|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
|
+--net.rim.device.api.crypto.AbstractPseudoRandomSource
|
+--net.rim.device.api.crypto.RFC2631KDFPseudoRandomSource
Implements the key derivation function (KDF) found in RFC 2631, which is based upon the KDF in X9.42. This KDF does not have a definite length and can be used to generate a variety of symmetric keys.
| Constructor Summary | ||
|
RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
int offset,
int length,
OID algorithm,
byte[] partyAInfo,
int derivedKeyLength)
Creates an RFC2631KDFPseudoRandomSource object with the specified parameters. |
|
|
RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
OID algorithm,
byte[] partyAInfo,
int derivedKeyLength)
Creates an RFC2631KDFPseudoRandomSource object with the specified parameters. |
|
| Method Summary | ||
|
String |
getAlgorithm()
Returns the name of this PseaudoRandomSource "RFC2631KDF". |
|
int |
getAvailable()
Returns the number of pseudo random bytes currently available. |
|
int |
getMaxAvailable()
Returns the maximum number of pseudo random bytes that this PRNG can produce. |
|
void |
xorBytes(byte[] buffer,
int offset,
int length)
Exclusive-OR's (xor) random bytes into the given buffer starting at the specified array offset. |
| Methods inherited from class net.rim.device.api.crypto.AbstractPseudoRandomSource |
getBytes, getBytes, getBytes, xorBytes, xorBytes, xorCopy, xorCopy |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface net.rim.device.api.crypto.PseudoRandomSource |
getBytes, getBytes, getBytes, xorBytes, xorBytes, xorCopy, xorCopy |
| Constructor Detail |
public RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
int offset,
int length,
OID algorithm,
byte[] partyAInfo,
int derivedKeyLength)
RFC2631KDFPseudoRandomSource object with the specified parameters.
The intended use of this PseudoRandomSource is in order to create a shared secret key. The javadocs make reference to that as an eventual use for the data. That does not restrict the use of this PseudoRandomSource, however.
Note: While there is no restriction on what OID you can pass into this constructor, the intention is that you would pass the OID representing a key wrap algorithm you wish to use. Please refer to RFC 2630 ( CMS ) for more information on the concept of key wrapping. Then, you would use the random bytes generated by this PseudoRandomSource, to create a KEK to use in wrapped the content key. You could, though, use whatever OID you wished.
For example, suppose you wished to wrap a content key, using a Triple DES key. You would use this PseudoRandomSource as follows
Assume sharedSecret has been set. We'll assume the optional parameter is null for clarity sake.
RFC2631KDFPseudoRandomSource source = new RFC2631KDFPseudoRandomSource( sharedSecret,
OIDs.getOID( OIDs.cmsIdAlgCMS3DESWrap ), null, 192 ); // the 192 is for the size of the Triple DES Key in bits
byte[] keyData = source.getBytes( TripleDESKey.LENGTH );
TripleDESKey key = new TripleDESKey( keyData );
... use key in your key wrap algorithm.
Some other useful OIDs you could use are OIDs.AES_128_KEY_WRAP ( and the other AES oids ),
OIDs.cmsIdAlgCMSRC2Wrap, etc..
sharedSecret - A byte array containing the secret shared between two parties.offset - The offset, or initial position of the shared secret data,
within the byte array.length - The number of bytes to use as shared secret data.algorithm - The object identifier (OID) of the key wrapping algorithm ( from CMS ) that the KEK,
generated by this class, will be used with. Any OID can be passed in, though. No check is done on it.partyAInfo - A byte array containing additional, optional information provided by the sender.
If this is included, it must be 512 bits (64 bytes) long. This parameter
can be null.derivedKeyLength - The length of the generated key in bits. This KDF does
not limit the available data to this length. However, the correct value should
be provided, since it is used in the generation of the key.
public RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
OID algorithm,
byte[] partyAInfo,
int derivedKeyLength)
RFC2631KDFPseudoRandomSource object with the specified parameters.
The intended use of this PseudoRandomSource is in order to create a shared secret key. The javadocs make reference to that as an eventual use for the data. That does not restrict the use of this PseudoRandomSource, however.
Note: While there is no restriction on what OID you can pass into this constructor, the intention is that you would pass the OID representing a key wrap algorithm you wish to use. Please refer to RFC 2630 ( CMS ) for more information on the concept of key wrapping. Then, you would use the random bytes generated by this PseudoRandomSource, to create a KEK to use in wrapped the content key. You could, though, use whatever OID you wished.
For example, suppose you wished to wrap a content key, using a Triple DES key. You would use this PseudoRandomSource as follows
Assume sharedSecret has been set. We'll assume the optional parameter is null for clarity sake.
RFC2631KDFPseudoRandomSource source = new RFC2631KDFPseudoRandomSource( sharedSecret,
OIDs.getOID( OIDs.cmsIdAlgCMS3DESWrap ), null, 192 ); // the 192 is for the size of the Triple DES Key in bits
byte[] keyData = source.getBytes( TripleDESKey.LENGTH );
TripleDESKey key = new TripleDESKey( keyData );
... use key in your key wrap algorithm.
Some other useful OIDs you could use are OIDs.AES_128_KEY_WRAP ( and the other AES oids ),
OIDs.cmsIdAlgCMSRC2Wrap, etc..
sharedSecret - A byte array containing the secret shared between two parties.algorithm - The object identifier (OID) of the key wrapping algorithm ( from CMS ) that the KEK,
generated by this class, will be used with. Any OID can be passed in, though. No check is done on it.partyAInfo - A byte array containing additional, optional information provided by the sender.
If this is included, it must be 512 bits (64 bytes) long. This parameter
can be null.derivedKeyLength - The length of the generated key in bits. This KDF does
not limit the available data to this length. However, the correct value should
be provided, since it is used in the generation of the key.| Method Detail |
public String getAlgorithm()
This method will always return the String "RFC2631KDF".
public int getAvailable()
PseudoRandomSource
For PRNG sources that have an indefinite length but implement
this interface, the value returned is Integer.MAX.
PseudoRandomSourceCryptoTokenException - Thrown when a problem occurs with a crypto token or the crypto token is invalid.public int getMaxAvailable()
PseudoRandomSource
For PRNG sources that have an indefinite length but implement
this interface, the value returned is Integer.MAX.
PseudoRandomSourceCryptoTokenException - Thrown when a problem occurs with a crypto token or the crypto token is invalid.
public void xorBytes(byte[] buffer,
int offset,
int length)
PseudoRandomSourcexorBytes in interface PseudoRandomSourcexorBytes in class AbstractPseudoRandomSource
PseudoRandomSourcebuffer - The buffer to xor the bytes into.offset - The starting offset, or initial bit position, of the data
within the buffer.length - The number of bytes to xor.IllegalStateException - if the available random bytes are exhausted.CryptoTokenException - Thrown when a problem occurs with a crypto token or the crypto token is invalid.
|
|||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
Copyright 1999-2008 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark or registered trademark of Sun Microsystems, Inc. in the US and other countries.