Package com.ongres.scram.common
Class CryptoUtil
- java.lang.Object
-
- com.ongres.scram.common.CryptoUtil
-
final class CryptoUtil extends java.lang.Object
Utility static methods for cryptography related tasks.
-
-
Constructor Summary
Constructors Modifier Constructor Description private
CryptoUtil()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description (package private) static byte[]
hi(javax.crypto.SecretKeyFactory secretKeyFactory, int keyLength, char[] password, byte[] salt, int iterationCount)
Compute the "Hi" function for SCRAM.(package private) static byte[]
hmac(javax.crypto.spec.SecretKeySpec secretKeySpec, javax.crypto.Mac mac, byte[] message)
Computes the HMAC of a given message.(package private) static byte @NotNull []
salt(int saltSize, @NotNull java.security.SecureRandom random)
Generates a random salt.(package private) static byte @NotNull []
xor(byte @NotNull [] value1, byte @NotNull [] value2)
Computes a byte-by-byte xor operation.
-
-
-
Method Detail
-
hi
static byte[] hi(javax.crypto.SecretKeyFactory secretKeyFactory, int keyLength, char[] password, byte[] salt, int iterationCount)
Compute the "Hi" function for SCRAM.Hi(str, salt, i): U1 := HMAC(str, salt + INT(1)) U2 := HMAC(str, U1) ... Ui-1 := HMAC(str, Ui-2) Ui := HMAC(str, Ui-1) Hi := U1 XOR U2 XOR ... XOR Ui where "i" is the iteration count, "+" is the string concatenation operator, and INT(g) is a 4-octet encoding of the integer g, most significant octet first. Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the pseudorandom function (PRF) and with dkLen == output length of HMAC() == output length of H().
- Parameters:
secretKeyFactory
- The SecretKeyFactory to generate the SecretKeykeyLength
- The length of the key (in bits)password
- The char array to compute the Hi functionsalt
- The saltiterationCount
- The number of iterations- Returns:
- The bytes of the computed Hi value
- Throws:
ScramRuntimeException
- if unsupported PBEKeySpec
-
hmac
static byte[] hmac(javax.crypto.spec.SecretKeySpec secretKeySpec, javax.crypto.Mac mac, byte[] message)
Computes the HMAC of a given message.HMAC(key, str): Apply the HMAC keyed hash algorithm (defined in [RFC2104]) using the octet string represented by "key" as the key and the octet string "str" as the input string. The size of the result is the hash result size for the hash function in use. For example, it is 20 octets for SHA-1 (see [RFC3174]).
- Parameters:
secretKeySpec
- A key of the given algorithmmac
- A MAC instance of the given algorithmmessage
- The message to compute the HMAC- Returns:
- The bytes of the computed HMAC value
- Throws:
ScramRuntimeException
- unsupported key for HMAC algorithm
-
xor
static byte @NotNull [] xor(byte @NotNull [] value1, byte @NotNull [] value2)
Computes a byte-by-byte xor operation.XOR: Apply the exclusive-or operation to combine the octet string on the left of this operator with the octet string on the right of this operator. The length of the output and each of the two inputs will be the same for this use.
- Parameters:
value1
- first value to apply xorvalue2
- second value to apply xor- Returns:
- xor operation
-
salt
static byte @NotNull [] salt(int saltSize, @NotNull @NotNull java.security.SecureRandom random)
Generates a random salt. Normally the output is encoded to Base64.- Parameters:
saltSize
- The length of the salt, in bytesrandom
- The SecureRandom to use- Returns:
- The bye[] representing the salt
- Throws:
java.lang.IllegalArgumentException
- if the saltSize is not positive, or if random is null
-
-