http://www.bouncycastle.org/java.html: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.
  • The Legion of the Bouncy Castle Inc. 
package org.bouncycastle.jcajce.spec;

import java.security.spec.KeySpec;

import org.bouncycastle.util.Arrays;


Key Spec class for generating TLS key/iv material.

/**
 * Key Spec class for generating TLS key/iv material.
 */
public class TLSKeyMaterialSpec
    implements KeySpec
{
    public static final String MASTER_SECRET = "master secret";
    public static final String KEY_EXPANSION = "key expansion";

    private final byte[] secret;
    private final String label;
    private final int length;
    private final byte[] seed;

    
Constructor specifying the basic parameters for a TLS KDF

Params:
  • secret – secret to use
  • label – e.g. 'master secret', or 'key expansion'
  • length – number of bytes of material to be generated
  • seedMaterial – array of seed material inputs (to be concatenated together)
/**
     * Constructor specifying the basic parameters for a TLS KDF
     *
     * @param secret secret to use
     * @param label e.g. 'master secret', or 'key expansion'
     * @param length number of bytes of material to be generated
     * @param seedMaterial array of seed material inputs (to be concatenated together)
     */
    public TLSKeyMaterialSpec(byte[] secret, String label, int length, byte[]... seedMaterial)
    {
        this.secret = Arrays.clone(secret);
        this.label = label;
        this.length = length;
        this.seed = Arrays.concatenate(seedMaterial);
    }

    
Return the label associated with this spec.

Returns:the label to be used with the TLS KDF.
/**
     * Return the label associated with this spec.
     *
     * @return the label to be used with the TLS KDF.
     */
    public String getLabel()
    {
        return label;
    }

    
Return the number of bytes of key material to be generated for this spec.

Returns:the length in bytes of the result.
/**
     * Return the number of bytes of key material to be generated for this spec.
     *
     * @return the length in bytes of the result.
     */
    public int getLength()
    {
        return length;
    }

    
Return the secret associated with this spec.

Returns:a copy of the secret.
/**
     * Return the secret associated with this spec.
     *
     * @return a copy of the secret.
     */
    public byte[] getSecret()
    {
        return Arrays.clone(secret);
    }

    
Return the full seed for the spec.

Returns:a copy of the seed.
/**
     * Return the full seed for the spec.
     *
     * @return a copy of the seed.
     */
    public byte[] getSeed()
    {
        return Arrays.clone(seed);
    }
}