http://tools.ietf.org/html/rfc5869
This is a variant from hash_hkdf() and instead uses BLAKE2b provided by
libsodium.
Important: instead of a true HKDF (from HMAC) construct, this uses the
\Sodium\crypto_generichash() key parameter. This is *probably* okay.
/** * Split a key using a variant of HKDF that used a keyed BLAKE2b hash rather * than an HMAC construct * * @param \ParagonIE\Halite\Key $master * @param string $salt * @return array */ public static function splitKeys(Key $master, $salt = null) { $binary = $master->get(); return [CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_SECRETBOX_KEYBYTES, Config::HKDF_SBOX, $salt), CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_AUTH_KEYBYTES, Config::HKDF_AUTH, $salt)]; }
/** * Split a key using a variant of HKDF that used a keyed BLAKE2b hash rather * than an HMAC construct * * @param EncryptionKey $master * @param string $salt * @param Config $config * @return array */ public static function splitKeys(Contract\KeyInterface $master, $salt = null, Config $config = null) { $binary = $master->get(); return [CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_SECRETBOX_KEYBYTES, $config->HKDF_SBOX, $salt), CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_AUTH_KEYBYTES, $config->HKDF_AUTH, $salt)]; }
/** * Split a key using HKDF * * @param \ParagonIE\Halite\Contract\CryptoKeyInterface $master * @param string $salt * @return array */ protected static function splitKeys(\ParagonIE\Halite\Contract\CryptoKeyInterface $master, $salt = null) { $binary = $master->get(); return [CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_SECRETBOX_KEYBYTES, Halite::HKDF_SBOX, $salt), CryptoUtil::hkdfBlake2b($binary, \Sodium\CRYPTO_AUTH_KEYBYTES, Halite::HKDF_AUTH, $salt)]; }
/** * Split a key using HKDF * * @param Key $master * @param string $salt * @param Config $config * @return string[] */ protected static function splitKeys(Key $master, string $salt = '', Config $config = null) : array { $binary = $master->getRawKeyMaterial(); return [Util::hkdfBlake2b($binary, \Sodium\CRYPTO_SECRETBOX_KEYBYTES, $config->HKDF_SBOX, $salt), Util::hkdfBlake2b($binary, \Sodium\CRYPTO_AUTH_KEYBYTES, $config->HKDF_AUTH, $salt)]; }