Class JceTlsSecret

  • All Implemented Interfaces:
    TlsSecret

    public class JceTlsSecret
    extends AbstractTlsSecret
    JCE support class for handling TLS secrets and deriving key material and other secrets from them.
    • Constructor Detail

      • JceTlsSecret

        public JceTlsSecret​(JcaTlsCrypto crypto,
                            byte[] data)
    • Method Detail

      • deriveUsingPRF

        public TlsSecret deriveUsingPRF​(int prfAlgorithm,
                                        java.lang.String label,
                                        byte[] seed,
                                        int length)
        Description copied from interface: TlsSecret
        Return a new secret based on applying a PRF to this one.
        Parameters:
        prfAlgorithm - PRF algorithm to use.
        label - the label details.
        seed - the seed details.
        length - the size (in bytes) of the secret to generate.
        Returns:
        the new secret.
      • hkdfExpand

        public TlsSecret hkdfExpand​(int cryptoHashAlgorithm,
                                    byte[] info,
                                    int length)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        info - optional context and application specific information (can be zero-length).
        length - length of output keying material in octets.
        Returns:
        output keying material (of 'length' octets).
      • hkdfExtract

        public TlsSecret hkdfExtract​(int cryptoHashAlgorithm,
                                     TlsSecret ikm)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        ikm - input keying material.
        Returns:
        a pseudo-random key (of HashLen octets).
      • hmacHash

        protected void hmacHash​(int cryptoHashAlgorithm,
                                byte[] secret,
                                int secretOff,
                                int secretLen,
                                byte[] seed,
                                byte[] output)
                         throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • prf

        protected byte[] prf​(int prfAlgorithm,
                             java.lang.String label,
                             byte[] seed,
                             int length)
                      throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • prf_SSL

        protected byte[] prf_SSL​(byte[] seed,
                                 int length)
                          throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • prf_1_0

        protected byte[] prf_1_0​(byte[] labelSeed,
                                 int length)
                          throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • prf_1_2

        protected byte[] prf_1_2​(int prfAlgorithm,
                                 byte[] labelSeed,
                                 int length)
                          throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • updateMac

        protected void updateMac​(javax.crypto.Mac mac)