MWCryptHKDF Class Reference

List of all members.

Public Member Functions
	__construct ($secretKeyMaterial, $algorithm, $cache, $context)
	__destruct ()
	Save the last block generated, so the next user will compute a different PRK from the same SKM.
Static Public Member Functions
static	generate ($bytes, $context)
	Generate cryptographically random data and return it in raw binary form.
static	generateHex ($chars, $context= '')
	Generate cryptographically random data and return it in hexadecimal string format.
static	HKDF ($hash, $ikm, $salt, $info, $L)
	RFC5869 defines HKDF in 2 steps, extraction and expansion.
Static Public Attributes
static	$hashLength
	Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.
Protected Member Functions
	getSaltUsingCache ()
	MW specific salt, cached from last run.
	realGenerate ($bytes, $context= '')
	Produce $bytes of secure random data.
Static Protected Member Functions
static	singleton ()
	Return a singleton instance, based on the global configs.
Protected Attributes
	$algorithm = null
	The hash algorithm being used.
	$cache = null
	The persistant cache.
	$cacheKey = null
	Cache key we'll use for our salt.
	$context = array()
	a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1
	$lastK
	The last block (K(i)) of the most recent expanded key.
	$salt
	binary string, the salt for the HKDF
Static Protected Attributes
static	$singleton = null
	Singleton instance for public use.
Static Private Member Functions
static	HKDFExpand ($hash, $prk, $info, $bytes, &$lastK= '')
	Expand the key with the given context.
static	HKDFExtract ($hash, $salt, $ikm)
	Extract the PRK, PRK = HMAC(XTS, SKM) Note that the hmac is keyed with XTS (the salt), and the SKM (source key material) is the "data".
Private Attributes
	$prk
	The pseudorandom key.
	$skm
	The secret key material.

---

Detailed Description

Definition at line 33 of file MWCryptHKDF.php.

---

Constructor & Destructor Documentation

MWCryptHKDF::__construct	(	$	secretKeyMaterial,
		$	algorithm,
		$	cache,
		$	context
	)

Parameters:

string	$secretKeyMaterial
string	$algorithm	Name of hashing algorithm
BagOStuff	$cache
string | array	$context	Context to mix into HKDF context

Definition at line 107 of file MWCryptHKDF.php.

References $algorithm, $cache, $context, array(), cache, and wfMemcKey().

MWCryptHKDF::__destruct

(

)

Save the last block generated, so the next user will compute a different PRK from the same SKM.

This should keep things unpredictable even if an attacker is able to influence CTXinfo.

Definition at line 129 of file MWCryptHKDF.php.

References cache.

---

Member Function Documentation

static MWCryptHKDF::generate	(	$	bytes,
		$	context
	)		[static]

Generate cryptographically random data and return it in raw binary form.

Parameters:

int	$bytes	The number of bytes of random data to generate
string	$context	String to mix into HMAC context

Returns:

string Binary string of length $bytes

Definition at line 314 of file MWCryptHKDF.php.

References $context, and singleton().

Referenced by getSaltUsingCache().

static MWCryptHKDF::generateHex	(	$	chars,
		$	context = ''
	)		[static]

Generate cryptographically random data and return it in hexadecimal string format.

See MWCryptRand::realGenerateHex for details of the char-to-byte conversion logic.

Parameters:

int	$chars	The number of hex chars of random data to generate
string	$context	String to mix into HMAC context

Returns:

string Random hex characters, $chars long

Definition at line 326 of file MWCryptHKDF.php.

References $context, and realGenerate().

Referenced by MWCryptHKDFTest\testGenerate().

MWCryptHKDF::getSaltUsingCache

(

)

[protected]

MW specific salt, cached from last run.

Returns:

string Binary string

Definition at line 139 of file MWCryptHKDF.php.

References cache, and generate().

Referenced by realGenerate().

static MWCryptHKDF::HKDF	(	$	hash,
		$	ikm,
		$	salt,
		$	info,
		$	L
	)		[static]

RFC5869 defines HKDF in 2 steps, extraction and expansion.

From http://eprint.iacr.org/2010/264.pdf:

The scheme HKDF is specifed as: HKDF(XTS, SKM, CTXinfo, L) = K(1) || K(2) || ... || K(t) where the values K(i) are defined as follows: PRK = HMAC(XTS, SKM) K(1) = HMAC(PRK, CTXinfo || 0); K(i+1) = HMAC(PRK, K(i) || CTXinfo || i), 1 <= i < t; where t = [L/k] and the value K(t) is truncated to its first d = L mod k bits; the counter i is non-wrapping and of a given fixed size, e.g., a single byte. Note that the length of the HMAC output is the same as its key length and therefore the scheme is well defined.

XTS is the "extractor salt" SKM is the "secret keying material"

N.B. http://eprint.iacr.org/2010/264.pdf seems to differ from RFC 5869 in that the test vectors from RFC 5869 only work if K(0) = '' and K(1) = HMAC(PRK, K(0) || CTXinfo || 1)

Parameters:

string	$hash	The hashing function to use (e.g., sha256)
string	$ikm	The input keying material
string	$salt	The salt to add to the ikm, to get the prk
string	$info	Optional context (change the output without affecting the randomness properties of the output)
int	$L	Number of bytes to return

Returns:

string Cryptographically secure pseudorandom binary string

Definition at line 249 of file MWCryptHKDF.php.

References $prk, $salt, HKDFExpand(), and HKDFExtract().

Referenced by MWCryptHKDFTest\testRfc5869().

static MWCryptHKDF::HKDFExpand	(	$	hash,
		$	prk,
		$	info,
		$	bytes,
		&$	lastK = ''
	)		[static, private]

Expand the key with the given context.

Parameters:

string	$hash	Hashing Algorithm
string	$prk	A pseudorandom key of at least HashLen octets (usually, the output from the extract step)
string	$info	Optional context and application specific information (can be a zero-length string)
int	$bytes	Length of output keying material in bytes (<= 255*HashLen)
string	&$lastK	Set by this function to the last block of the expansion. In MediaWiki, this is used to seed future Extractions.

Returns:

string Cryptographically secure random string $bytes long

Definition at line 283 of file MWCryptHKDF.php.

References $hashLength, $lastK, $output, and $prk.

Referenced by HKDF(), and realGenerate().

static MWCryptHKDF::HKDFExtract	(	$	hash,
		$	salt,
		$	ikm
	)		[static, private]

Extract the PRK, PRK = HMAC(XTS, SKM) Note that the hmac is keyed with XTS (the salt), and the SKM (source key material) is the "data".

Parameters:

string	$hash	The hashing function to use (e.g., sha256)
string	$salt	The salt to add to the ikm, to get the prk
string	$ikm	The input keying material

Returns:

string Binary string (pseudorandm key) used as input to HKDFExpand

Definition at line 265 of file MWCryptHKDF.php.

References $salt.

Referenced by HKDF(), and realGenerate().

MWCryptHKDF::realGenerate	(	$	bytes,
		$	context = ''
	)		[protected]

Produce $bytes of secure random data.

As a side-effect, $this->lastK is set to the last hashLen block of key material.

Parameters:

int	$bytes	Number of bytes of data
string	$context	Context to mix into CTXinfo

Returns:

string Binary string of length $bytes

Definition at line 197 of file MWCryptHKDF.php.

References $context, $salt, array(), getSaltUsingCache(), HKDFExpand(), and HKDFExtract().

Referenced by generateHex().

static MWCryptHKDF::singleton

(

)

[static, protected]

Return a singleton instance, based on the global configs.

Returns:

HKDF

Definition at line 161 of file MWCryptHKDF.php.

References $cache, $context, $e, $singleton, array(), global, ObjectCache\newAccelerator(), and wfGetMainCache().

Referenced by generate().

---

Member Data Documentation

MWCryptHKDF::$algorithm = null [protected]

The hash algorithm being used.

Definition at line 53 of file MWCryptHKDF.php.

Referenced by __construct().

MWCryptHKDF::$cache = null [protected]

The persistant cache.

Definition at line 43 of file MWCryptHKDF.php.

Referenced by __construct(), and singleton().

MWCryptHKDF::$cacheKey = null [protected]

Cache key we'll use for our salt.

Definition at line 48 of file MWCryptHKDF.php.

MWCryptHKDF::$context = array() [protected]

a "context information" string CTXinfo (which may be null) See http://eprint.iacr.org/2010/264.pdf Section 4.1

Definition at line 80 of file MWCryptHKDF.php.

Referenced by __construct(), generate(), generateHex(), realGenerate(), and singleton().

MWCryptHKDF::$hashLength [static]

Initial value:

 array(
        'md5' => 16,
        'sha1' => 20,
        'sha224' => 28,
        'sha256' => 32,
        'sha384' => 48,
        'sha512' => 64,
        'ripemd128' => 16,
        'ripemd160' => 20,
        'ripemd256' => 32,
        'ripemd320' => 40,
        'whirlpool' => 64,
    )

Round count is computed based on the hash'es output length, which neither php nor openssl seem to provide easily.

Definition at line 86 of file MWCryptHKDF.php.

Referenced by HKDFExpand().

MWCryptHKDF::$lastK [protected]

The last block (K(i)) of the most recent expanded key.

Definition at line 74 of file MWCryptHKDF.php.

Referenced by HKDFExpand().

MWCryptHKDF::$prk [private]

The pseudorandom key.

Definition at line 63 of file MWCryptHKDF.php.

Referenced by HKDF(), and HKDFExpand().

MWCryptHKDF::$salt [protected]

binary string, the salt for the HKDF

Definition at line 58 of file MWCryptHKDF.php.

Referenced by HKDF(), HKDFExtract(), and realGenerate().

MWCryptHKDF::$singleton = null [static, protected]

Singleton instance for public use.

Definition at line 38 of file MWCryptHKDF.php.

Referenced by singleton().

MWCryptHKDF::$skm [private]

The secret key material.

This must be kept secret to preserve the security properties of this RNG.

Definition at line 69 of file MWCryptHKDF.php.

---

The documentation for this class was generated from the following file:

• includes/utils/MWCryptHKDF.php