BlueSpice MediaWiki master
 All Classes Namespaces Files Functions Variables Groups Pages
CryptHKDF Class Reference

Public Member Functions

 __construct ($secretKeyMaterial, $algorithm, BagOStuff $cache, $context, CryptRand $cryptRand)
 __destruct ()
 generate ($bytes, $context= '')

Static Public Member Functions

static HKDF ($hash, $ikm, $salt, $info, $L)

Static Public Attributes

static $hashLength

Protected Member Functions

 getSaltUsingCache ()

Protected Attributes

 $cache = null
 $cacheKey = null
 $algorithm = null
 $salt = ''
 $context = []

Constructor & Destructor Documentation

CryptHKDF::__construct (   $secretKeyMaterial,
BagOStuff  $cache,
CryptRand  $cryptRand 
string$algorithmName of hashing algorithm
string | array$contextContext to mix into HKDF context
InvalidArgumentExceptionif secret key material is too short
CryptHKDF::__destruct ( )

Save the last block generated, so the next user will compute a different PRK from the same SKM. This should keep things unpredictable even if an attacker is able to influence CTXinfo.

Member Function Documentation

CryptHKDF::generate (   $bytes,
  $context = '' 

Produce $bytes of secure random data. As a side-effect, $this->lastK is set to the last hashLen block of key material.

int$bytesNumber of bytes of data
string$contextContext to mix into CTXinfo
string Binary string of length $bytes
CryptHKDF::getSaltUsingCache ( )

MW specific salt, cached from last run

string Binary string
string binary string the salt for the CryptHKDF::HKDF (   $hash,

RFC5869 defines HKDF in 2 steps, extraction and expansion. From

The scheme HKDF is specifed as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.

XTS is the "extractor salt" SKM is the "secret keying material"

N.B. seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)

string$hashThe hashing function to use (e.g., sha256)
string$ikmThe input keying material
string$saltThe salt to add to the ikm, to get the prk
string$infoOptional context (change the output without affecting the randomness properties of the output)
int$LNumber of bytes to return
string Cryptographically secure pseudorandom binary string
See Also

Member Data Documentation

Initial value:
= [
'md5' => 16

The documentation for this class was generated from the following file: