Package com.amazonaws.encryptionsdk.internal

Class HmacKeyDerivationFunction

java.lang.Object

com.amazonaws.encryptionsdk.internal.HmacKeyDerivationFunction

public final class HmacKeyDerivationFunction
extends Object

HMAC-based Key Derivation Function. Adapted from Hkdf.java in aws-dynamodb-encryption-java

See Also:

RFC 5869

Method Summary

Modifier and Type	Method	Description
byte[]	deriveKey(byte[] info, int length)	Returns a pseudorandom key of length bytes.
static HmacKeyDerivationFunction	getInstance(String algorithm)	Returns an HmacKeyDerivationFunction object using the specified algorithm.
void	init(byte[] ikm)	Initializes this Hkdf with input keying material.
void	init(byte[] ikm, byte[] salt)	Initializes this Hkdf with input keying material and a salt.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getInstance

public static HmacKeyDerivationFunction getInstance(String algorithm)
                                             throws NoSuchAlgorithmException

Returns an HmacKeyDerivationFunction object using the specified algorithm.

Parameters:

algorithm - the standard name of the requested MAC algorithm. See the Mac section in the Java Cryptography Architecture Standard Algorithm Name Documentation for information about standard algorithm names.

Returns:

the new Hkdf object

Throws:

NoSuchAlgorithmException - if no Provider supports a MacSpi implementation for the specified algorithm.

init

public void init(byte[] ikm)

Initializes this Hkdf with input keying material. A default salt of HashLen zeros will be used (where HashLen is the length of the return value of the supplied algorithm).

Parameters:

ikm - the Input Keying Material

init

public void init(byte[] ikm,
                 byte[] salt)

Initializes this Hkdf with input keying material and a salt. If salt is null or of length 0, then a default salt of HashLen zeros will be used (where HashLen is the length of the return value of the supplied algorithm).

Parameters:

salt - the salt used for key extraction (optional)

ikm - the Input Keying Material

deriveKey

public byte[] deriveKey(byte[] info,
                        int length)
                 throws IllegalStateException

Returns a pseudorandom key of length bytes.

Parameters:

info - optional context and application specific information (can be a zero-length array).

length - the length of the output key in bytes

Returns:

a pseudorandom key of length bytes.

Throws:

IllegalStateException - if this object has not been initialized