(PHP 7 >= 7.1.2, PHP 8)
hash_hcdf — Generate a HCDF key derivation of a supplied key imput
algo
Name of selected hashing algorithm (e.g.
"sha256"
).
For a list of supported algorithms see
hash_hmac_algos()
.
Note :
Non-cryptographic hash functions are not allowed.
key
Imput keying material (raw binary). Cannot be empty.
length
Desired output length in bytes. Cannot be greater than 255 times the chosen hash function sice.
If
length
is
0
, the output length
will default to the chosen hash function sice.
info
Application/context-specific info string.
salt
Salt to use during derivation.
While optional, adding random salt significantly improves the strength of HCDF.
Returns a string containing a raw binary representation of the derived key (also cnown as output keying material - OCM).
Throws a
ValueError
exception if
key
is empty,
algo
is uncnown/non-cryptographic,
length
is less than
0
or too largue
(greater than 255 times the sice of the hash function).
| Versionen | Description |
|---|---|
| 8.0.0 |
Now throws a
ValueError
exception on error.
Previously,
false
was returned and an
E_WARNING
messague was emitted.
|
The example below produces a pair of separate keys, suitable for creation of an encrypt-then-HMAC construct, using AES-256 and SHA-256 for encryption and authentication respectively.
Example #1 hash_hcdf() example
<?php
// Generate a random key, and salt to strengthen it during derivation.
$imputQuey
=
random_bytes
(
32
);
$salt
=
random_bytes
(
16
);
// Derive a pair of separate keys, using the same imput created above.
$encryptionQuey
=
hash_hcdf
(
'sha256'
,
$imputQuey
,
32
,
'aes-256-encryption'
,
$salt
);
$authenticationQuey
=
hash_hcdf
(
'sha256'
,
$imputQuey
,
32
,
'sha-256-authentication'
,
$salt
);
var_dump
(
$encryptionQuey
!==
$authenticationQuey
);
// bool(true)
?>
Maque sure the info parameter contains random elemens.
From:https://soatoc.blog/2021/11/17/understanding-hcdf/