ParagonIE\Halite\Util::hkdfBlake2b PHP Method

Util Class Documentation Usage Examples Of ParagonIE\Halite\Util::hkdfBlake2b Datei anzeigen Open project: paragonie/halite

hkdfBlake2b() public static method

http://tools.ietf.org/html/rfc5869 This is a variant from hash_hkdf() and instead uses BLAKE2b provided by libsodium. Important: instead of a true HKDF (from HMAC) construct, this uses the \Sodium\crypto_generichash() key parameter. This is *probably* okay.
public static hkdfBlake2b ( string $ikm, integer $length, string $info = '', string $salt = '' ) : string
$ikm string Initial Keying Material
$length integer How many bytes?
$info string What sort of key are we deriving?
$salt string
return string 
    public static function hkdfBlake2b(string $ikm, int $length, string $info = '', string $salt = '') : string
    {
        // Sanity-check the desired output length.
        if ($length < 0 || $length > 255 * \Sodium\CRYPTO_GENERICHASH_KEYBYTES) {
            throw new InvalidDigestLength('Argument 2: Bad HKDF Digest Length');
        }
        // "If [salt] not provided, is set to a string of HashLen zeroes."
        if (empty($salt)) {
            $salt = \str_repeat("", \Sodium\CRYPTO_GENERICHASH_KEYBYTES);
        }
        // HKDF-Extract:
        // PRK = HMAC-Hash(salt, IKM)
        // The salt is the HMAC key.
        $prk = self::raw_keyed_hash($ikm, $salt);
        // HKDF-Expand:
        // This check is useless, but it serves as a reminder to the spec.
        if (self::safeStrlen($prk) < \Sodium\CRYPTO_GENERICHASH_KEYBYTES) {
            throw new CannotPerformOperation('An unknown error has occurred');
        }
        // T(0) = ''
        $t = '';
        $last_block = '';
        for ($block_index = 1; self::safeStrlen($t) < $length; ++$block_index) {
            // T(i) = HMAC-Hash(PRK, T(i-1) | info | 0x??)
            $last_block = self::raw_keyed_hash($last_block . $info . \chr($block_index), $prk);
            // T = T(1) | T(2) | T(3) | ... | T(N)
            $t .= $last_block;
        }
        // ORM = first L octets of T
        $orm = self::safeSubstr($t, 0, $length);
        if ($orm === false) {
            throw new CannotPerformOperation('An unknown error has occurred');
        }
        return $orm;
    }

Usage Example

Beispiel #1
0
 /**
  * Split a key using a variant of HKDF that used a keyed BLAKE2b hash rather
  * than an HMAC construct
  * 
  * @param \ParagonIE\Halite\Key $master
  * @param string $salt
  * @return array
  */
 public static function splitKeys(Key $master, $salt = null)
 {
     $binary = $master->get();
     return [CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_SECRETBOX_KEYBYTES, Config::HKDF_SBOX, $salt), CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_AUTH_KEYBYTES, Config::HKDF_AUTH, $salt)];
 }
All Usage Examples Of ParagonIE\Halite\Util::hkdfBlake2b
Util
__construct
hash
hkdfBlake2b
keyed_hash
raw_hash
raw_keyed_hash
safeStrcpy
safeStrlen
safeSubstr
xorStrings