net.rim.device.api.crypto
Class RFC2631KDFPseudoRandomSource

java.lang.Object
  extended by net.rim.device.api.crypto.AbstractPseudoRandomSource
      extended by net.rim.device.api.crypto.RFC2631KDFPseudoRandomSource
All Implemented Interfaces:
PseudoRandomSource

public final class RFC2631KDFPseudoRandomSource
extends AbstractPseudoRandomSource
implements PseudoRandomSource

Implements the key derivation function (KDF) found in RFC 2631, which is based upon the KDF in X9.42. This KDF does not have a definite length and can be used to generate a variety of symmetric keys.

Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

Constructor Summary
Category: Signed RFC2631KDFPseudoRandomSource(byte[] sharedSecret, int offset, int length, OID algorithm, byte[] partyAInfo, int derivedKeyLength)
          Creates an RFC2631KDFPseudoRandomSource object with the specified parameters.
Category: Signed RFC2631KDFPseudoRandomSource(byte[] sharedSecret, OID algorithm, byte[] partyAInfo, int derivedKeyLength)
          Creates an RFC2631KDFPseudoRandomSource object with the specified parameters.
 
Method Summary
Category: Signed  String getAlgorithm()
          Returns the name of this PseaudoRandomSource "RFC2631KDF".
Category: Signed  int getAvailable()
          Returns the number of pseudo random bytes currently available.
Category: Signed  int getMaxAvailable()
          Returns the maximum number of pseudo random bytes that this PRNG can produce.
Category: Signed  void xorBytes(byte[] buffer, int offset, int length)
          Exclusive-OR's random bytes into the given buffer starting at the specified array offset.
 
Methods inherited from class net.rim.device.api.crypto.AbstractPseudoRandomSource
getBytes, getBytes, getBytes, xorBytes, xorBytes, xorCopy, xorCopy
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface net.rim.device.api.crypto.PseudoRandomSource
getBytes, getBytes, getBytes, xorBytes, xorBytes, xorCopy, xorCopy
 



Constructor Detail

RFC2631KDFPseudoRandomSource

public RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
                                    OID algorithm,
                                    byte[] partyAInfo,
                                    int derivedKeyLength)
Creates an RFC2631KDFPseudoRandomSource object with the specified parameters.

The intended use of this PseudoRandomSource is in order to create a shared secret key. The javadocs make reference to that as an eventual use for the data. That does not restrict the use of this PseudoRandomSource, however.

Note: While there is no restriction on what OID you can pass into this constructor, the intention is that you would pass the OID representing a key wrap algorithm you wish to use. Please refer to RFC 2630 ( CMS ) for more information on the concept of key wrapping. Then, you would use the random bytes generated by this PseudoRandomSource, to create a KEK to use in wrapped the content key. You could, though, use whatever OID you wished.

For example, suppose you wished to wrap a content key, using a Triple DES key. You would use this PseudoRandomSource as follows

 Assume sharedSecret has been set.  We'll assume the optional parameter is null for clarity sake.

 RFC2631KDFPseudoRandomSource source = new RFC2631KDFPseudoRandomSource( sharedSecret, 
      OIDs.getOID( OIDs.cmsIdAlgCMS3DESWrap ), null, 192 );    // the 192 is for the size of the Triple DES Key in bits
 byte[] keyData = source.getBytes( TripleDESKey.LENGTH );
 TripleDESKey key = new TripleDESKey( keyData );
 ... use key in your key wrap algorithm.

 Some other useful OIDs you could use are OIDs.AES_128_KEY_WRAP ( and the other AES oids ), 
 OIDs.cmsIdAlgCMSRC2Wrap, etc..
 

Parameters:
sharedSecret - A byte array containing the secret shared between two parties.
algorithm - The object identifier (OID) of the key wrapping algorithm ( from CMS ) that the KEK, generated by this class, will be used with. Any OID can be passed in, though. No check is done on it.
partyAInfo - A byte array containing additional, optional information provided by the sender. If this is included, it must be 512 bits (64 bytes) long. This parameter can be null.
derivedKeyLength - The length of the generated key in bits. This KDF does not limit the available data to this length. However, the correct value should be provided, since it is used in the generation of the key.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

RFC2631KDFPseudoRandomSource

public RFC2631KDFPseudoRandomSource(byte[] sharedSecret,
                                    int offset,
                                    int length,
                                    OID algorithm,
                                    byte[] partyAInfo,
                                    int derivedKeyLength)
Creates an RFC2631KDFPseudoRandomSource object with the specified parameters.

The intended use of this PseudoRandomSource is in order to create a shared secret key. The javadocs make reference to that as an eventual use for the data. That does not restrict the use of this PseudoRandomSource, however.

Note: While there is no restriction on what OID you can pass into this constructor, the intention is that you would pass the OID representing a key wrap algorithm you wish to use. Please refer to RFC 2630 ( CMS ) for more information on the concept of key wrapping. Then, you would use the random bytes generated by this PseudoRandomSource, to create a KEK to use in wrapped the content key. You could, though, use whatever OID you wished.

For example, suppose you wished to wrap a content key, using a Triple DES key. You would use this PseudoRandomSource as follows

 Assume sharedSecret has been set.  We'll assume the optional parameter is null for clarity sake.

 RFC2631KDFPseudoRandomSource source = new RFC2631KDFPseudoRandomSource( sharedSecret, 
            OIDs.getOID( OIDs.cmsIdAlgCMS3DESWrap ), null, 192 );    // the 192 is for the size of the Triple DES Key in bits
 byte[] keyData = source.getBytes( TripleDESKey.LENGTH );
 TripleDESKey key = new TripleDESKey( keyData );
 ... use key in your key wrap algorithm.

 Some other useful OIDs you could use are OIDs.AES_128_KEY_WRAP ( and the other AES oids ), 
 OIDs.cmsIdAlgCMSRC2Wrap, etc..
 

Parameters:
sharedSecret - A byte array containing the secret shared between two parties.
offset - The offset, or initial position of the shared secret data, within the byte array.
length - The number of bytes to use as shared secret data.
algorithm - The object identifier (OID) of the key wrapping algorithm ( from CMS ) that the KEK, generated by this class, will be used with. Any OID can be passed in, though. No check is done on it.
partyAInfo - A byte array containing additional, optional information provided by the sender. If this is included, it must be 512 bits (64 bytes) long. This parameter can be null.
derivedKeyLength - The length of the generated key in bits. This KDF does not limit the available data to this length. However, the correct value should be provided, since it is used in the generation of the key.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0


Method Detail

getAlgorithm

public String getAlgorithm()
Returns the name of this PseaudoRandomSource "RFC2631KDF".

This method will always return the String "RFC2631KDF".

Specified by:
getAlgorithm in interface PseudoRandomSource
Returns:
A String that represents the name of the algorithm.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

xorBytes

public void xorBytes(byte[] buffer,
                     int offset,
                     int length)
Description copied from class: AbstractPseudoRandomSource
Exclusive-OR's random bytes into the given buffer starting at the specified array offset.

Specified by:
xorBytes in interface PseudoRandomSource
Specified by:
xorBytes in class AbstractPseudoRandomSource
Parameters:
buffer - The byte array to xor the bytes into.
offset - The starting offset within buffer.
length - The number of bytes to xor.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getAvailable

public int getAvailable()
Description copied from interface: PseudoRandomSource
Returns the number of pseudo random bytes currently available.

For PRNG sources that have an indefinite length but implement this interface, the value returned is Integer.MAX.

Specified by:
getAvailable in interface PseudoRandomSource
Returns:
An integer that represents the number of bytes.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0

getMaxAvailable

public int getMaxAvailable()
Description copied from interface: PseudoRandomSource
Returns the maximum number of pseudo random bytes that this PRNG can produce.

For PRNG sources that have an indefinite length but implement this interface, the value returned is Integer.MAX.

Specified by:
getMaxAvailable in interface PseudoRandomSource
Returns:
An integer that specifies the maximum number of random bytes that can be produced.
Category:
Signed: This element is only accessible by signed applications. If you intend to use this element, please visit http://www.blackberry.com/go/codesigning to obtain a set of code signing keys. Code signing is only required for applications running on BlackBerry smartphones; development on BlackBerry Smartphone Simulators can occur without code signing.
Since:
BlackBerry API 3.6.0





Copyright 1999-2010 Research In Motion Limited. 295 Phillip Street, Waterloo, Ontario, Canada, N2L 3W8. All Rights Reserved.
Copyright 1993-2003 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California, 94303, U.S.A. All Rights Reserved.
Copyright 2002-2003 Nokia Corporation All Rights Reserved.
Java is a trademark of Sun Microsystems, Inc.