Class PseudoRandomFunction

java.lang.Object
io.netty.handler.ssl.PseudoRandomFunction

final class PseudoRandomFunction extends Object
This pseudorandom function (PRF) takes as input a secret, a seed, and an identifying label and produces an output of arbitrary length. This is used by the TLS RFC to construct/deconstruct an array of bytes into composite secrets.
invalid @link
{@link <a href="https://tools.ietf.org/html/rfc5246">rfc5246</a>
}
  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    private
    Constructor never to be called.
  • Method Summary

    Modifier and Type
    Method
    Description
    private static byte[]
    concat(byte[] first, byte[] second)
     
    (package private) static byte[]
    hash(byte[] secret, byte[] label, byte[] seed, int length, String algo)
    Use a single hash function to expand a secret and seed into an arbitrary quantity of output.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • PseudoRandomFunction

      private PseudoRandomFunction()
      Constructor never to be called.
  • Method Details

    • hash

      static byte[] hash(byte[] secret, byte[] label, byte[] seed, int length, String algo)
      Use a single hash function to expand a secret and seed into an arbitrary quantity of output. P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + HMAC_hash(secret, A(2) + seed) + HMAC_hash(secret, A(3) + seed) + ... where + indicates concatenation. A() is defined as: A(0) = seed A(i) = HMAC_hash(secret, A(i-1))
      Parameters:
      secret - The starting secret to use for expansion
      label - An ascii string without a length byte or trailing null character.
      seed - The seed of the hash
      length - The number of bytes to return
      algo - the hmac algorithm to use
      Returns:
      The expanded secrets
      Throws:
      IllegalArgumentException - if the algo could not be found.
    • concat

      private static byte[] concat(byte[] first, byte[] second)