Table of Contents

Interface TlsSecret

Namespace
Org.BouncyCastle.Tls.Crypto
Assembly
BouncyCastle.Cryptography.dll

Interface supporting the generation of key material and other SSL/TLS secret values from PRFs.

public interface TlsSecret

Properties

Length 

int Length { get; }

Property Value

int

Methods

CalculateHmac(int, byte[], int, int)

Calculate an HMAC with this secret's data as the key.

byte[] CalculateHmac(int cryptoHashAlgorithm, byte[] buf, int off, int len)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

buf byte[]

array containing the input data.

off int

offset into the input array the input starts at.

len int

the length of the input data.

Returns

byte[]

DeriveUsingPrf(int, ReadOnlySpan<char>, ReadOnlySpan<byte>, int) 

TlsSecret DeriveUsingPrf(int prfAlgorithm, ReadOnlySpan<char> label, ReadOnlySpan<byte> seed, int length)

Parameters

prfAlgorithm int
label ReadOnlySpan<char>
seed ReadOnlySpan<byte>
length int

Returns

TlsSecret

DeriveUsingPrf(int, string, byte[], int)

Return a new secret based on applying a PRF to this one.

TlsSecret DeriveUsingPrf(int prfAlgorithm, string label, byte[] seed, int length)

Parameters

prfAlgorithm int

PRF algorithm to use.

label string

the label details.

seed byte[]

the seed details.

length int

the size (in bytes) of the secret to generate.

Returns

TlsSecret

the new secret.

Destroy()

Destroy the internal state of the secret.

void Destroy()

Remarks

After this call, any attempt to use the TlsSecret will result in an InvalidOperationException being thrown.

Encrypt(TlsEncryptor)

Return an encrypted copy of the data this secret is based on.

byte[] Encrypt(TlsEncryptor encryptor)

Parameters

encryptor TlsEncryptor

the encryptor to use for protecting the internal data.

Returns

byte[]

an encrypted copy of this secret's internal data.

Exceptions

IOException

Extract()

Return the internal data from this secret.

byte[] Extract()

Returns

byte[]

the secret's internal data.

Remarks

The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an InvalidOperationException being thrown.

ExtractTo(Span<byte>) 

void ExtractTo(Span<byte> output)

Parameters

output Span<byte>

HkdfExpand(int, byte[], int)

RFC 5869 HKDF-Expand function, with this secret's data as the pseudo-random key ('prk').

TlsSecret HkdfExpand(int cryptoHashAlgorithm, byte[] info, int length)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

info byte[]

optional context and application specific information (can be zero-length).

length int

length of output keying material in octets.

Returns

TlsSecret

output keying material (of 'length' octets).

HkdfExpand(int, ReadOnlySpan<byte>, int) 

TlsSecret HkdfExpand(int cryptoHashAlgorithm, ReadOnlySpan<byte> info, int length)

Parameters

cryptoHashAlgorithm int
info ReadOnlySpan<byte>
length int

Returns

TlsSecret

HkdfExtract(int, TlsSecret)

RFC 5869 HKDF-Extract function, with this secret's data as the 'salt'.

TlsSecret HkdfExtract(int cryptoHashAlgorithm, TlsSecret ikm)

Parameters

cryptoHashAlgorithm int

the hash algorithm to instantiate HMAC with. See CryptoHashAlgorithm for values.

ikm TlsSecret

input keying material.

Returns

TlsSecret

a pseudo-random key (of HashLen octets).

Remarks

The TlsSecret does not keep a copy of the data. After this call, any attempt to use the TlsSecret will result in an InvalidOperationException being thrown.

IsAlive() 

bool IsAlive()

Returns

bool