Package org.bouncycastle.tls.crypto.impl.bc

Class BcTlsSecret

  • All Implemented Interfaces:
    TlsSecret
    public class BcTlsSecret
extends AbstractTlsSecret
    BC light-weight support class for handling TLS secrets and deriving key material and other secrets from them.

    • Constructor Detail

      • BcTlsSecret

        public BcTlsSecret​(BcTlsCrypto crypto,
                   byte[] data)

    • Method Detail

      • deriveUsingPRF

        public TlsSecret deriveUsingPRF​(int prfAlgorithm,
                                java.lang.String label,
                                byte[] seed,
                                int length)
        Description copied from interface: TlsSecret
        Return a new secret based on applying a PRF to this one.
        Parameters:
        prfAlgorithm - PRF algorithm to use.
        label - the label details.
        seed - the seed details.
        length - the size (in bytes) of the secret to generate.
        Returns:
        the new secret.

      • hkdfExpand

        public TlsSecret hkdfExpand​(int cryptoHashAlgorithm,
                            byte[] info,
                            int length)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        info - optional context and application specific information (can be zero-length).
        length - length of output keying material in octets.
        Returns:
        output keying material (of 'length' octets).

      • hkdfExtract

        public TlsSecret hkdfExtract​(int cryptoHashAlgorithm,
                             TlsSecret ikm)
        Description copied from interface: TlsSecret
        RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
        Parameters:
        cryptoHashAlgorithm - the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.
        ikm - input keying material.
        Returns:
        a pseudo-random key (of HashLen octets).

      • hmacHash

        protected void hmacHash​(org.bouncycastle.crypto.Digest digest,
                        byte[] secret,
                        int secretOff,
                        int secretLen,
                        byte[] seed,
                        byte[] output)

      • prf

        protected byte[] prf​(int prfAlgorithm,
                     java.lang.String label,
                     byte[] seed,
                     int length)

      • prf_SSL

        protected byte[] prf_SSL​(byte[] seed,
                         int length)

      • prf_1_0

        protected byte[] prf_1_0​(byte[] labelSeed,
                         int length)

      • prf_1_2

        protected byte[] prf_1_2​(int prfAlgorithm,
                         byte[] labelSeed,
                         int length)

      • updateMac

        protected void updateMac​(org.bouncycastle.crypto.Mac mac)