javax.crypto.KeyDerivation ========================== /** * This class provides the functionality of a key derivation algorithm for the * Java Cryptographic Extension (JCE) framework. * * {@code KeyDerivation} objects will be instantiated and initialized * through the {@code getInstance} family of methods. Any algorithm parameters, * including secret values must be provided through those methods. * * Keys may be derived singly or in a batch through the {@code deriveKey} and * {@code deriveKeys} methods, respectively. Algorithms that support multiple * output keys from a single set of parameters can support repeated calls to * {@code deriveKey} and/or {@code deriveKeys}. Algorithms intended for * single-key derivations may throw {@code IllegalStateException}. */ public class KeyDerivation { /** * Creates an instance of the {@code KeyDerivation} object. * * @param algorithm the key derivation algorithm to use * @param params parameters used to initialize the algorithm selected * * @return a {@code KeyDerivation} object * * @throws NoSuchAlgorithmException if no {@code Provider} supports a * {@code KeyDerivationSpi} implementation for the * specified algorithm. * @throws InvalidParameterSpecException if the * {@code AlgorithmParameterSpec} passed in contains invalid * data or is an incorrect type for the selected algorithm. */ public static final KeyDerivation getInstance(String algorithm, AlgorithmParameterSpec params) throws NoSuchAlgorithmException, InvalidParameterSpecException; /** * Creates an instance of the {@code KeyDerivation} object on a specific * {@code Provider}. * * @param algorithm the key derivation algorithm to use * @param provider the provider to use for this key derivation * @param params parameters used to initialize the algorithm selected * * @return a {@code KeyDerivation} object * * @throws NoSuchAlgorithmException if no {@code Provider} supports a * {@code KeyDerivationSpi} implementation for the * specified algorithm. * @throws NoSuchProviderException if the specified provider is not * registered in the security provider list. * @throws InvalidParameterSpecException if the * {@code AlgorithmParameterSpec} passed in contains invalid * data or is an incorrect type for the selected algorithm. */ public static final KeyDerivation getInstance(String algorithm, String provider, AlgorithmParameterSpec params) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidParameterSpecException; /** * Creates an instance of the {@code KeyDerivation} object using a * supplied {@code Provider} instance. * * @param algorithm the key derivation algorithm to use * @param provider the provider * @param params parameters used to initialize the algorithm selected * * @return a {@code KeyDerivation} object * * @throws NoSuchAlgorithmException if no {@code Provider} supports a * {@code KeyDerivationSpi} implementation for the * specified algorithm. * @throws InvalidParameterSpecException if the * {@code AlgorithmParameterSpec} passed in contains invalid * data or is an incorrect type for the selected algorithm. */ public static final KeyDerivation getInstance(String algorithm, Provider provider, AlgorithmParameterSpec params) throws NoSuchAlgorithmException, InvalidParameterSpecException; /** * Returns the algorithm name of this {@code KeyDerivation} object. * *
This is the same name that was specified in one of the
* {@code getInstance} calls that created this
* {@code KeyDerivation} object.
*
* @return the algorithm name of this {@code KeyDerivation} object.
*/
public final String getAlgorithm();
/**
* Returns the provider of this {@code KeyDerivation} object.
*
* @return the provider of this {@code KeyDerivation} object.
*/
public final Provider getProvider();
/**
* Derive a key, returned as a {@code SecretKey}.
*
* This method may be called multiple times, depending on if the algorithm
* and provider supports it. Subsequent calls after the first will return
* key objects with values as if all keys were generated together using
* the {@code deriveKeys} method. Those algorithms or providers not
* supporting multiple output keys from a single set of inputs will
* throw {@code IllegalStateException} after the first call successfully
* returns.
*
* @param params any algorithm parameters specific to the key being
* derived, if required
*
* @return a {@code SecretKey} containing the key
*
* @throws InvalidParameterSpecException if the information contained
* within the {@code DerivedKeyParameterSpec} is invalid or incorrect
* for the type of key to be derived.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveKey} after the
* first.
* @throws NullPointerException if the {@code params} parameters are
* {@code null}.
*/
public SecretKey deriveKey(DerivedKeyParameterSpec params)
throws InvalidParameterSpecException;
/**
* Derive one or more {@code SecretKey} objects.
*
* This method may be called multiple times, depending on if the algorithm
* and provider supports it. Subsequent calls after the first will return
* additional key objects with values as if the key derivation function
* resumed generation of key material from its last known state. Those
* algorithms or providers not supporting multiple {@code deriveKeys} calls
* from a single set of inputs will throw {@code IllegalStateException}
* after the first call successfully returns.
*
* @param params a {@code List} of {@code DerivedKeyParameterSpec} objects,
* in the desired order the caller wishes the keys to be returned.
*
* @return an unmodifiable {@code List} consisting of one or more
* {@code SecretKey} objects, in the same order as the requested
* objects in the {@code params} parameter.
*
* @throws InvalidParameterSpecException if the information contained
* within any of the {@code DerivedKeyParameterSpec} objects is
* incorrect for the derived key type.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveKey} after the
* first.
* @throws NullPointerException if the {@code params} field is null
* or any elements within are {@code null}.
*/
public ListKeyDerivation
class.
*
* All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation
* of a particular key derivation algorithm.
*/
public abstract class KeyDerivationSpi {
/**
* Initializes the key derivation object with a secret
* key and algorithm parameters.
*
* @param params the algorithm parameters
*
* @throws InvalidKeyException if the given key is inappropriate for
* initializing this key derivation algorithm.
* @throws InvalidParameterSpecException if the given algorithm
* parameters are inappropriate for this key derivation algorithm.
*/
protected abstract void engineInit(AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidParameterSpecException;
/**
* Derive one or more {@code SecretKey} objects using a specified
* algorithm and parameters.
*
* @param params a {@code List} of key-specific parameters. There should
* be one {@code DerivedKeyParameterSpec} object in the list for
* each secret key to be derived by the selected KDF implementation.
*
* @return a {@code List} of {@code SecretKey} objects containing key
* material derived from the {@code KeyDerivation} implementation.
* Returned {@code SecretKey} objects will be in the same order
* as their matching {@code DerivedKeyParameterSpec} objects in the
* {@code params} parameter.
*
* @throws InvalidParameterSpecException if the given key-specific
* parameters are inappropriate for this derived key type.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveKey} after the
* first.
* @throws NullPointerException if either {@code params} is null, or any
* entry in the {@code params} list is null
*/
protected abstract List