Class BcTlsSecret

  • All Implemented Interfaces:
    TlsSecret

    public class BcTlsSecret
    extends AbstractTlsSecret
    BC light-weight support class for handling TLS secrets and deriving key material and other secrets from them.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      TlsSecret deriveUsingPRF​(int prfAlgorithm, java.lang.String label, byte[] seed, int length)
      Return a new secret based on applying a PRF to this one.
      protected AbstractTlsCrypto getCrypto()  
      TlsSecret hkdfExpand​(int cryptoHashAlgorithm, byte[] info, int length)
      RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
      TlsSecret hkdfExtract​(int cryptoHashAlgorithm, byte[] ikm)
      RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
      protected void hmacHash​(org.bouncycastle.crypto.Digest digest, byte[] secret, int secretOff, int secretLen, byte[] seed, byte[] output)  
      protected byte[] prf​(int prfAlgorithm, java.lang.String label, byte[] seed, int length)  
      protected byte[] prf_1_0​(byte[] labelSeed, int length)  
      protected byte[] prf_1_2​(int prfAlgorithm, byte[] labelSeed, int length)  
      protected byte[] prf_SSL​(byte[] seed, int length)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • BcTlsSecret

        public BcTlsSecret​(BcTlsCrypto crypto,
                           byte[] data)
    • Method Detail

      • deriveUsingPRF

        public TlsSecret deriveUsingPRF​(int prfAlgorithm,
                                        java.lang.String label,
                                        byte[] seed,
                                        int length)
        Description copied from interface: TlsSecret
        Return a new secret based on applying a PRF to this one.
        Parameters:
        prfAlgorithm - PRF algorithm to use.
        label - the label details.
        seed - the seed details.
        length - the size (in bytes) of the secret to generate.
        Returns:
        the new secret.
      • hkdfExpand

        public TlsSecret hkdfExpand​(int cryptoHashAlgorithm,
                                    byte[] info,
                                    int length)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        info - optional context and application specific information (can be zero-length).
        length - length of output keying material in octets.
        Returns:
        output keying material (of 'length' octets).
      • hkdfExtract

        public TlsSecret hkdfExtract​(int cryptoHashAlgorithm,
                                     byte[] ikm)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        ikm - input keying material.
        Returns:
        a pseudo-random key (of HashLen octets).
      • hmacHash

        protected void hmacHash​(org.bouncycastle.crypto.Digest digest,
                                byte[] secret,
                                int secretOff,
                                int secretLen,
                                byte[] seed,
                                byte[] output)
      • prf

        protected byte[] prf​(int prfAlgorithm,
                             java.lang.String label,
                             byte[] seed,
                             int length)
      • prf_SSL

        protected byte[] prf_SSL​(byte[] seed,
                                 int length)
      • prf_1_0

        protected byte[] prf_1_0​(byte[] labelSeed,
                                 int length)
      • prf_1_2

        protected byte[] prf_1_2​(int prfAlgorithm,
                                 byte[] labelSeed,
                                 int length)