Package io.netty.handler.ssl
Class PseudoRandomFunction
- java.lang.Object
-
- io.netty.handler.ssl.PseudoRandomFunction
-
final class PseudoRandomFunction extends java.lang.Object
This pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length. This is used by the TLS RFC to construct/deconstruct an array of bytes into composite secrets. {@link rfc5246}
-
-
Constructor Summary
Constructors Modifier Constructor Description private
PseudoRandomFunction()
Constructor never to be called.
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description private static byte[]
concat(byte[] first, byte[] second)
(package private) static byte[]
hash(byte[] secret, byte[] label, byte[] seed, int length, java.lang.String algo)
Use a single hash function to expand a secret and seed into an arbitrary quantity of output.
-
-
-
Method Detail
-
hash
static byte[] hash(byte[] secret, byte[] label, byte[] seed, int length, java.lang.String algo)
Use a single hash function to expand a secret and seed into an arbitrary quantity of output. P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + HMAC_hash(secret, A(2) + seed) + HMAC_hash(secret, A(3) + seed) + ... where + indicates concatenation. A() is defined as: A(0) = seed A(i) = HMAC_hash(secret, A(i-1))- Parameters:
secret
- The starting secret to use for expansionlabel
- An ascii string without a length byte or trailing null character.seed
- The seed of the hashlength
- The number of bytes to returnalgo
- the hmac algorithm to use- Returns:
- The expanded secrets
- Throws:
java.lang.IllegalArgumentException
- if the algo could not be found.
-
concat
private static byte[] concat(byte[] first, byte[] second)
-
-