MediaWiki master
|
Public Member Functions | |
__construct ( $secretKeyMaterial, $algorithm, BagOStuff $cache, $context) | |
__destruct () | |
Save the last block generated, so the next user will compute a different PRK from the same SKM. | |
generate ( $bytes, $context='') | |
Produce $bytes of secure random data. | |
Static Public Member Functions | |
static | HKDF ( $hash, $ikm, $salt, $info, $L) |
RFC5869 defines HKDF in 2 steps, extraction and expansion. | |
Static Public Attributes | |
static int[] | $hashLength |
Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily. | |
Protected Member Functions | |
getSaltUsingCache () | |
MW specific salt, cached from last run. | |
Protected Attributes | |
string | $algorithm = null |
The hash algorithm being used. | |
BagOStuff | $cache = null |
The persistent cache. | |
string | $cacheKey = null |
Cache key we'll use for our salt. | |
array | $context = [] |
a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1 | |
string | $lastK |
The last block (K(i)) of the most recent expanded key. | |
string | $salt = '' |
binary string, the salt for the HKDF | |
Definition at line 36 of file CryptHKDF.php.
CryptHKDF::__construct | ( | $secretKeyMaterial, | |
$algorithm, | |||
BagOStuff | $cache, | ||
$context ) |
string | $secretKeyMaterial | |
string | $algorithm | Name of hashing algorithm |
BagOStuff | $cache | |
string | array | $context | Context to mix into HKDF context |
InvalidArgumentException | if secret key material is too short |
Definition at line 112 of file CryptHKDF.php.
References Wikimedia\ObjectCache\BagOStuff\makeKey().
CryptHKDF::__destruct | ( | ) |
Save the last block generated, so the next user will compute a different PRK from the same SKM.
This should keep things unpredictable even if an attacker is able to influence CTXinfo.
Definition at line 132 of file CryptHKDF.php.
CryptHKDF::generate | ( | $bytes, | |
$context = '' ) |
Produce $bytes of secure random data.
As a side-effect, $this->lastK is set to the last hashLen block of key material.
int | $bytes | Number of bytes of data |
string | $context | Context to mix into CTXinfo |
Definition at line 168 of file CryptHKDF.php.
References getSaltUsingCache().
|
protected |
MW specific salt, cached from last run.
Definition at line 142 of file CryptHKDF.php.
Referenced by generate().
|
static |
RFC5869 defines HKDF in 2 steps, extraction and expansion.
From http://eprint.iacr.org/2010/264.pdf:
The scheme HKDF is specified as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.
XTS is the "extractor salt" SKM is the "secret keying material"
N.B. http://eprint.iacr.org/2010/264.pdf seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)
string | $hash | The hashing function to use (e.g., sha256) |
string | $ikm | The input keying material |
string | $salt | The salt to add to the ikm, to get the prk |
string | $info | Optional context (change the output without affecting the randomness properties of the output) |
int | $L | Number of bytes to return |
Definition at line 218 of file CryptHKDF.php.
|
protected |
The hash algorithm being used.
Definition at line 51 of file CryptHKDF.php.
|
protected |
The persistent cache.
Definition at line 41 of file CryptHKDF.php.
|
protected |
Cache key we'll use for our salt.
Definition at line 46 of file CryptHKDF.php.
|
protected |
a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1
Definition at line 83 of file CryptHKDF.php.
|
static |
Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.
Definition at line 91 of file CryptHKDF.php.
|
protected |
The last block (K(i)) of the most recent expanded key.
Definition at line 75 of file CryptHKDF.php.
|
protected |
binary string, the salt for the HKDF
Definition at line 57 of file CryptHKDF.php.