Package org.bouncycastle.tls.crypto
Interface TlsSecret
-
- All Known Implementing Classes:
AbstractTlsSecret
,BcTlsSecret
,JceTlsSecret
public interface TlsSecret
Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description TlsSecret
deriveUsingPRF(int prfAlgorithm, java.lang.String label, byte[] seed, int length)
Return a new secret based on applying a PRF to this one.void
destroy()
Destroy the internal state of the secret.byte[]
encrypt(TlsCertificate certificate)
Return an encrypted copy of the data this secret is based on.byte[]
extract()
Return the internal data from this secret.TlsSecret
hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)
RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').TlsSecret
hkdfExtract(int cryptoHashAlgorithm, byte[] ikm)
RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.boolean
isAlive()
-
-
-
Method Detail
-
deriveUsingPRF
TlsSecret deriveUsingPRF(int prfAlgorithm, java.lang.String label, byte[] seed, int length)
Return a new secret based on applying a PRF to this one.- Parameters:
prfAlgorithm
- PRF algorithm to use.label
- the label details.seed
- the seed details.length
- the size (in bytes) of the secret to generate.- Returns:
- the new secret.
-
destroy
void destroy()
Destroy the internal state of the secret. After this call, any attempt to use theTlsSecret
will result in anIllegalStateException
being thrown.
-
encrypt
byte[] encrypt(TlsCertificate certificate) throws java.io.IOException
Return an encrypted copy of the data this secret is based on.- Parameters:
certificate
- the certificate containing the public key to use for protecting the internal data.- Returns:
- an encrypted copy of this secret's internal data.
- Throws:
java.io.IOException
-
extract
byte[] extract()
Return the internal data from this secret. TheTlsSecret
does not keep a copy of the data. After this call, any attempt to use theTlsSecret
will result in anIllegalStateException
being thrown.- Returns:
- the secret's internal data.
-
hkdfExpand
TlsSecret hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)
RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').- Parameters:
cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. SeeCryptoHashAlgorithm
for values.info
- optional context and application specific information (can be zero-length).length
- length of output keying material in octets.- Returns:
- output keying material (of 'length' octets).
-
hkdfExtract
TlsSecret hkdfExtract(int cryptoHashAlgorithm, byte[] ikm)
RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. TheTlsSecret
does not keep a copy of the data. After this call, any attempt to use theTlsSecret
will result in anIllegalStateException
being thrown.- Parameters:
cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. SeeCryptoHashAlgorithm
for values.ikm
- input keying material.- Returns:
- a pseudo-random key (of HashLen octets).
-
isAlive
boolean isAlive()
-
-