javax.crypto.KeyDerivation ========================== /** * This class provides the functionality of a key derivation algorithm for the * Java Cryptographic Extension (JCE) framework. * * {@code KeyDerivation} objects will be instantiated * through the {@code getInstance} family of methods. * Input keying material, algorithm parameters, and the desired types and * lengths of output are provided through the {@code init} method, which * must be called before key derivation can begin. * * Keys may be derived singly or in a batch through the {@code deriveKey} and * {@code deriveKeys} methods, respectively. Algorithms that support multiple * output keys from a single set of parameters can support repeated calls to * {@code deriveKey} and/or {@code deriveKeys}. Algorithms intended for * single-key derivations may throw {@code IllegalStateException}. */ public class KeyDerivation { /** * Returns the algorithm name of this {@code KeyDerivation} object. * *
This is the same name that was specified in one of the
* {@code getInstance} calls that created this
* {@code KeyDerivation} object.
*
* @return the algorithm name of this {@code KeyDerivation} object.
*/
public final String getAlgorithm();
/**
* Returns the provider of this {@code KeyDerivation} object.
*
* @return the provider of this {@code KeyDerivation} object.
*/
public final Provider getProvider();
/**
* Creates an instance of the {@code KeyDerivation} object.
*
* @param algorithm the key derivation algorithm to use
*
* @return a {@code KeyDerivation} object
*
* @throws NoSuchAlgorithmException if no {@code Provider} supports a
* {@code KeyDerivationSpi} implementation for the
* specified algorithm.
*/
public static final KeyDerivation getInstance(String algorithm)
throws NoSuchAlgorithmException;
/**
* Creates an instance of the {@code KeyDerivation} object on a specific
* {@code Provider}.
*
* @param algorithm the key derivation algorithm to use
* @param provider the provider to use for this key derivation
*
* @return a {@code KeyDerivation} object
*
* @throws NoSuchAlgorithmException if no {@code Provider} supports a
* {@code KeyDerivationSpi} implementation for the
* specified algorithm.
* @throws NoSuchProviderException if the specified provider is not
* registered in the security provider list.
*/
public static final KeyDerivation getInstance(String algorithm,
String provider) throws NoSuchAlgorithmException,
NoSuchProviderException;
/**
* Creates an instance of the {@code KeyDerivation} object using a
* supplied {@code Provider} instance.
*
* @param algorithm the key derivation algorithm to use
* @param provider the provider
*
* @return a {@code KeyDerivation} object
*
* @throws NoSuchAlgorithmException if no {@code Provider} supports a
* {@code KeyDerivationSpi} implementation for the
* specified algorithm.
*/
public static final KeyDerivation getInstance(String algorithm,
Provider provider) throws NoSuchAlgorithmException;
/**
* Initializes the {@code KeyDerivation} object. The {@code init} method
* must be called prior to calling any of the derivation methods.
* Subsequent calls to {@code init} may be performed, allowing the caller
* to restart the key derivation process using different input keys,
* KDF parameters and/or derived output parameters.
*
* @param secretKey the input keying material
* @param kdfParams the parameters for the key derivation function
* @param deriveParams a {@code List} of one or more
* {@code DerivationParameterSpec} objects detailing the
* characteristics for the output keys, data, and/or objects from
* this key derivation function.
*
* @throws InvalidKeyException if the given key is inappropriate for
* initializing this MAC
* @throws InvalidParameterSpecException if the
* {@code AlgorithmParameterSpec} passed in contains invalid
* data or is an incorrect type for the selected algorithm. This
* exception will also be thrown if the list of
* {@code DerivationParameterSpec} objects contains invalid data.
*/
public void init(SecretKey secretKey, AlgorithmParameterSpec kdfParams,
List
*
*
* @param num the number of requested keys to be returned
*
* @return an unmodifiable {@code List} consisting of one or more
* {@code Key} objects, in the same order as the requested
* keys in the {@code deriveParams} parameter. Depending on the
* number, type and ordering of the {@code DerivationParameterSpec}
* objects in the {@code deriveParams} list, the returned list may
* have fewer {@code Key} objects than were requested.
*
* @throws InvalidParameterSpecException if the information contained
* within any of the {@code DerivationParameterSpec} objects is
* incorrect for the derived key type.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveKey} after the
* first. This exception will also be thrown if the next unprocessed
* {@code DerivationParameterSpec} is of a non-key output type.
*/
public List
* {@code ClassName(byte[] data, int length);}
*
*
* For this method to succeed, the current {@code DerivationParameterSpec}
* must be created with the {@code Class} form of the constructor.
* Attempting to call this method
* using {@code DerivationParameterSpec} objects of any other type will
* cause an {@code InvalidParameterSpecException} to be thrown.
*
* @return an Object built from the key derivation output. The number of
* bytes used to build the Object is determined by the {@code length}
* field in the {@code DerivationParameterSpec}.
*
* @throws InvalidParameterSpecException if the
* {@code DerivationParameterSpec} being applied to this method
* was not designed to output an Object.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveObject} or if
* all {@code DerivationParameterSpec} objects have been processed.
*/
public Object deriveObject() throws InvalidParameterSpecException;
}
javax.crypto.KeyDerivationSpi
=============================
/**
* This class defines the Service Provider Interface (SPI)
* for the KeyDerivation
class.
*
* All the abstract methods in this class must be implemented by each
* cryptographic service provider who wishes to supply the implementation
* of a particular key derivation algorithm.
*/
public abstract class KeyDerivationSpi {
/**
* Initializes the key derivation object with a secret
* key and algorithm parameters.
*
* @param secretKey the input keying material
* @param kdfParams the parameters for the key derivation function
* @param deriveParams a {@code List} of one or more
* {@code DerivationParameterSpec} objects detailing the
* characteristics for the output keys, data, and/or objects from
* this key derivation function.
*
* @throws InvalidKeyException if the given key is inappropriate for
* initializing this key derivation algorithm.
* @throws InvalidParameterSpecException if the given algorithm
* parameters or derivation parameters are inappropriate for this key
* derivation algorithm.
*/
protected abstract void engineInit(SecretKey secretKey,
AlgorithmParameterSpec kdfParams,
List
*
*
* @param num the number of requested keys to be returned
*
* @return an unmodifiable {@code List} consisting of one or more
* {@code Key} objects, in the same order as the requested
* keys in the {@code deriveParams} parameter. Depending on the
* number, type and ordering of the {@code DerivationParameterSpec}
* objects in the {@code deriveParams} list, the returned list may
* have fewer {@code Key} objects than were requested.
*
* @throws InvalidParameterSpecException if the information contained
* within any of the {@code DerivationParameterSpec} objects is
* incorrect for the derived key type.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveKey} after the
* first. This exception will also be thrown if the next unprocessed
* {@code DerivationParameterSpec} is of a non-key output type.
*/
protected abstract List
* {@code ClassName(byte[] data, int length);}
*
*
* For this method to succeed, the current {@code DerivationParameterSpec}
* must be created with the {@code Class} form of the constructor.
* Attempting to call this method
* using {@code DerivationParameterSpec} objects of any other type will
* cause an {@code InvalidParameterSpecException} to be thrown.
*
* @return an Object built from the key derivation output. The number of
* bytes used to build the Object is determined by the {@code length}
* field in the {@code DerivationParameterSpec}.
*
* @throws InvalidParameterSpecException if the
* {@code DerivationParameterSpec} being applied to this method
* was not designed to output an Object.
* @throws IllegalStateException if the key derivation implementation
* cannot support additional calls to {@code deriveObject} or if
* all {@code DerivationParameterSpec} objects have been processed.
*/
protected abstract Object engineDeriveObject()
throws InvalidParameterSpecException;
}
java.security.spec.DerivationParameterSpec
==========================================
/**
* A specification of cryptographic parameters for keys derived from a
* Key Derivation Function (KDF). Key properties like algorithm name and
* key length, as well as provider-specific properties can be specified
* through this class. These can then be provided to {@code KeyDerivation}
* objects through the {@code deriveKey} and {@code deriveKeys} methods.
*/
public class DerivationParameterSpec {
/**
* Create a {@code DerivationParameterSpec} that has no key or
* provider-specific parameters.
*
* @param algorithm the algorithm assigned to the resulting key.
* @param length the length of the key in bytes.
*
* @throws IllegalArgumentException if the {@code algorithm} parameter
* is {@code null} or the {@code length} parameter is not a positive
* integer.
*/
public DerivationParameterSpec(String algorithm, int length);
/**
* Create a {@code DerivationParameterSpec} that has additional
* key or provider-specific parameters.
*
* @param algorithm the algorithm assigned to the resulting key.
* @param length the length of the key in bytes.
* @param params an {@code AlgorithmParameterSpec} implementation
* containing parameters specific to the key being derived. This parameter
* may be {@code null}.
*
* @throws NullPointerException if the {@code algorithm} parameter
* is {@code null}.
* @throws IllegalArgumentException if the {@code length} parameter is
* not a positive integer.
*/
public DerivationParameterSpec(String algorithm, int length,
AlgorithmParameterSpec params);
/**
* Create a {@code DerivationParameterSpec} designed to return an object
* when used with the {@code KeyDerivation.deriveObject} method.
*
* For a class to be successfully used with the {@code deriveObject} method
* the class must have a constructor of the form:
*
*
* {@code ClassName(byte[] data, int length);}
*
*
* @param clazz the desired return type from the derivation
* @param length the amount of data from the KDF used to instantiate this
* object.
* @param params an {@code AlgorithmParameterSpec} implementation
* containing additional parameters specific to the object being derived.
* This parameter may be {@code null}.
*/
public DerivationParameterSpec(Class> clazz, int length,
AlgorithmParameterSpec params)
/**
* Returns the algorithm name for this {@code DerivationParameterSpec}.
*
* @return the algorithm name or an empty string if the {@code Class}
* form of the constructor is used.
*/
public String getAlgorithm();
/**
* Obtains the length in bytes for this {@code DerivationParameterSpec}.
*
* @return the length in bytes.
*/
public int getLength();
/**
* Returns the desired output class from a {@code deriveObject} call.
*
* @return the {@code Class} of the desired return type or {@code null}
* if this {@code DerivationParameterSpec} was created using a
* constructor that does not specify the class.
*/
public Class getOutputClass();
/**
* Retrieve any parameters specific to the key being derived.
*
* @return an {@code AlgorithmParameterSpec} if one was provided during
* construction of this object, otherwise {@code null}.
*/
public AlgorithmParameterSpec getParameterSpec();
}