public interface TlsSecret
Modifier and Type | Method and Description |
---|---|
byte[] |
calculateHMAC(int cryptoHashAlgorithm,
byte[] buf,
int off,
int len)
Calculate an HMAC with this secret's data as the key.
|
TlsSecret |
deriveUsingPRF(int prfAlgorithm,
java.lang.String label,
byte[] seed,
int length)
Return a new secret based on applying a PRF to this one.
|
void |
destroy()
Destroy the internal state of the secret.
|
byte[] |
encrypt(TlsEncryptor encryptor)
Return an encrypted copy of the data this secret is based on.
|
byte[] |
extract()
Return the internal data from this secret.
|
TlsSecret |
hkdfExpand(int cryptoHashAlgorithm,
byte[] info,
int length)
RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').
|
TlsSecret |
hkdfExtract(int cryptoHashAlgorithm,
TlsSecret ikm)
RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.
|
boolean |
isAlive() |
byte[] calculateHMAC(int cryptoHashAlgorithm, byte[] buf, int off, int len)
cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm
for values.buf
- array containing the input data.off
- offset into the input array the input starts at.len
- the length of the input data.TlsSecret deriveUsingPRF(int prfAlgorithm, java.lang.String label, byte[] seed, int length)
prfAlgorithm
- PRF algorithm to use.label
- the label details.seed
- the seed details.length
- the size (in bytes) of the secret to generate.void destroy()
TlsSecret
will result in an IllegalStateException
being thrown.byte[] encrypt(TlsEncryptor encryptor) throws java.io.IOException
encryptor
- the encryptor to use for protecting the internal data.java.io.IOException
byte[] extract()
TlsSecret
does not keep a copy of the
data. After this call, any attempt to use the TlsSecret
will result in an
IllegalStateException
being thrown.TlsSecret hkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)
cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm
for values.info
- optional context and application specific information (can be zero-length).length
- length of output keying material in octets.TlsSecret hkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm)
TlsSecret
does not keep a copy of the data. After this call, any attempt to use the TlsSecret
will result in an IllegalStateException
being thrown.cryptoHashAlgorithm
- the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm
for values.ikm
- input keying material.boolean isAlive()