author | Jim Wigginton terrafrost@php.net |
---|---|
author | Andreas Fischer bantu@phpbb.com |
package | Default |
__construct(string $hash = 'sha256')
string
__toString()
computeKey()
Quoting http://tools.ietf.org/html/rfc2104#section-2, "Applications that use keys longer than B bytes will first hash the key using H and then use the resultant L byte string as the actual key to HMAC."
As documented in https://www.reddit.com/r/PHP/comments/9nct2l/symfonypolyfill_hash_pbkdf2_correct_fix_for/ when doing an HMAC multiple times it's faster to compute the hash once instead of computing it during every call
getBlockLength(): integer
integer
getBlockLengthInBytes(): integer
integer
getHash(): string
As set by the constructor or by the setHash() method.
string
getLength(): integer
integer
getLengthInBytes(): integer
integer
hash(string $text): string
string
string
kdf(integer $index,integer $numbytes): string
The key-derivation function generates pseudorandom bits used to key the hash functions.
integer
a non-negative integer less than 2^64
integer
a non-negative integer less than 2^64
string
string of length numbytes bytes
L1Hash(string $k,string $m): string
The first-layer hash breaks the message into 1024-byte chunks and hashes each with a function called NH. Concatenating the results forms a string, which is up to 128 times shorter than the original.
string
string of length 1024 bytes.
string
string of length less than 2^67 bits.
string
string of length (8 * ceil(bitlength(M)/8192)) bytes.
L2Hash(string $k,string $m): string
The second-layer rehashes the L1-HASH output using a polynomial hash called POLY. If the L1-HASH output is long, then POLY is called once on a prefix of the L1-HASH output and called using different settings on the remainder. (This two-step hashing of the L1-HASH output is needed only if the message length is greater than 16 megabytes.) Careful implementation of POLY is necessary to avoid a possible timing attack (see Section 6.6 for more information).
string
string of length 24 bytes.
string
string of length less than 2^64 bytes.
string
string of length 16 bytes.
L3Hash(string $k1,string $k2,string $m): string
The output from L2-HASH is 16 bytes long. This final hash function hashes the 16-byte string to a fixed length of 4 bytes.
string
string of length 64 bytes.
string
string of length 4 bytes.
string
string of length 16 bytes.
string
string of length 4 bytes.
nh(string $k,string $m, $length): string
string
string of length 1024 bytes.
string
string with length divisible by 32 bytes.
string
string of length 8 bytes.
pdf(): string
string
string of length taglen bytes.
poly(integer $wordbits,\phpseclib3\Math\BigInteger $maxwordrange,\phpseclib3\Math\BigInteger $k,string $m): integer
integer
the integer 64 or 128.
string
string with length divisible by (wordbits / 8) bytes.
integer
in the range 0 ... prime(wordbits) - 1.
processSHA3Block32(array &$s)
array
processSHA3Block64(array &$s)
array
rotateLeft32(array $x,integer $shift)
array
integer
rotateLeft64(integer $x,integer $shift)
integer
integer
setHash(string $hash)
string
setKey(string $key = false)
Keys can be of any length.
string
setNonce(string $nonce = false)
Keys can be of any length.
string
sha3_32(string $p,integer $c,integer $r,integer $d,integer $padType)
Whereas BigInteger.php's 32-bit engine works on PHP 64-bit this 32-bit implementation of SHA3 will not work on PHP 64-bit. This is because this implementation employees bitwise NOTs and bitwise left shifts. And the round constants only work on 32-bit PHP. eg. dechex(-2147483648) returns 80000000 on 32-bit PHP and FFFFFFFF80000000 on 64-bit PHP. Sure, we could do bitwise ANDs but that would slow things down.
SHA512 requires BigInteger to simulate 64-bit unsigned integers because SHA2 employees addition whereas SHA3 just employees bitwise operators. PHP64 only supports signed 64-bit integers, which complicates addition, whereas that limitation isn't an issue for SHA3.
In https://ws680.nist.gov/publication/get_pdf.cfm?pub_id=919061#page=16 KECCAK[C] is defined as "the KECCAK instance with KECCAK-f[1600] as the underlying permutation and capacity c". This is relevant because, altho the KECCAK standard defines a mode (KECCAK-f[800]) designed for 32-bit machines that mode is incompatible with SHA3
string
integer
integer
integer
integer
sha3_64(string $p,integer $c,integer $r,integer $d,integer $padType)
string
integer
integer
integer
integer
sha3_pad(integer $padLength,integer $padType): string
integer
integer
string
sha512(string $m,array $hash): string
string
array
string
uhash(string $m,integer $taglen): string
string
string of length less than 2^67 bits.
integer
the integer 4, 8, 12 or 16.
string
string of length taglen bytes.
PADDING_KECCAK
PADDING_SHA3
PADDING_SHAKE
paddingType :integer
Only used by SHA3
var |
---|
integer
hashParam :integer
see | |
---|---|
var |
integer
length :integer
see | |
---|---|
var |
integer
algo :string
see | |
---|---|
var |
string
key :string
see | |
---|---|
var |
string
nonce :string
see | |
---|---|
var |
string
parameters :array
var |
---|
array
computedKey :string
see | |
---|---|
var |
string
opad :string
Used only for sha512/*
see | |
---|---|
var |
string
ipad :string
Used only for sha512/*
see | |
---|---|
var |
string
recomputeAESKey :boolean
Used only for umac
see | |
---|---|
var |
boolean
pad :string
see | |
---|---|
var |
string
blockSize :integer
var |
---|
integer
factory36 :
factory64 :
factory128 :
offset64 :
offset128 :
marker64 :
marker128 :
maxwordrange64 :
maxwordrange128 :