Package com.nimbusds.jose.crypto.impl
Class ConcatKDF
- java.lang.Object
-
- com.nimbusds.jose.crypto.impl.ConcatKDF
-
- All Implemented Interfaces:
JCAAware<JCAContext>
@ThreadSafe public class ConcatKDF extends Object implements JCAAware<JCAContext>
Concatenation Key Derivation Function (KDF). This class is thread-safe.See NIST.800-56A.
- Version:
- 2017-06-01
- Author:
- Vladimir Dzhuvinov
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static byte[]
composeOtherInfo(byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo)
Composes the other info asalgID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo
.static byte[]
composeOtherInfo(byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo, byte[] tag)
Composes the other info asalgID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo || tag
.static int
computeDigestCycles(int digestLengthBits, int keyLengthBits)
Computes the required digest (hashing) cycles for the specified message digest length and derived key length.SecretKey
deriveKey(SecretKey sharedSecret, int keyLengthBits, byte[] otherInfo)
Derives a key from the specified inputs.SecretKey
deriveKey(SecretKey sharedSecret, int keyLength, byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo)
Derives a key from the specified inputs.SecretKey
deriveKey(SecretKey sharedSecret, int keyLength, byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo, byte[] tag)
Derives a key from the specified inputs.static byte[]
encodeDataWithLength(byte[] data)
Encodes the specified data asdata.length || data
.static byte[]
encodeDataWithLength(Base64URL data)
Encodes the specified BASE64URL encoded datadata.length || data
.static byte[]
encodeIntData(int data)
Encodes the specified integer data as a four byte array.static byte[]
encodeNoData()
Encodes no / empty data as an empty byte array.static byte[]
encodeStringData(String data)
Encodes the specified string data asdata.length || data
.String
getHashAlgorithm()
Returns the JCA name of the hash algorithm.JCAContext
getJCAContext()
Returns the Java Cryptography Architecture (JCA) context.
-
-
-
Method Detail
-
getHashAlgorithm
public String getHashAlgorithm()
Returns the JCA name of the hash algorithm.- Returns:
- The JCA name of the hash algorithm.
-
getJCAContext
public JCAContext getJCAContext()
Description copied from interface:JCAAware
Returns the Java Cryptography Architecture (JCA) context. May be used to set a specific JCA security provider or secure random generator.- Specified by:
getJCAContext
in interfaceJCAAware<JCAContext>
- Returns:
- The JCA context. Not
null
.
-
deriveKey
public SecretKey deriveKey(SecretKey sharedSecret, int keyLengthBits, byte[] otherInfo) throws JOSEException
Derives a key from the specified inputs.- Parameters:
sharedSecret
- The shared secret. Must not benull
.keyLengthBits
- The length of the key to derive, in bits.otherInfo
- Other info,null
if not specified.- Returns:
- The derived key, with algorithm set to "AES".
- Throws:
JOSEException
- If the key derivation failed.
-
deriveKey
public SecretKey deriveKey(SecretKey sharedSecret, int keyLength, byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo) throws JOSEException
Derives a key from the specified inputs.- Parameters:
sharedSecret
- The shared secret. Must not benull
.keyLength
- The length of the key to derive, in bits.algID
- The algorithm identifier,null
if not specified.partyUInfo
- The partyUInfo,null
if not specified.partyVInfo
- The partyVInfonull
if not specified.suppPubInfo
- The suppPubInfo,null
if not specified.suppPrivInfo
- The suppPrivInfo,null
if not specified.- Returns:
- The derived key, with algorithm set to "AES".
- Throws:
JOSEException
- If the key derivation failed.
-
deriveKey
public SecretKey deriveKey(SecretKey sharedSecret, int keyLength, byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo, byte[] tag) throws JOSEException
Derives a key from the specified inputs.- Parameters:
sharedSecret
- The shared secret. Must not benull
.keyLength
- The length of the key to derive, in bits.algID
- The algorithm identifier,null
if not specified.partyUInfo
- The partyUInfo,null
if not specified.partyVInfo
- The partyVInfonull
if not specified.suppPubInfo
- The suppPubInfo,null
if not specified.suppPrivInfo
- The suppPrivInfo,null
if not specified.- Returns:
- The derived key, with algorithm set to "AES".
- Throws:
JOSEException
- If the key derivation failed.
-
composeOtherInfo
public static byte[] composeOtherInfo(byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo)
Composes the other info asalgID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo
.- Parameters:
algID
- The algorithm identifier,null
if not specified.partyUInfo
- The partyUInfo,null
if not specified.partyVInfo
- The partyVInfonull
if not specified.suppPubInfo
- The suppPubInfo,null
if not specified.suppPrivInfo
- The suppPrivInfo,null
if not specified.- Returns:
- The resulting other info.
-
composeOtherInfo
public static byte[] composeOtherInfo(byte[] algID, byte[] partyUInfo, byte[] partyVInfo, byte[] suppPubInfo, byte[] suppPrivInfo, byte[] tag)
Composes the other info asalgID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo || tag
.- Parameters:
algID
- The algorithm identifier,null
if not specified.partyUInfo
- The partyUInfo,null
if not specified.partyVInfo
- The partyVInfonull
if not specified.suppPubInfo
- The suppPubInfo,null
if not specified.suppPrivInfo
- The suppPrivInfo,null
if not specified.tag
- The cctag,null
if not specified.- Returns:
- The resulting other info.
-
computeDigestCycles
public static int computeDigestCycles(int digestLengthBits, int keyLengthBits)
Computes the required digest (hashing) cycles for the specified message digest length and derived key length.- Parameters:
digestLengthBits
- The length of the message digest, in bits.keyLengthBits
- The length of the derived key, in bits.- Returns:
- The digest cycles.
-
encodeNoData
public static byte[] encodeNoData()
Encodes no / empty data as an empty byte array.- Returns:
- The encoded data.
-
encodeIntData
public static byte[] encodeIntData(int data)
Encodes the specified integer data as a four byte array.- Parameters:
data
- The integer data to encode.- Returns:
- The encoded data.
-
encodeStringData
public static byte[] encodeStringData(String data)
Encodes the specified string data asdata.length || data
.- Parameters:
data
- The string data, UTF-8 encoded. May benull
.- Returns:
- The encoded data.
-
encodeDataWithLength
public static byte[] encodeDataWithLength(byte[] data)
Encodes the specified data asdata.length || data
.- Parameters:
data
- The data to encode, may benull
.- Returns:
- The encoded data.
-
encodeDataWithLength
public static byte[] encodeDataWithLength(Base64URL data)
Encodes the specified BASE64URL encoded datadata.length || data
.- Parameters:
data
- The data to encode, may benull
.- Returns:
- The encoded data.
-
-