org.bouncycastle.crypto.generators
Class HKDFBytesGenerator

java.lang.Object
  |
  +--org.bouncycastle.crypto.generators.HKDFBytesGenerator

All Implemented Interfaces:

DerivationFunction

public class HKDFBytesGenerator

extends java.lang.Object

implements DerivationFunction

HMAC-based Extract-and-Expand Key Derivation Function (HKDF) implemented according to IETF RFC 5869, May 2010 as specified by H. Krawczyk, IBM Research & P. Eronen, Nokia. It uses a HMac internally to compute de OKM (output keying material) and is likely to have better security properties than KDF's based on just a hash function.

Constructor Summary

HKDFBytesGenerator(Digest hash)
Creates a HKDFBytesGenerator based on the given hash function.

Method Summary

byte[]	extractPRK(byte[] salt, byte[] ikm) Performs the extract part of the key derivation function.
int	generateBytes(byte[] out, int outOff, int len)
Digest	getDigest()
void	init(DerivationParameters param)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

HKDFBytesGenerator

public HKDFBytesGenerator(Digest hash)

Creates a HKDFBytesGenerator based on the given hash function.

Parameters:

hash - the digest to be used as the source of generatedBytes bytes

Method Detail

init

public void init(DerivationParameters param)

Specified by:

init in interface DerivationFunction

extractPRK

public byte[] extractPRK(byte[] salt,
                         byte[] ikm)

Performs the extract part of the key derivation function.

Parameters:

salt - the salt to use

ikm - the input keying material

Returns:

the PRK as KeyParameter

getDigest

public Digest getDigest()

generateBytes

public int generateBytes(byte[] out,
                         int outOff,
                         int len)
                  throws DataLengthException,
                         java.lang.IllegalArgumentException

Specified by:

generateBytes in interface DerivationFunction