Collaboration diagram for CryptHKDF:

[legend]

Public Member Functions
	__construct ( $secretKeyMaterial, $algorithm, BagOStuff $cache, $context)

	__destruct ()
	Save the last block generated, so the next user will compute a different PRK from the same SKM.

	generate ( $bytes, $context='')
	Produce $bytes of secure random data.

Static Public Member Functions
static	HKDF ( $hash, $ikm, $salt, $info, $L)
	RFC5869 defines HKDF in 2 steps, extraction and expansion.

Static Public Attributes
static int[]	$hashLength
	Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.

Protected Member Functions
	getSaltUsingCache ()
	MW specific salt, cached from last run.

Protected Attributes
string	$algorithm = null
	The hash algorithm being used.

BagOStuff	$cache = null
	The persistent cache.

string	$cacheKey = null
	Cache key we'll use for our salt.

array	$context = []
	a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1

string	$lastK
	The last block (K(i)) of the most recent expanded key.

string	$salt = ''
	binary string, the salt for the HKDF

Detailed Description

Definition at line 33 of file CryptHKDF.php.

Constructor & Destructor Documentation

◆ __construct()

CryptHKDF::__construct	(		$secretKeyMaterial,
			$algorithm,
		BagOStuff	$cache,
			$context )

Parameters

string	$secretKeyMaterial
string	$algorithm	Name of hashing algorithm
BagOStuff	$cache
string \| array	$context	Context to mix into HKDF context

Exceptions

InvalidArgumentException if secret key material is too short

Definition at line 109 of file CryptHKDF.php.

References BagOStuff\makeKey().

◆ __destruct()

CryptHKDF::__destruct ( )

Save the last block generated, so the next user will compute a different PRK from the same SKM.

This should keep things unpredictable even if an attacker is able to influence CTXinfo.

Definition at line 129 of file CryptHKDF.php.

Member Function Documentation

◆ generate()

CryptHKDF::generate	(		$bytes,
			$context = '' )

Produce $bytes of secure random data.

As a side-effect, $this->lastK is set to the last hashLen block of key material.

Parameters

int	$bytes	Number of bytes of data
string	$context	Context to mix into CTXinfo

Returns: string Binary string of length $bytes

Definition at line 165 of file CryptHKDF.php.

References getSaltUsingCache().

◆ getSaltUsingCache()

CryptHKDF::getSaltUsingCache ( )

protected

MW specific salt, cached from last run.

Returns: string Binary string

Definition at line 139 of file CryptHKDF.php.

Referenced by generate().

◆ HKDF()

static CryptHKDF::HKDF	(	$hash,
		$ikm,
		$salt,
		$info,
		$L )

static

RFC5869 defines HKDF in 2 steps, extraction and expansion.

From http://eprint.iacr.org/2010/264.pdf:

The scheme HKDF is specified as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.

XTS is the "extractor salt" SKM is the "secret keying material"

N.B. http://eprint.iacr.org/2010/264.pdf seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)

Parameters

string	$hash	The hashing function to use (e.g., sha256)
string	$ikm	The input keying material
string	$salt	The salt to add to the ikm, to get the prk
string	$info	Optional context (change the output without affecting the randomness properties of the output)
int	$L	Number of bytes to return

Returns: string Cryptographically secure pseudorandom binary string

Definition at line 215 of file CryptHKDF.php.

Member Data Documentation

◆ $algorithm

string CryptHKDF::$algorithm = null

protected

The hash algorithm being used.

Definition at line 48 of file CryptHKDF.php.

◆ $cache

BagOStuff CryptHKDF::$cache = null

protected

The persistent cache.

Definition at line 38 of file CryptHKDF.php.

◆ $cacheKey

string CryptHKDF::$cacheKey = null

protected

Cache key we'll use for our salt.

Definition at line 43 of file CryptHKDF.php.

◆ $context

array CryptHKDF::$context = []

protected

a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1

Definition at line 80 of file CryptHKDF.php.

◆ $hashLength

int [] CryptHKDF::$hashLength

static

Initial value:

= [
        'md5' => 16,
        'sha1' => 20,
        'sha224' => 28,
        'sha256' => 32,
        'sha384' => 48,
        'sha512' => 64,
        'ripemd128' => 16,
        'ripemd160' => 20,
        'ripemd256' => 32,
        'ripemd320' => 40,
        'whirlpool' => 64,
    ]

Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.

Definition at line 88 of file CryptHKDF.php.

◆ $lastK

string CryptHKDF::$lastK

protected

The last block (K(i)) of the most recent expanded key.

Definition at line 72 of file CryptHKDF.php.

◆ $salt

string CryptHKDF::$salt = ''

protected

binary string, the salt for the HKDF

See also: getSaltUsingCache

Definition at line 54 of file CryptHKDF.php.

The documentation for this class was generated from the following file:

includes/libs/CryptHKDF.php

Public Member Functions

Static Public Member Functions

Static Public Attributes

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

◆ __destruct()

Member Function Documentation

◆ generate()

◆ getSaltUsingCache()

◆ HKDF()

Member Data Documentation

◆ $algorithm

◆ $cache

◆ $cacheKey

◆ $context

◆ $hashLength

◆ $lastK

◆ $salt