Package com.yahoo.security.hpke

Interface Kdf

public interface Kdf

Key derivation function (KDF)

Author:

vekterli

Method Summary

Modifier and Type	Method	Description
byte[]	expand(byte[] prk, byte[] info, int nBytesToExpand)	Expand a pseudorandom key prk using optional string info into nBytesToExpand bytes of output keying material.
byte[]	extract(byte[] salt, byte[] labeledIkm)	Extract a pseudorandom key of fixed length nH() bytes from input keying material ikm and an optional byte string salt.
static Kdf	hkdfSha256()
short	kdfId()	Predefined KDF ID, as given in RFC 9180 section 7.2
short	nH()	Output size of the extract() function in bytes

Method Details

extract

byte[] extract(byte[] salt,
 byte[] labeledIkm)

Extract a pseudorandom key of fixed length nH() bytes from input keying material ikm and an optional byte string salt.

Parameters:

salt - non-secret salt used as input to KDF

labeledIkm - secret input keying material

Returns:

nH bytes of PRK data

expand

byte[] expand(byte[] prk,
 byte[] info,
 int nBytesToExpand)

Expand a pseudorandom key prk using optional string info into nBytesToExpand bytes of output keying material.

Parameters:

prk - pseudo random key previously gotten from a call to extract.

info - contextual info for expansion; useful for key domain separation

nBytesToExpand - number of bytes to return

Returns:

nBytesToExpand bytes of output keying material.

nH

short nH()

Output size of the extract() function in bytes

kdfId

short kdfId()

Predefined KDF ID, as given in RFC 9180 section 7.2

hkdfSha256

static Kdf hkdfSha256()