The Sodium crypto library of PHP 7.2 (PHP Day 2018)
5 likes2,255 views
The document provides an overview of the Sodium crypto library introduced in PHP 7.2, covering its features such as encryption, authentication, digital signatures, and secure password storage. It discusses cryptographic principles, potential vulnerabilities like side-channel attacks, and includes various code examples demonstrating how to implement these features in PHP. Additionally, it highlights the library's compatibility with functions and algorithms that enhance secure data handling in applications.
![5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018
https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 9/40
© 2018 Rogue Wave Software, Inc. All Rights Reserved.
EXAMPLEINPHPEXAMPLEINPHP
function compare(string $expected, string $actual): bool
{
$lenExpected = strlen($expected);
$lenActual = strlen($actual);
if ($lenExpected !== $lenActual) {
return false;
}
for($i=0; $i < $lenActual; $i++) {
if ($expected[$i] !== $actual[$i]) {
return false;
}
}
return true;
}](https://image.slidesharecdn.com/sodiumslidesphpday2018-180528151057/85/The-Sodium-crypto-library-of-PHP-7-2-PHP-Day-2018-9-320.jpg)
![5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018
https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 10/40
© 2018 Rogue Wave Software, Inc. All Rights Reserved.
PREVENTTIMINGATTACK*PREVENTTIMINGATTACK*
* constant-time comparison
function compare(string $expected, string $actual): bool
{
$lenExpected = strlen($expected);
$lenActual = strlen($actual);
$len = min($lenExpected, $lenActual);
$result = 0;
for ($i = 0; $i < $len; $i++) {
$result |= ord($expected[$i]) ^ ord($actual[$i]);
}
$result |= $lenExpected ^ $lenActual;
return ($result === 0);
}](https://image.slidesharecdn.com/sodiumslidesphpday2018-180528151057/85/The-Sodium-crypto-library-of-PHP-7-2-PHP-Day-2018-10-320.jpg)
The Sodium crypto library of PHP 7.2 (PHP Day 2018)
- 1. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 1/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. THESODIUMCRYPTOLIBRARYTHESODIUMCRYPTOLIBRARY OFPHP7.2OFPHP7.2 by Senior Software Engineer , Verona (Italy), May 12 Enrico Zimuel Rogue Wave Software, Inc. phpDay 2018
- 2. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 2/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ABOUTMEABOUTME Developer since 1996 Senior Software Engineer at Inc. Core team of , and and international speaker Research Programmer at Co-founder of (Italy) Rogue Wave Software Apigility Expressive Zend Framework TEDx Amsterdam University PUG Torino
- 3. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 3/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. OVERVIEWOVERVIEW NaCl/Sodium libraries Elliptic Curve Cryptography Sodium in PHP 7.2: 1. Encrypt with a shared-key 2. Authenticate with a shared-key 3. Sending secret messages 4. Digital signature 5. AEAD AES-GCM 6. Store passwords safely 7. Derive a key from a user's password
- 4. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 4/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. CRYPTOGRAPHYCRYPTOGRAPHY Cryptography is hard. Hard to design, hard to implement, hard to use, and hard to get right.
- 5. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 5/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. NACLNACL NaCl: Networking and Cryptography library High-speed software library for network communication, encryption, decryption, signatures, etc by Prof. , and Highly-secure primitives and constructions, implemented with extreme care to avoid Daniel J. Bernstein others side-channel attacks
- 6. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 6/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SIDE-CHANNELATTACKSIDE-CHANNELATTACK Attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself
- 7. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 7/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. DECODERSAKEYUSINGPOWERANALYSISDECODERSAKEYUSINGPOWERANALYSIS Source: Protecting Against Side-Channel Attacks with an Ultra-Low Power Processor
- 8. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 8/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. TIMINGATTACKTIMINGATTACK An attacker measures the CPU time to perform some procedures involving a secret (e.g. encryption key). If this time depends on the secret, the attacker may be able to deduce information about the secret.
- 9. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 9/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLEINPHPEXAMPLEINPHP function compare(string $expected, string $actual): bool { $lenExpected = strlen($expected); $lenActual = strlen($actual); if ($lenExpected !== $lenActual) { return false; } for($i=0; $i < $lenActual; $i++) { if ($expected[$i] !== $actual[$i]) { return false; } } return true; }
- 10. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 10/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. PREVENTTIMINGATTACK*PREVENTTIMINGATTACK* * constant-time comparison function compare(string $expected, string $actual): bool { $lenExpected = strlen($expected); $lenActual = strlen($actual); $len = min($lenExpected, $lenActual); $result = 0; for ($i = 0; $i < $len; $i++) { $result |= ord($expected[$i]) ^ ord($actual[$i]); } $result |= $lenExpected ^ $lenActual; return ($result === 0); }
- 11. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 11/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. BESTTIMINGATTACKBESTTIMINGATTACK In 2006 Adi Shamir, Eran Tromer, and Dag Arne Osvik used a timing attack to discover, in 65 milliseconds, the secret key used in widely deployed software for hard- disk encryption. Source: Cache Attacks and Countermeasures: the Case of AES
- 12. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 12/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SODIUMCRYPTOLIBRARYSODIUMCRYPTOLIBRARY
- 13. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 13/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SODIUMSODIUM Sodium (libsodium) is a fork of NaCl A portable, cross-compilable, installable, packageable, API-compatible version of NaCl Same implementations of crypto primitives as NaCl Shared library and a standard set of headers (portable implementation) O cial web site: libsodium.org
- 14. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 14/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. FEATURESFEATURES Authenticated public-key and authenticated shared- key encryption Public-key and shared-key signatures Hashing Keyed hashes for short messages Secure pseudo-random numbers generation
- 15. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 15/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ALGORITHMSINSODIUMALGORITHMSINSODIUM Di e–Hellman key-exchange function , stream ciphers message-authentication code public-key signature system , password hashing authenticated encryption algorithm Curve25519 Salsa20 ChaCha20 Poly1305 Ed25519 Argon2 Scrypt AES-GCM
- 16. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 16/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ELLIPTICCURVESELLIPTICCURVES
- 17. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 17/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ELLIPTICCURVESELLIPTICCURVES = + ax + by 2 x 3
- 18. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 18/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ADD2POINTSADD2POINTS A + B = C, A + C = D, A + D = E
- 19. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 19/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SCALARMULTIPLICATIONSCALARMULTIPLICATION Given and nd such that is hard P + P = 2P P Q k Q = kP
- 20. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 20/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved.
- 21. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 21/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SODIUMINPHPSODIUMINPHP Available (as standard library) from PHP 7.2 PECL extension ( ) for PHP 7.0/7.1 85 functions with pre x sodium_ e.g. sodium_crypto_box_keypair() libsodium
- 22. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 22/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE1:EXAMPLE1: ENCRYPTWITHASHARED-KEYENCRYPTWITHASHARED-KEY
- 23. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 23/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SYMMETRICENCRYPTIONSYMMETRICENCRYPTION Note: the encryption is always authenticated, you need to store also nonce + ciphertext Algorithms: to encrypt and for MAC $msg = 'This is a super secret message!'; // Generating an encryption key and a nonce $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // 256 bit $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES); // 24 bytes // Encrypt $ciphertext = sodium_crypto_secretbox($msg, $nonce, $key); // Decrypt $plaintext = sodium_crypto_secretbox_open($ciphertext, $nonce, $key); echo $plaintext === $msg ? 'Success' : 'Error'; XSalsa20 Poly1305
- 24. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 24/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE2:EXAMPLE2: AUTHENTICATEWITHASHARED-KEYAUTHENTICATEWITHASHARED-KEY
- 25. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 25/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. SYMMETRICAUTHENTICATIONSYMMETRICAUTHENTICATION Note: the message is not encrypted Algorithm: $msg = 'This is the message to authenticate!'; $key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES); // 256 bit // Generate the Message Authentication Code $mac = sodium_crypto_auth($msg, $key); // Altering $mac or $msg, verification will fail echo sodium_crypto_auth_verify($mac, $msg, $key) ? 'Success' : 'Error'; HMAC-SHA512
- 26. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 26/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE3:EXAMPLE3: SENDINGSECRETMESSAGESSENDINGSECRETMESSAGES
- 27. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 27/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. PUBLIC-KEYENCRYPTIONPUBLIC-KEYENCRYPTION Note: it provides con dentiality, integrity and non-repudiation Algorithms: to encrypt, for MAC, and for key exchange $aliceKeypair = sodium_crypto_box_keypair(); $alicePublicKey = sodium_crypto_box_publickey($aliceKeypair); $aliceSecretKey = sodium_crypto_box_secretkey($aliceKeypair); $bobKeypair = sodium_crypto_box_keypair(); $bobPublicKey = sodium_crypto_box_publickey($bobKeypair); // 32 bytes $bobSecretKey = sodium_crypto_box_secretkey($bobKeypair); // 32 bytes $msg = 'Hi Bob, this is Alice!'; $nonce = random_bytes(SODIUM_CRYPTO_BOX_NONCEBYTES); // 24 bytes $keyEncrypt = $aliceSecretKey . $bobPublicKey; $ciphertext = sodium_crypto_box($msg, $nonce, $keyEncrypt); $keyDecrypt = $bobSecretKey . $alicePublicKey; $plaintext = sodium_crypto_box_open($ciphertext, $nonce, $keyDecrypt); echo $plaintext === $msg ? 'Success' : 'Error'; XSalsa20 Poly1305 XS25519
- 28. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 28/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE4:EXAMPLE4: DIGITALSIGNATUREDIGITALSIGNATURE
- 29. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 29/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. DIGITALSIGNATUREDIGITALSIGNATURE Note: the message is not encrypted, signedMsg includes signature + msg Algorithm: $keypair = sodium_crypto_sign_keypair(); $publicKey = sodium_crypto_sign_publickey($keypair); // 32 bytes $secretKey = sodium_crypto_sign_secretkey($keypair); // 64 bytes $msg = 'This message is from Alice'; // Sign a message $signedMsg = sodium_crypto_sign($msg, $secretKey); // Or generate only the signature (detached mode) $signature = sodium_crypto_sign_detached($msg, $secretKey); // 64 bytes // Verify the signed message $original = sodium_crypto_sign_open($signedMsg, $publicKey); echo $original === $msg ? 'Signed msg ok' : 'Error signed msg'; // Verify the signature echo sodium_crypto_sign_verify_detached($signature, $msg, $publicKey) ? 'Signature ok' : 'Error signature'; Ed25519
- 30. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 30/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE5:EXAMPLE5: AES-GCMAES-GCM
- 31. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 31/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. AEADAES-256-GCMAEADAES-256-GCM Note: you need to store also ad and nonce + ciphertext if (! sodium_crypto_aead_aes256gcm_is_available()) { throw new Exception("AES-GCM is not supported on this platform"); } $msg = 'Super secret message!'; $key = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES); $nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES); // AEAD encryption $ad = 'Additional public data'; $ciphertext = sodium_crypto_aead_aes256gcm_encrypt( $msg, $ad, $nonce, $key ); // AEAD decryption $decrypted = sodium_crypto_aead_aes256gcm_decrypt( $ciphertext,
- 32. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 32/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE6:EXAMPLE6: STOREPASSWORDSSAFELYSTOREPASSWORDSSAFELY
- 33. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 33/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ARGON2IARGON2I An example of Argon2i hash: $password = 'password'; $hash = sodium_crypto_pwhash_str( $password, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE ); // 97 bytes echo sodium_crypto_pwhash_str_verify($hash, $password) ? 'OK' : 'Error'; $argon2id$v=19$m=65536,t=2,p=1$EF1BpShRmCYHN7ryxlhtBg$zLZO4IWjx3E...
- 34. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 34/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. ARGON2INPHP7.2ARGON2INPHP7.2 Comparing with Sodium: Note: password_hash() is not compatible with sodium_crypto_pwhash_str() $password = 'password'; // Argon2i without Sodium $hash = password_hash($password, PASSWORD_ARGON2I); // 95 bytes echo password_verify($password, $hash) ? 'OK' : 'Error'; $argon2id$v=19$m=65536,t=2,p=1$EF1BpShRmCYH... // 97 bytes, Sodium $argon2i$v=19$m=1024,t=2,p=2$Y3pweEtMdS82SG... // 95 bytes, PHP
- 35. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 35/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. EXAMPLE7:EXAMPLE7: DERIVEAKEYFROMAUSER'SPASSWORDDERIVEAKEYFROMAUSER'SPASSWORD
- 36. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 36/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. PASSWORDAREBADPASSWORDAREBAD Not random Predictable (most of the time) Only a subset of ASCII codes (typically vs ) Never use it as encryption/authentication key! Use KDF to derive a key from a password 68 256
- 37. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 37/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. DERIVEAKEYUSINGARGON2IDERIVEAKEYUSINGARGON2I Example: generating a binary key of 32 bytes Note: you need to store also the salt to generate the same key from password $password = 'password'; $salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES); $key = sodium_crypto_pwhash( 32, $password, $salt, SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE, SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE );
- 38. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 38/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. UTILITYINSODIUMUTILITYINSODIUM Wiping Sensitive Data from Memory: Hex2bin / Bin2Hex: Constant-time string comparison: sodium_memzero(&$secret) sodium_hex2bin(string $hex, string $ignore = ' sodium_bin2hex(string $bin) sodium_compare(string $str1, string $str2)
- 39. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 39/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. REFERENCESREFERENCES D.J. Bernstein, T.Lange, and P.Schwabe, , Lecture Notes in Computer Science 7533, Springer, 2012. ISBN 978-3-642-33480-1 Daniel J. Bernstein, OpenDNS Security Research, , March 6, 2013 D.A. Osvik, A.Shamir, E.Tromer, , Lecture Notes in Computer Science, vol 3860. Springer, 2006 Anthony Ferrara, , 2014 Eric Sesterhenn, , 2017 Angela Raucher, , Synopsys Willy Raedy, , Full Stack Academy of Code Scott Arciszewski, , Paragonie, 2017 The security impact of a new cryptographic library Cryptography in NaCl Introducing Sodium, a new cryptographic library Cache Attacks and Countermeasures: the Case of AES It's All About Time Benchmarking memcmp() for timing attacks Protecting Against Side-Channel Attacks with an Ultra-Low Power Processor Elliptic Curve Cryptography Tutorial Libsodium Quick Reference
- 40. 5/14/2018 The Sodium crypto library of PHP 7.2 - phpDay 2018 https://www.zimuel.it/slides/phpday2018/sodium?print-pdf#/ 40/40 © 2018 Rogue Wave Software, Inc. All Rights Reserved. THANKS!THANKS! Rate this talk at This work is licensed under a . I used to make this presentation. joind.in/talk/5769a Creative Commons Attribution-ShareAlike 3.0 Unported License reveal.js