Interface KDFCounterModeSpec

All Superinterfaces:
AlgorithmParameterSpec
public interface KDFCounterModeSpec extends AlgorithmParameterSpec
This interface specifies the set of parameters used to instantiate a DerivationFunction implementing KDF in Counter Mode defined in NIST SP 800-108 (Recommendation for Key Derivation Using Pseudorandom Functions).

This interface is bound to the constant DerivationFunction.ALG_KDF_COUNTER_MODE.

NIST SP800-108 allows for alternative orderings of the counter location and fixed input data. The supported format is as follow: K(i) := PRF (KI, {fixedDataBeforeCounter} || [i]2 || {fixedDataAfterCounter}) as referred in NIST SP 800-108 Validation System (KBKDFVS).

Since:
3.1
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    byte
    getAlgorithm()
    Returns the Pseudo Random Function (PRF) algorithm associated with the derivation function.
    short
    getCounterLength()
    Returns the bytes length of the binary representation of the counter (c.f chapter 5.1 of the NIST specification).
    byte[]
    getInputDataAfterCounter()
    Gets the fixed input data after the counter.
    byte[]
    getInputDataBeforeCounter()
    Gets the fixed input data before the counter.
    short
    getOutputLength()
    Returns the KDF output length in bytes.
    SecretKey
    getSecret()
    Gets the secret value for the key derivation function.

  • Method Details

    • getAlgorithm

      byte getAlgorithm()
      Returns the Pseudo Random Function (PRF) algorithm associated with the derivation function.
      Returns:
      the PRF algorithm associated with the derivation function
      See Also:

    • getSecret

      SecretKey getSecret()
      Gets the secret value for the key derivation function. The key type must match the one involved in the PRF algorithm.
      Returns:
      the secret value

    • getInputDataBeforeCounter

      byte[] getInputDataBeforeCounter()
      Gets the fixed input data before the counter.

      It may be an array view. It may be null.

      Returns:
      the fixed input data part before the counter value.

    • getInputDataAfterCounter

      byte[] getInputDataAfterCounter()
      Gets the fixed input data after the counter.

      It may be an array view. It may be null.

      Returns:
      the fixed input data part after the counter value.

    • getOutputLength

      short getOutputLength()
      Returns the KDF output length in bytes. It specifies the total length of data that can be generated using subsequent calls to DerivationFunction.nextBytes(byte[], short, short) or DerivationFunction.nextBytes(javacard.security.SecretKey).
      Returns:
      the output length

    • getCounterLength

      short getCounterLength()
      Returns the bytes length of the binary representation of the counter (c.f chapter 5.1 of the NIST specification). Must be 1, 2, 3 or 4.
      Returns:
      the length of the binary representation of the counter.