org.bouncycastle.tls.crypto

Interface TlsSecret

All Known Implementing Classes:

AbstractTlsSecret, BcTlsSecret, JceTlsSecret

public interface TlsSecret

Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.

Method Summary

Modifier and Type	Method and Description
byte[]	calculateHMAC(int cryptoHashAlgorithm, byte[] buf, int off, int len) Calculate an HMAC with this secret's data as the key.
TlsSecret	deriveUsingPRF(int prfAlgorithm, java.lang.String label, byte[] seed, int length) Return a new secret based on applying a PRF to this one.
void	destroy() Destroy the internal state of the secret.
byte[]	encrypt(TlsEncryptor encryptor) Return an encrypted copy of the data this secret is based on.
byte[]	extract() Return the internal data from this secret.
TlsSecret	hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length) RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
TlsSecret	hkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm) RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
boolean	isAlive()

Method Detail

calculateHMAC

byte[] calculateHMAC(int cryptoHashAlgorithm,
                     byte[] buf,
                     int off,
                     int len)

Calculate an HMAC with this secret's data as the key.

Parameters:

cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

buf - array containing the input data.

off - offset into the input array the input starts at.

len - the length of the input data.

Returns:

deriveUsingPRF

TlsSecret deriveUsingPRF(int prfAlgorithm,
                         java.lang.String label,
                         byte[] seed,
                         int length)

Return a new secret based on applying a PRF to this one.

Parameters:

prfAlgorithm - PRF algorithm to use.

label - the label details.

seed - the seed details.

length - the size (in bytes) of the secret to generate.

Returns:

the new secret.

destroy

void destroy()

Destroy the internal state of the secret. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.

encrypt

byte[] encrypt(TlsEncryptor encryptor)
        throws java.io.IOException

Return an encrypted copy of the data this secret is based on.

Parameters:

encryptor - the encryptor to use for protecting the internal data.

Returns:

an encrypted copy of this secret's internal data.

Throws:

java.io.IOException

extract

byte[] extract()

Return the internal data from this secret. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.

Returns:

the secret's internal data.

hkdfExpand

TlsSecret hkdfExpand(int cryptoHashAlgorithm,
                     byte[] info,
                     int length)

RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').

Parameters:

cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

info - optional context and application specific information (can be zero-length).

length - length of output keying material in octets.

Returns:

output keying material (of 'length' octets).

hkdfExtract

TlsSecret hkdfExtract(int cryptoHashAlgorithm,
                      TlsSecret ikm)

RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.

Parameters:

cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

ikm - input keying material.

Returns:

a pseudo-random key (of HashLen octets).

isAlive

boolean isAlive()