Package org.bouncycastle.tls.crypto

Interface TlsSecret

All Known Implementing Classes:
AbstractTlsSecret, BcTlsSecret, JceTlsSecret
public interface TlsSecret
Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    calculateHMAC(int cryptoHashAlgorithm, byte[] buf, int off, int len)
    Calculate an HMAC with this secret's data as the key.
    TlsSecret
    deriveUsingPRF(int prfAlgorithm, String label, byte[] seed, int length)
    Return a new secret based on applying a PRF to this one.
    void
    destroy()
    Destroy the internal state of the secret.
    byte[]
    encrypt(TlsEncryptor encryptor)
    Return an encrypted copy of the data this secret is based on.
    byte[]
    extract()
    Return the internal data from this secret.
    TlsSecret
    hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)
    RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
    TlsSecret
    hkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm)
    RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
    boolean
    isAlive()
     

  • Method Details

    • calculateHMAC

      byte[] calculateHMAC(int cryptoHashAlgorithm, byte[] buf, int off, int len)
      Calculate an HMAC with this secret's data as the key.
      Parameters:
      cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
      buf - array containing the input data.
      off - offset into the input array the input starts at.
      len - the length of the input data.
      Returns:

    • deriveUsingPRF

      TlsSecret deriveUsingPRF(int prfAlgorithm, String label, byte[] seed, int length)
      Return a new secret based on applying a PRF to this one.
      Parameters:
      prfAlgorithm - PRF algorithm to use.
      label - the label details.
      seed - the seed details.
      length - the size (in bytes) of the secret to generate.
      Returns:
      the new secret.

    • destroy

      void destroy()
      Destroy the internal state of the secret. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.

    • encrypt

      byte[] encrypt(TlsEncryptor encryptor) throws IOException
      Return an encrypted copy of the data this secret is based on.
      Parameters:
      encryptor - the encryptor to use for protecting the internal data.
      Returns:
      an encrypted copy of this secret's internal data.
      Throws:
      IOException

    • extract

      byte[] extract()
      Return the internal data from this secret. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
      Returns:
      the secret's internal data.

    • hkdfExpand

      TlsSecret hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)
      RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
      Parameters:
      cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
      info - optional context and application specific information (can be zero-length).
      length - length of output keying material in octets.
      Returns:
      output keying material (of 'length' octets).

    • hkdfExtract

      TlsSecret hkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm)
      RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
      Parameters:
      cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
      ikm - input keying material.
      Returns:
      a pseudo-random key (of HashLen octets).

    • isAlive

      boolean isAlive()