diff options
Diffstat (limited to 'crypto/src/tls/crypto/TlsSecret.cs')
-rw-r--r-- | crypto/src/tls/crypto/TlsSecret.cs | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/crypto/src/tls/crypto/TlsSecret.cs b/crypto/src/tls/crypto/TlsSecret.cs new file mode 100644 index 000000000..9b092fc40 --- /dev/null +++ b/crypto/src/tls/crypto/TlsSecret.cs @@ -0,0 +1,61 @@ +using System; +using System.IO; + +namespace Org.BouncyCastle.Tls.Crypto +{ + /// <summary>Interface supporting the generation of key material and other SSL/TLS secret values from PRFs. + /// </summary> + public interface TlsSecret + { + /// <summary>Return a new secret based on applying a PRF to this one.</summary> + /// <param name="prfAlgorithm">PRF algorithm to use.</param> + /// <param name="label">the label details.</param> + /// <param name="seed">the seed details.</param> + /// <param name="length">the size (in bytes) of the secret to generate.</param> + /// <returns>the new secret.</returns> + TlsSecret DeriveUsingPrf(int prfAlgorithm, string label, byte[] seed, int length); + + /// <summary>Destroy the internal state of the secret.</summary> + /// <remarks> + /// After this call, any attempt to use the <see cref="TlsSecret"/> will result in an + /// <see cref="InvalidOperationException"/> being thrown. + /// </remarks> + void Destroy(); + + /// <summary>Return an encrypted copy of the data this secret is based on.</summary> + /// <param name="certificate">the certificate containing the public key to use for protecting the internal + /// data.</param> + /// <returns>an encrypted copy of this secret's internal data.</returns> + /// <exception cref="IOException"/> + byte[] Encrypt(TlsCertificate certificate); + + /// <summary>Return the internal data from this secret.</summary> + /// <remarks> + /// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use the + /// <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown. + /// </remarks> + /// <returns>the secret's internal data.</returns> + byte[] Extract(); + + /// <summary>RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').</summary> + /// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See + /// <see cref="CryptoHashAlgorithm"/> for values.</param> + /// <param name="info">optional context and application specific information (can be zero-length).</param> + /// <param name="length">length of output keying material in octets.</param> + /// <returns> output keying material (of 'length' octets).</returns> + TlsSecret HkdfExpand(int cryptoHashAlgorithm, byte[] info, int length); + + /// <summary>RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.</summary> + /// <remarks> + /// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use + /// the <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown. + /// </remarks> + /// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See + /// <see cref="CryptoHashAlgorithm"/> for values.</param> + /// <param name="ikm">input keying material.</param> + /// <returns>a pseudo-random key (of HashLen octets).</returns> + TlsSecret HkdfExtract(int cryptoHashAlgorithm, byte[] ikm); + + bool IsAlive(); + } +} |