BlueSpice MediaWiki REL1_27
 All Classes Namespaces Files Functions Variables Groups Pages
MWCryptHKDF Class Reference

Public Member Functions

static __construct ($secretKeyMaterial, $algorithm, $cache, $context)
 
 __destruct ()
 

Static Public Member Functions

static HKDF ($hash, $ikm, $salt, $info, $L)
 
static generate ($bytes, $context)
 
static generateHex ($chars, $context= '')
 

Static Public Attributes

static $hashLength
 

Protected Member Functions

 getSaltUsingCache ()
 
 realGenerate ($bytes, $context= '')
 

Static Protected Member Functions

static singleton ()
 

Protected Attributes

 $cache = null
 
 $cacheKey = null
 
 $algorithm = null
 
 $salt
 
 $lastK
 
 $context = []
 

Static Protected Attributes

static $singleton = null
 

Constructor & Destructor Documentation

static MWCryptHKDF::__construct (   $secretKeyMaterial,
  $algorithm,
  $cache,
  $context 
)
Parameters
string$secretKeyMaterial
string$algorithmName of hashing algorithm
BagOStuff$cache
string | array$contextContext to mix into HKDF context
Exceptions
MWException
MWCryptHKDF::__destruct ( )

Save the last block generated, so the next user will compute a different PRK from the same SKM. This should keep things unpredictable even if an attacker is able to influence CTXinfo.

Member Function Documentation

static MWCryptHKDF::generate (   $bytes,
  $context 
)
static

Generate cryptographically random data and return it in raw binary form.

Parameters
int$bytesThe number of bytes of random data to generate
string$contextString to mix into HMAC context
Returns
string Binary string of length $bytes
static MWCryptHKDF::generateHex (   $chars,
  $context = '' 
)
static

Generate cryptographically random data and return it in hexadecimal string format. See MWCryptRand::realGenerateHex for details of the char-to-byte conversion logic.

Parameters
int$charsThe number of hex chars of random data to generate
string$contextString to mix into HMAC context
Returns
string Random hex characters, $chars long
MWCryptHKDF::getSaltUsingCache ( )
protected

MW specific salt, cached from last run

Returns
string Binary string
static MWCryptHKDF::HKDF (   $hash,
  $ikm,
  $salt,
  $info,
  $L 
)
static

RFC5869 defines HKDF in 2 steps, extraction and expansion. From http://eprint.iacr.org/2010/264.pdf:

The scheme HKDF is specifed as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.

XTS is the "extractor salt" SKM is the "secret keying material"

N.B. http://eprint.iacr.org/2010/264.pdf seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)

Parameters
string$hashThe hashing function to use (e.g., sha256)
string$ikmThe input keying material
string$saltThe salt to add to the ikm, to get the prk
string$infoOptional context (change the output without affecting the randomness properties of the output)
int$LNumber of bytes to return
Returns
string Cryptographically secure pseudorandom binary string
MWCryptHKDF::realGenerate (   $bytes,
  $context = '' 
)
protected

Produce $bytes of secure random data. As a side-effect, $this->lastK is set to the last hashLen block of key material.

Parameters
int$bytesNumber of bytes of data
string$contextContext to mix into CTXinfo
Returns
string Binary string of length $bytes
static MWCryptHKDF::singleton ( )
staticprotected

Return a singleton instance, based on the global configs.

Returns
HKDF
Exceptions
MWException

Member Data Documentation

MWCryptHKDF::$algorithm = null
protected

The hash algorithm being used

MWCryptHKDF::$cache = null
protected

The persistant cache

MWCryptHKDF::$cacheKey = null
protected

Cache key we'll use for our salt

MWCryptHKDF::$context = []
protected

a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1

MWCryptHKDF::$hashLength
static
Initial value:
= [
'md5' => 16

Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.

MWCryptHKDF::$lastK
protected

The last block (K(i)) of the most recent expanded key

MWCryptHKDF::$salt
protected

binary string, the salt for the HKDF

MWCryptHKDF::$singleton = null
staticprotected

Singleton instance for public use


The documentation for this class was generated from the following file: