've had a new hire to work on a project of ours that utilizes AES-256-GCM encryption and decryption via PHP's sodium extension. Since we all use Macbooks, the new employee received a 2020 Macbook Pro with M1 chip.

The first attempt at getting the aforementioned project up and running was using a HomeBrew setup, which runs the following components:

• Apache 2.4
• PHP 7.4
• MySQL 5.7

We quickly noticed that sodium_crypto_aead_aes256gcm_is_available() was returning false in our code, indicating that AES-256-GCM was not supported by the hardware of the Macbook. Running openssl list-cipher-algorithms | grep "GCM" openssl list-cipher-algorithms | grep "GCM" on the other hand gave us this list:

id-aes128-GCM
id-aes192-GCM
id-aes256-GCM
id-aes128-GCM
id-aes192-GCM
id-aes256-GCM

Running openssl speed -elapsed -evp aes-256-gcm also returned the expected output, so openssl seems to have access/is able to use it.

You have chosen to measure elapsed time instead of user CPU time.
Doing aes-256-gcm for 3s on 16 size blocks: 26616041 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 64 size blocks: 6757776 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 256 size blocks: 1647975 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 1024 size blocks: 411604 aes-256-gcm's in 3.00s
Doing aes-256-gcm for 3s on 8192 size blocks: 51239 aes-256-gcm's in 3.00s
LibreSSL 2.8.3
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available

The second attempt using the dockerized version of the project yields the same results and also claims AES-256-GCM with AEAD is unsupported by the hardware, which was to be expected since it runs on the same host hardware. This was done using the official PHP 7.4 image from Dockerhub.

Are there any known issues regarding the combination of M1 chips, AES-256-GCM using (lib)sodium and PHP? We've spent several days scouring here and on the support boards, but this combination seems to be quite niche. For now I've recommended that every developer remains on Intel based Macbooks, since everything works out of the box on that platform.

So far we already checked the following:

• ext-sodium enabled in PHP? yes
• does it work on Intel based Macbook Pro using HomeBrew? yes
• does it work on Intel based Macbook Pro using Docker (compose)? yes
• does OpenSSL support AES-256-GCM? yes

Answer 1

After further inquiry on the Apple support forums, they pointed me into the direction of ARM hardware acceleration support not fully being present in libsodium. A GitHub issue titled Support for AES and GCM instructions on ARM processors #363 further indicates that there do not seem immediate plans to do this any time soon, seeing as the issue was opened in 2016 and abruptly closed in 2018.

For the time being I recommend using OpenSSL for AES-256-GCM if anywhere down the line your project will be developed or will run on ARM architecture. They seem to have implemented hardware acceleration for ARM environments.