REL1_27/php/MWCryptHKDF_8php_source.html

<?php


class MWCryptHKDF {


    protected static $singleton = null;


    protected $cache = null;


    protected $cacheKey = null;


    protected $algorithm = null;


    protected $salt;


    private $prk;


    private $skm;


    protected $lastK;


    protected $context = [];


    public static $hashLength = [

        'md5' => 16,

        'sha1' => 20,

        'sha224' => 28,

        'sha256' => 32,

        'sha384' => 48,

        'sha512' => 64,

        'ripemd128' => 16,

        'ripemd160' => 20,

        'ripemd256' => 32,

        'ripemd320' => 40,

        'whirlpool' => 64,

    ];


    public function __construct( $secretKeyMaterial, $algorithm, $cache, $context ) {

        if ( strlen( $secretKeyMaterial ) < 16 ) {

            throw new MWException( "MWCryptHKDF secret was too short." );

        }

        $this->skm = $secretKeyMaterial;

        $this->algorithm = $algorithm;

        $this->cache = $cache;

        $this->salt = ''; // Initialize a blank salt, see getSaltUsingCache()

        $this->prk = '';

        $this->context = is_array( $context ) ? $context : [ $context ];


        // To prevent every call from hitting the same memcache server, pick

        // from a set of keys to use. mt_rand is only use to pick a random

        // server, and does not affect the security of the process.

        $this->cacheKey = wfMemcKey( 'HKDF', mt_rand( 0, 16 ) );

    }


    function __destruct() {

        if ( $this->lastK ) {

            $this->cache->set( $this->cacheKey, $this->lastK );

        }

    }


    protected function getSaltUsingCache() {

        if ( $this->salt == '' ) {

            $lastSalt = $this->cache->get( $this->cacheKey );

            if ( $lastSalt === false ) {

                // If we don't have a previous value to use as our salt, we use

                // 16 bytes from MWCryptRand, which will use a small amount of

                // entropy from our pool. Note, "XTR may be deterministic or keyed

                // via an optional “salt value”  (i.e., a non-secret random

                // value)..." - http://eprint.iacr.org/2010/264.pdf. However, we

                // use a strongly random value since we can.

                $lastSalt = MWCryptRand::generate( 16 );

            }

            // Get a binary string that is hashLen long

            $this->salt = hash( $this->algorithm, $lastSalt, true );

        }

        return $this->salt;

    }


    protected static function singleton() {

        global $wgHKDFAlgorithm, $wgHKDFSecret, $wgSecretKey, $wgMainCacheType;


        $secret = $wgHKDFSecret ?: $wgSecretKey;

        if ( !$secret ) {

            throw new MWException( "Cannot use MWCryptHKDF without a secret." );

        }


        // In HKDF, the context can be known to the attacker, but this will

        // keep simultaneous runs from producing the same output.

        $context = [];

        $context[] = microtime();

        $context[] = getmypid();

        $context[] = gethostname();


        // Setup salt cache. Use APC, or fallback to the main cache if it isn't setup

        $cache = ObjectCache::getLocalServerInstance( $wgMainCacheType );


        if ( is_null( self::$singleton ) ) {

            self::$singleton = new self( $secret, $wgHKDFAlgorithm, $cache, $context );

        }


        return self::$singleton;

    }


    protected function realGenerate( $bytes, $context = '' ) {


        if ( $this->prk === '' ) {

            $salt = $this->getSaltUsingCache();

            $this->prk = self::HKDFExtract(

                $this->algorithm,

                $salt,

                $this->skm

            );

        }


        $CTXinfo = implode( ':', array_merge( $this->context, [ $context ] ) );


        return self::HKDFExpand(

            $this->algorithm,

            $this->prk,

            $CTXinfo,

            $bytes,

            $this->lastK

        );

    }


    public static function HKDF( $hash, $ikm, $salt, $info, $L ) {

        $prk = self::HKDFExtract( $hash, $salt, $ikm );

        $okm = self::HKDFExpand( $hash, $prk, $info, $L );

        return $okm;

    }


    private static function HKDFExtract( $hash, $salt, $ikm ) {

        return hash_hmac( $hash, $ikm, $salt, true );

    }


    private static function HKDFExpand( $hash, $prk, $info, $bytes, &$lastK = '' ) {

        $hashLen = MWCryptHKDF::$hashLength[$hash];

        $rounds = ceil( $bytes / $hashLen );

        $output = '';


        if ( $bytes > 255 * $hashLen ) {

            throw new MWException( "Too many bytes requested from HDKFExpand" );

        }


        // K(1) = HMAC(PRK, CTXinfo || 1);

        // K(i) = HMAC(PRK, K(i-1) || CTXinfo || i); 1 < i <= t;

        for ( $counter = 1; $counter <= $rounds; ++$counter ) {

            $lastK = hash_hmac(

                $hash,

                $lastK . $info . chr( $counter ),

                $prk,

                true

            );

            $output .= $lastK;

        }


        return substr( $output, 0, $bytes );

    }


    public static function generate( $bytes, $context ) {

        return self::singleton()->realGenerate( $bytes, $context );

    }


    public static function generateHex( $chars, $context = '' ) {

        $bytes = ceil( $chars / 2 );

        $hex = bin2hex( self::singleton()->realGenerate( $bytes, $context ) );

        return substr( $hex, 0, $chars );

    }


}


$wgSecretKey
$wgSecretKey
This should always be customised in LocalSettings.php.
Definition DefaultSettings.php:5781

$wgHKDFSecret
$wgHKDFSecret
Secret for hmac-based key derivation function (fast, cryptographically secure random numbers).
Definition DefaultSettings.php:8233

$wgHKDFAlgorithm
$wgHKDFAlgorithm
Algorithm for hmac-based key derivation function (fast, cryptographically secure random numbers).
Definition DefaultSettings.php:8241

wfMemcKey
wfMemcKey()
Make a cache key for the local wiki.
Definition GlobalFunctions.php:3060

MWCryptHKDF
Definition MWCryptHKDF.php:33

MWCryptHKDF\HKDFExtract
static HKDFExtract( $hash, $salt, $ikm)
Extract the PRK, PRK = HMAC(XTS, SKM) Note that the hmac is keyed with XTS (the salt),...
Definition MWCryptHKDF.php:261

MWCryptHKDF\__destruct
__destruct()
Save the last block generated, so the next user will compute a different PRK from the same SKM.
Definition MWCryptHKDF.php:129

MWCryptHKDF\$algorithm
$algorithm
The hash algorithm being used.
Definition MWCryptHKDF.php:53

MWCryptHKDF\HKDFExpand
static HKDFExpand( $hash, $prk, $info, $bytes, &$lastK='')
Expand the key with the given context.
Definition MWCryptHKDF.php:280

MWCryptHKDF\$salt
$salt
binary string, the salt for the HKDF
Definition MWCryptHKDF.php:58

MWCryptHKDF\$cache
$cache
The persistant cache.
Definition MWCryptHKDF.php:43

MWCryptHKDF\realGenerate
realGenerate( $bytes, $context='')
Produce $bytes of secure random data.
Definition MWCryptHKDF.php:194

MWCryptHKDF\$cacheKey
$cacheKey
Cache key we'll use for our salt.
Definition MWCryptHKDF.php:48

MWCryptHKDF\generate
static generate( $bytes, $context)
Generate cryptographically random data and return it in raw binary form.
Definition MWCryptHKDF.php:311

MWCryptHKDF\generateHex
static generateHex( $chars, $context='')
Generate cryptographically random data and return it in hexadecimal string format.
Definition MWCryptHKDF.php:323

MWCryptHKDF\HKDF
static HKDF( $hash, $ikm, $salt, $info, $L)
RFC5869 defines HKDF in 2 steps, extraction and expansion.
Definition MWCryptHKDF.php:245

MWCryptHKDF\getSaltUsingCache
getSaltUsingCache()
MW specific salt, cached from last run.
Definition MWCryptHKDF.php:139

MWCryptHKDF\$singleton
static $singleton
Singleton instance for public use.
Definition MWCryptHKDF.php:38

MWCryptHKDF\$lastK
$lastK
The last block (K(i)) of the most recent expanded key.
Definition MWCryptHKDF.php:74

MWCryptHKDF\singleton
static singleton()
Return a singleton instance, based on the global configs.
Definition MWCryptHKDF.php:162

MWCryptHKDF\$prk
$prk
The pseudorandom key.
Definition MWCryptHKDF.php:63

MWCryptHKDF\$skm
$skm
The secret key material.
Definition MWCryptHKDF.php:69

MWCryptHKDF\$hashLength
static $hashLength
Round count is computed based on the hash'es output length, which neither php nor openssl seem to pro...
Definition MWCryptHKDF.php:86

MWCryptHKDF\__construct
__construct( $secretKeyMaterial, $algorithm, $cache, $context)
Definition MWCryptHKDF.php:107

MWCryptHKDF\$context
$context
a "context information" string CTXinfo (which may be null) See http://eprint.iacr....
Definition MWCryptHKDF.php:80

MWCryptRand\generate
static generate( $bytes, $forceStrong=false)
Generate a run of (ideally) cryptographically random data and return it in raw binary form.
Definition MWCryptRand.php:421

MWException
MediaWiki exception.
Definition MWException.php:26

ObjectCache\getLocalServerInstance
static getLocalServerInstance( $fallback=CACHE_NONE)
Factory function for CACHE_ACCEL (referenced from DefaultSettings.php)
Definition ObjectCache.php:255

global
when a variable name is used in a it is silently declared as a new local masking the global
Definition design.txt:95

$output
this hook is for auditing only RecentChangesLinked and Watchlist RecentChangesLinked and Watchlist e g Watchlist removed from all revisions and log entries to which it was applied This gives extensions a chance to take it off their books as the deletion has already been partly carried out by this point or something similar the user will be unable to create the tag set and then return false from the hook function Ensure you consume the ChangeTagAfterDelete hook to carry out custom deletion actions as context called by AbstractContent::getParserOutput May be used to override the normal model specific rendering of page content as context as context the output can only depend on parameters provided to this hook not on global state indicating whether full HTML should be generated If generation of HTML may be but other information should still be present in the ParserOutput object & $output
Definition hooks.txt:1048

php
injection txt This is an overview of how MediaWiki makes use of dependency injection The design described here grew from the discussion of RFC T384 The term dependency this means that anything an object needs to operate should be injected from the the object itself should only know narrow no concrete implementation of the logic it relies on The requirement to inject everything typically results in an architecture that based on two main types of and essentially stateless service objects that use other service objects to operate on the value objects As of the beginning MediaWiki is only starting to use the DI approach Much of the code still relies on global state or direct resulting in a highly cyclical dependency which acts as the top level factory for services in MediaWiki which can be used to gain access to default instances of various services MediaWikiServices however also allows new services to be defined and default services to be redefined Services are defined or redefined by providing a callback the instantiator that will return a new instance of the service When it will create an instance of MediaWikiServices and populate it with the services defined in the files listed by thereby bootstrapping the DI framework Per $wgServiceWiringFiles lists includes ServiceWiring php
Definition injection.txt:37

cache
you have access to all of the normal MediaWiki so you can get a DB use the cache
Definition maintenance.txt:55

$wgMainCacheType
CACHE_MEMCACHED $wgMainCacheType
Definition memcached.txt:63