blob: 9b092fc40614b973dc76b6eccc343fd20a3db7fc (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
using System;
using System.IO;
namespace Org.BouncyCastle.Tls.Crypto
{
/// <summary>Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.
/// </summary>
public interface TlsSecret
{
/// <summary>Return a new secret based on applying a PRF to this one.</summary>
/// <param name="prfAlgorithm">PRF algorithm to use.</param>
/// <param name="label">the label details.</param>
/// <param name="seed">the seed details.</param>
/// <param name="length">the size (in bytes) of the secret to generate.</param>
/// <returns>the new secret.</returns>
TlsSecret DeriveUsingPrf(int prfAlgorithm, string label, byte[] seed, int length);
/// <summary>Destroy the internal state of the secret.</summary>
/// <remarks>
/// After this call, any attempt to use the <see cref="TlsSecret"/> will result in an
/// <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
void Destroy();
/// <summary>Return an encrypted copy of the data this secret is based on.</summary>
/// <param name="certificate">the certificate containing the public key to use for protecting the internal
/// data.</param>
/// <returns>an encrypted copy of this secret's internal data.</returns>
/// <exception cref="IOException"/>
byte[] Encrypt(TlsCertificate certificate);
/// <summary>Return the internal data from this secret.</summary>
/// <remarks>
/// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use the
/// <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
/// <returns>the secret's internal data.</returns>
byte[] Extract();
/// <summary>RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').</summary>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
/// <param name="info">optional context and application specific information (can be zero-length).</param>
/// <param name="length">length of output keying material in octets.</param>
/// <returns> output keying material (of 'length' octets).</returns>
TlsSecret HkdfExpand(int cryptoHashAlgorithm, byte[] info, int length);
/// <summary>RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.</summary>
/// <remarks>
/// The <see cref="TlsSecret"/> does not keep a copy of the data. After this call, any attempt to use
/// the <see cref="TlsSecret"/> will result in an <see cref="InvalidOperationException"/> being thrown.
/// </remarks>
/// <param name="cryptoHashAlgorithm">the hash algorithm to instantiate HMAC with. See
/// <see cref="CryptoHashAlgorithm"/> for values.</param>
/// <param name="ikm">input keying material.</param>
/// <returns>a pseudo-random key (of HashLen octets).</returns>
TlsSecret HkdfExtract(int cryptoHashAlgorithm, byte[] ikm);
bool IsAlive();
}
}
|