Interface TlsSecret

  • All Known Implementing Classes:
    AbstractTlsSecret, BcTlsSecret, JceTlsSecret

    public interface TlsSecret
    Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.
    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      TlsCipher createCipher​(TlsCryptoParameters cryptoParams, int encryptionAlgorithm, int macAlgorithm)
      Create a cipher suite that matches the passed in encryption algorithm and mac algorithm.
      TlsSecret deriveUsingPRF​(int prfAlgorithm, java.lang.String label, byte[] seed, int length)
      Return a new secret based on applying a PRF to this one.
      void destroy()
      Destroy the internal state of the secret.
      byte[] encrypt​(TlsCertificate certificate)
      Return the an encrypted copy of the data this secret is based on.
      byte[] extract()
      Return the internal data from this secret.
      TlsSecret hkdfExpand​(short hashAlgorithm, byte[] info, int length)
      RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
      TlsSecret hkdfExtract​(short hashAlgorithm, byte[] ikm)
      RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
      boolean isAlive()  
    • Method Detail

      • deriveUsingPRF

        TlsSecret deriveUsingPRF​(int prfAlgorithm,
                                 java.lang.String label,
                                 byte[] seed,
                                 int length)
        Return a new secret based on applying a PRF to this one.
        Parameters:
        prfAlgorithm - PRF algorithm to use.
        label - the label details.
        seed - the seed details.
        length - the size (in bytes) of the secret to generate.
        Returns:
        the new secret.
      • createCipher

        TlsCipher createCipher​(TlsCryptoParameters cryptoParams,
                               int encryptionAlgorithm,
                               int macAlgorithm)
                        throws java.io.IOException
        Create a cipher suite that matches the passed in encryption algorithm and mac algorithm.

        See enumeration classes EncryptionAlgorithm, MACAlgorithm for appropriate argument values.

        Parameters:
        cryptoParams - context specific parameters.
        encryptionAlgorithm - the encryption algorithm to be employed by the cipher suite.
        macAlgorithm - the MAC algorithm to be employed by the cipher suite.
        Returns:
        a TlsCipherSuite supporting the encryption and mac algorithm.
        Throws:
        java.io.IOException
      • destroy

        void destroy()
        Destroy the internal state of the secret. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
      • encrypt

        byte[] encrypt​(TlsCertificate certificate)
                throws java.io.IOException
        Return the an encrypted copy of the data this secret is based on.
        Parameters:
        certificate - the certificate containing the public key to use for protecting the internal data.
        Returns:
        an encrypted copy of secret's internal data.
        Throws:
        java.io.IOException
      • extract

        byte[] extract()
        Return the internal data from this secret. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
        Returns:
        the secret's internal data.
      • hkdfExpand

        TlsSecret hkdfExpand​(short hashAlgorithm,
                             byte[] info,
                             int length)
        RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
        Parameters:
        hashAlgorithm - the hash algorithm to instantiate HMAC with. See HashAlgorithm for values.
        info - optional context and application specific information (can be zero-length).
        length - length of output keying material in octets.
        Returns:
        output keying material (of 'length' octets).
      • hkdfExtract

        TlsSecret hkdfExtract​(short hashAlgorithm,
                              byte[] ikm)
        RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'. The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an IllegalStateException being thrown.
        Parameters:
        hashAlgorithm - the hash algorithm to instantiate HMAC with. See HashAlgorithm for values.
        ikm - input keying material.
        Returns:
        a pseudo-random key (of HashLen octets).
      • isAlive

        boolean isAlive()