Class CryptoUtil


  • final class CryptoUtil
    extends java.lang.Object
    Utility static methods for cryptography related tasks.
    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private CryptoUtil()  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      (package private) static byte[] hi​(javax.crypto.SecretKeyFactory secretKeyFactory, int keyLength, char[] password, byte[] salt, int iterationCount)
      Compute the "Hi" function for SCRAM.
      (package private) static byte[] hmac​(javax.crypto.spec.SecretKeySpec secretKeySpec, javax.crypto.Mac mac, byte[] message)
      Computes the HMAC of a given message.
      (package private) static byte @NotNull [] salt​(int saltSize, @NotNull java.security.SecureRandom random)
      Generates a random salt.
      (package private) static byte @NotNull [] xor​(byte @NotNull [] value1, byte @NotNull [] value2)
      Computes a byte-by-byte xor operation.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CryptoUtil

        private CryptoUtil()
    • Method Detail

      • hi

        static byte[] hi​(javax.crypto.SecretKeyFactory secretKeyFactory,
                         int keyLength,
                         char[] password,
                         byte[] salt,
                         int iterationCount)
        Compute the "Hi" function for SCRAM. Hi(str, salt, i): U1 := HMAC(str, salt + INT(1)) U2 := HMAC(str, U1) ... Ui-1 := HMAC(str, Ui-2) Ui := HMAC(str, Ui-1) Hi := U1 XOR U2 XOR ... XOR Ui where "i" is the iteration count, "+" is the string concatenation operator, and INT(g) is a 4-octet encoding of the integer g, most significant octet first. Hi() is, essentially, PBKDF2 [RFC2898] with HMAC() as the pseudorandom function (PRF) and with dkLen == output length of HMAC() == output length of H().
        Parameters:
        secretKeyFactory - The SecretKeyFactory to generate the SecretKey
        keyLength - The length of the key (in bits)
        password - The char array to compute the Hi function
        salt - The salt
        iterationCount - The number of iterations
        Returns:
        The bytes of the computed Hi value
        Throws:
        ScramRuntimeException - if unsupported PBEKeySpec
      • hmac

        static byte[] hmac​(javax.crypto.spec.SecretKeySpec secretKeySpec,
                           javax.crypto.Mac mac,
                           byte[] message)
        Computes the HMAC of a given message. HMAC(key, str): Apply the HMAC keyed hash algorithm (defined in [RFC2104]) using the octet string represented by "key" as the key and the octet string "str" as the input string. The size of the result is the hash result size for the hash function in use. For example, it is 20 octets for SHA-1 (see [RFC3174]).
        Parameters:
        secretKeySpec - A key of the given algorithm
        mac - A MAC instance of the given algorithm
        message - The message to compute the HMAC
        Returns:
        The bytes of the computed HMAC value
        Throws:
        ScramRuntimeException - unsupported key for HMAC algorithm
      • xor

        static byte @NotNull [] xor​(byte @NotNull [] value1,
                                    byte @NotNull [] value2)
        Computes a byte-by-byte xor operation. XOR: Apply the exclusive-or operation to combine the octet string on the left of this operator with the octet string on the right of this operator. The length of the output and each of the two inputs will be the same for this use.
        Parameters:
        value1 - first value to apply xor
        value2 - second value to apply xor
        Returns:
        xor operation
      • salt

        static byte @NotNull [] salt​(int saltSize,
                                     @NotNull
                                     @NotNull java.security.SecureRandom random)
        Generates a random salt. Normally the output is encoded to Base64.
        Parameters:
        saltSize - The length of the salt, in bytes
        random - The SecureRandom to use
        Returns:
        The bye[] representing the salt
        Throws:
        java.lang.IllegalArgumentException - if the saltSize is not positive, or if random is null