com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.internal

Class Hkdf

java.lang.Object

com.amazonaws.services.dynamodbv2.datamodeling.sdkv2.internal.Hkdf

public final class Hkdf
extends java.lang.Object

HMAC-based Key Derivation Function.

See Also:

RFC 5869

Method Summary

Modifier and Type	Method and Description
byte[]	deriveKey(byte[] info, int length) Returns a pseudorandom key of length bytes.
byte[]	deriveKey(java.lang.String info, int length) Returns a pseudorandom key of length bytes.
static Hkdf	getInstance(java.lang.String algorithm) Returns an Hkdf object using the specified algorithm.
static Hkdf	getInstance(java.lang.String algorithm, java.security.Provider provider) Returns an Hkdf object using the specified algorithm.
static Hkdf	getInstance(java.lang.String algorithm, java.lang.String provider) Returns an Hkdf object using the specified algorithm.
void	init(byte[] ikm) Initializes this Hkdf with input keying material.
void	init(byte[] ikm, byte[] salt) Initializes this Hkdf with input keying material and a salt.
void	unsafeInitWithoutKeyExtraction(javax.crypto.SecretKey rawKey) Initializes this Hkdf to use the provided key directly for creation of new keys.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static Hkdf getInstance(java.lang.String algorithm)
                        throws java.security.NoSuchAlgorithmException

Returns an Hkdf object using the specified algorithm.

Parameters:

algorithm - the standard name of the requested MAC algorithm. See the Mac section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

Returns:

the new Hkdf object

Throws:

java.security.NoSuchAlgorithmException - if no Provider supports a MacSpi implementation for the specified algorithm.

getInstance

public static Hkdf getInstance(java.lang.String algorithm,
                               java.lang.String provider)
                        throws java.security.NoSuchAlgorithmException,
                               java.security.NoSuchProviderException

Returns an Hkdf object using the specified algorithm.

Parameters:

algorithm - the standard name of the requested MAC algorithm. See the Mac section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

provider - the name of the provider

Returns:

the new Hkdf object

Throws:

java.security.NoSuchAlgorithmException - if a MacSpi implementation for the specified algorithm is not available from the specified provider.

java.security.NoSuchProviderException - if the specified provider is not registered in the security provider list.

getInstance

public static Hkdf getInstance(java.lang.String algorithm,
                               java.security.Provider provider)
                        throws java.security.NoSuchAlgorithmException

Returns an Hkdf object using the specified algorithm.

Parameters:

algorithm - the standard name of the requested MAC algorithm. See the Mac section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

provider - the provider

Returns:

the new Hkdf object

Throws:

java.security.NoSuchAlgorithmException - if a MacSpi implementation for the specified algorithm is not available from the specified provider.

init

public void init(byte[] ikm)

Initializes this Hkdf with input keying material. A default salt of HashLen zeros will be used (where HashLen is the length of the return value of the supplied algorithm).

Parameters:

ikm - the Input Keying Material

init

public void init(byte[] ikm,
                 byte[] salt)

Initializes this Hkdf with input keying material and a salt. If salt is null or of length 0, then a default salt of HashLen zeros will be used (where HashLen is the length of the return value of the supplied algorithm).

Parameters:

salt - the salt used for key extraction (optional)

ikm - the Input Keying Material

unsafeInitWithoutKeyExtraction

public void unsafeInitWithoutKeyExtraction(javax.crypto.SecretKey rawKey)
                                    throws java.security.InvalidKeyException

Initializes this Hkdf to use the provided key directly for creation of new keys. If rawKey is not securely generated and uniformly distributed over the total key-space, then this will result in an insecure key derivation function (KDF). DO NOT USE THIS UNLESS YOU ARE ABSOLUTELY POSITIVE THIS IS THE CORRECT THING TO DO.

Parameters:

rawKey - the pseudorandom key directly used to derive keys

Throws:

java.security.InvalidKeyException - if the algorithm for rawKey does not match the algorithm this Hkdf was created with

deriveKey

public byte[] deriveKey(java.lang.String info,
                        int length)
                 throws java.lang.IllegalStateException

Returns a pseudorandom key of length bytes.

Parameters:

info - optional context and application specific information (can be a zero-length string). This will be treated as UTF-8.

length - the length of the output key in bytes

Returns:

a pseudorandom key of length bytes.

Throws:

java.lang.IllegalStateException - if this object has not been initialized

deriveKey

public byte[] deriveKey(byte[] info,
                        int length)
                 throws java.lang.IllegalStateException

Returns a pseudorandom key of length bytes.

Parameters:

info - optional context and application specific information (can be a zero-length array).

length - the length of the output key in bytes

Returns:

a pseudorandom key of length bytes.

Throws:

java.lang.IllegalStateException - if this object has not been initialized