MediaWiki REL1_32
MWCryptHKDF Class Reference

Static Public Member Functions

static generate ( $bytes, $context)
 Generate cryptographically random data and return it in raw binary form.
 
static generateHex ( $chars, $context='')
 Generate cryptographically random data and return it in hexadecimal string format.
 
static HKDF ( $hash, $ikm, $salt, $info, $L)
 RFC5869 defines HKDF in 2 steps, extraction and expansion.
 

Static Protected Member Functions

static singleton ()
 Return a singleton instance, based on the global configs.
 

Detailed Description

Definition at line 35 of file MWCryptHKDF.php.

Member Function Documentation

◆ generate()

static MWCryptHKDF::generate ( $bytes,
$context )
static

Generate cryptographically random data and return it in raw binary form.

Parameters
int$bytesThe number of bytes of random data to generate
string$contextString to mix into HMAC context
Returns
string Binary string of length $bytes

Definition at line 85 of file MWCryptHKDF.php.

References $context, and singleton().

Referenced by generateHex().

◆ generateHex()

static MWCryptHKDF::generateHex ( $chars,
$context = '' )
static

Generate cryptographically random data and return it in hexadecimal string format.

See MWCryptRand::realGenerateHex for details of the char-to-byte conversion logic.

Parameters
int$charsThe number of hex chars of random data to generate
string$contextString to mix into HMAC context
Returns
string Random hex characters, $chars long

Definition at line 97 of file MWCryptHKDF.php.

References $context, and generate().

Referenced by MWCryptHKDFTest\testGenerate().

◆ HKDF()

static MWCryptHKDF::HKDF ( $hash,
$ikm,
$salt,
$info,
$L )
static

RFC5869 defines HKDF in 2 steps, extraction and expansion.

From http://eprint.iacr.org/2010/264.pdf:

The scheme HKDF is specifed as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.

XTS is the "extractor salt" SKM is the "secret keying material"

N.B. http://eprint.iacr.org/2010/264.pdf seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)

Parameters
string$hashThe hashing function to use (e.g., sha256)
string$ikmThe input keying material
string$saltThe salt to add to the ikm, to get the prk
string$infoOptional context (change the output without affecting the randomness properties of the output)
int$LNumber of bytes to return
Returns
string Cryptographically secure pseudorandom binary string

Definition at line 74 of file MWCryptHKDF.php.

Referenced by MWCryptHKDFTest\testRfc5869().

◆ singleton()

static MWCryptHKDF::singleton ( )
staticprotected

Return a singleton instance, based on the global configs.

Returns
CryptHKDF

Definition at line 41 of file MWCryptHKDF.php.

Referenced by generate().


The documentation for this class was generated from the following file: