Further KDF work.

Author: dghgit

prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/HKDF.java

@@ -1,106 +1,107 @@
 package org.bouncycastle.jcajce.provider.symmetric;
 
+import java.security.InvalidAlgorithmParameterException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import javax.crypto.SecretKey;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.DerivationFunction;
 import org.bouncycastle.crypto.Digest;
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.digests.SHA384Digest;
 import org.bouncycastle.crypto.digests.SHA512Digest;
 import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
 import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.internal.asn1.misc.MiscObjectIdentifiers;
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.symmetric.util.BCPBEKey;
+import org.bouncycastle.jcajce.provider.symmetric.util.BaseSecretKeyFactory;
 import org.bouncycastle.jcajce.provider.util.AlgorithmProvider;
+import org.bouncycastle.jcajce.spec.HKDFParameterSpec;
 
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactorySpi;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.KeySpec;
-
-public class HKDF extends SecretKeyFactorySpi
+public class HKDF
 {
-    protected String algName;
-    protected HKDFBytesGenerator hkdf;
-
-
-    private HKDF(String algName, Digest digest)
+    private HKDF()
     {
-        this.algName = algName;
-        this.hkdf = new HKDFBytesGenerator(digest);
+
     }
 
-    @Override
-    protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException
+    public static class HKDFBase
+            extends BaseSecretKeyFactory
     {
-        HKDFParameters hkdfParameters = (HKDFParameters) keySpec;
-        int derivedDataLength = hkdfParameters.getIKM().length;
-        hkdf.init(hkdfParameters);
+        protected String algName;
+        protected HKDFBytesGenerator hkdf;
 
-        byte[] derivedData = new byte[derivedDataLength];
-        hkdf.generateBytes(derivedData, 0, derivedDataLength);
 
-        CipherParameters param = new KeyParameter(derivedData);
+        public HKDFBase(String algName, Digest digest, ASN1ObjectIdentifier oid)
+        {
+            super(algName, oid);
+            this.algName = algName;
+            this.hkdf = new HKDFBytesGenerator(digest);
+        }
 
-        return new BCPBEKey(this.algName, param) ;
-    }
+        @Override
+        protected SecretKey engineGenerateSecret(KeySpec keySpec)
+                throws InvalidKeySpecException
+        {
+            HKDFParameterSpec spec = (HKDFParameterSpec)keySpec;
+            int derivedDataLength = spec.getOutputLength();
+            hkdf.init(new HKDFParameters(spec.getIKM(), spec.getSalt(), spec.getInfo()));
+
+            byte[] derivedData = new byte[derivedDataLength];
+            hkdf.generateBytes(derivedData, 0, derivedDataLength);
 
+            CipherParameters param = new KeyParameter(derivedData);
 
-    @Override
-    protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpec) throws InvalidKeySpecException
+            return new BCPBEKey(this.algName, param);
+        }
+    }
+
+    public static class HKDFwithSHA256
+            extends HKDFBase
     {
-        return null;
+        public HKDFwithSHA256() throws InvalidAlgorithmParameterException
+        {
+            super("HKDF-SHA256", new SHA256Digest(), PKCSObjectIdentifiers.id_alg_hkdf_with_sha256);
+        }
     }
 
-    @Override
-    protected SecretKey engineTranslateKey(SecretKey key) throws InvalidKeyException
+    public static class HKDFwithSHA384
+            extends HKDFBase
     {
-        return null;
+        public HKDFwithSHA384() throws InvalidAlgorithmParameterException
+        {
+            super("HKDF-SHA384", new SHA384Digest(), PKCSObjectIdentifiers.id_alg_hkdf_with_sha384);
+        }
     }
 
+    public static class HKDFwithSHA512
+            extends HKDFBase
+    {
+
+        public HKDFwithSHA512() throws InvalidAlgorithmParameterException
+        {
+            super("HKDF-SHA512", new SHA512Digest(), PKCSObjectIdentifiers.id_alg_hkdf_with_sha512);
+        }
+    }
 
     public static class Mappings
             extends AlgorithmProvider
     {
-        private static final String PREFIX = SCRYPT.class.getName();
+        private static final String PREFIX = HKDF.class.getName();
 
         public Mappings()
         {
         }
 
         public void configure(ConfigurableProvider provider)
         {
-            provider.addAlgorithm("SecretKeyFactory.HKDF", PREFIX + "HKDF");
             provider.addAlgorithm("SecretKeyFactory.HKDF-SHA256", PREFIX + "$HKDFwithSHA256");
             provider.addAlgorithm("SecretKeyFactory.HKDF-SHA384", PREFIX + "$HKDFwithSHA384");
             provider.addAlgorithm("SecretKeyFactory.HKDF-SHA512", PREFIX + "$HKDFwithSHA512");
-
-        }
-    }
-    public static class HKDFwithSHA256 extends HKDF
-    {
-        public HKDFwithSHA256() throws InvalidAlgorithmParameterException
-        {
-            super("HKDF-SHA256", new SHA256Digest());
-        }
-    }
-    public static class HKDFwithSHA384 extends HKDF
-    {
-        public HKDFwithSHA384() throws InvalidAlgorithmParameterException
-        {
-            super("HKDF-SHA384", new SHA384Digest());
-        }
-    }
-    public static class HKDFwithSHA512 extends HKDF
-    {
-
-        public HKDFwithSHA512() throws InvalidAlgorithmParameterException
-        {
-            super("HKDF-SHA512", new SHA512Digest());
         }
     }
-    
 }

prov/src/main/java/org/bouncycastle/jcajce/spec/HKDFParameterSpec.java

@@ -0,0 +1,70 @@
+package org.bouncycastle.jcajce.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.KeySpec;
+
+import org.bouncycastle.crypto.params.HKDFParameters;
+
+public class HKDFParameterSpec
+    implements KeySpec, AlgorithmParameterSpec
+{
+    private final HKDFParameters hkdfParameters;
+    private final int outputLength;
+
+    public HKDFParameterSpec(byte[] ikm, byte[] salt, byte[] info, int outputLength)
+    {
+        this.hkdfParameters = new HKDFParameters(ikm, salt, info);
+        this.outputLength = outputLength;
+    }
+
+    /**
+     * Returns the input keying material or seed.
+     *
+     * @return the keying material
+     */
+    public byte[] getIKM()
+    {
+        return hkdfParameters.getIKM();
+    }
+
+    /**
+     * Returns if step 1: extract has to be skipped or not
+     *
+     * @return true for skipping, false for no skipping of step 1
+     */
+    public boolean skipExtract()
+    {
+        return hkdfParameters.skipExtract();
+    }
+
+    /**
+     * Returns the salt, or null if the salt should be generated as a byte array
+     * of HashLen zeros.
+     *
+     * @return the salt, or null
+     */
+    public byte[] getSalt()
+    {
+        return hkdfParameters.getSalt();
+    }
+
+    /**
+     * Returns the info field, which may be empty (null is converted to empty).
+     *
+     * @return the info field, never null
+     */
+    public byte[] getInfo()
+    {
+        return hkdfParameters.getInfo();
+    }
+
+    /**
+     * Returns the length (in bytes) of the output resulting from these parameters.
+     *
+     * @return output length, in bytes.
+     */
+    public int getOutputLength()
+    {
+        return outputLength;
+    }
+}

prov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java

@@ -95,7 +95,7 @@ public final class BouncyCastleProvider extends Provider
 
     private static final String[] SYMMETRIC_GENERIC =
         {
-            "PBEPBKDF1", "PBEPBKDF2", "PBEPKCS12", "TLSKDF", "SCRYPT"
+            "PBEPBKDF1", "PBEPBKDF2", "PBEPKCS12", "TLSKDF", "SCRYPT", "HKDF"
         };
 
     private static final String[] SYMMETRIC_MACS =

prov/src/main/jdk25/org/bouncycastle/jcajce/provider/kdf/PBEPBKDF2.java

@@ -19,7 +19,7 @@ public void configure(ConfigurableProvider provider)
         {
 //            provider.addAlgorithm("AlgorithmParameters.PBKDF2", PREFIX + "PBEPBKDF2Spi$AlgParams");
 //            provider.addAlgorithm("Alg.Alias.AlgorithmParameters." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");
-            provider.addAlgorithm("KDF.PBEPBKDF2", PREFIX + "PBEPBKDF2Spi$PBKDF2withUTF8");
+            provider.addAlgorithm("KDF.PBKDF2", PREFIX + "PBEPBKDF2Spi$PBKDF2withUTF8");
             provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITHHMACSHA1", "PBKDF2");
             provider.addAlgorithm("Alg.Alias.KDF.PBKDF2WITHHMACSHA1ANDUTF8", "PBKDF2");
             provider.addAlgorithm("Alg.Alias.KDF." + PKCSObjectIdentifiers.id_PBKDF2, "PBKDF2");