phax commented on code in PR #234: URL: https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1383684343
########## src/main/java/org/apache/xml/security/keys/derivedKey/ConcatKDF.java: ########## @@ -0,0 +1,240 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.xml.security.keys.derivedKey; + +import org.apache.xml.security.algorithms.MessageDigestAlgorithm; +import org.apache.xml.security.encryption.XMLEncryptionException; +import org.apache.xml.security.exceptions.XMLSecurityException; + +import java.lang.System.Logger.Level; +import java.nio.ByteBuffer; +import java.nio.ByteOrder; +import java.security.MessageDigest; +import java.util.ArrayList; +import java.util.List; + + +/** + * Key DerivationAlgorithm implementation, defined in Section 5.8.1 of NIST SP 800-56A [SP800-56A], and is equivalent + * to the KDF3 function defined in ANSI X9.44-2007 [ANSI-X9-44-2007] when the contents of the OtherInfo parameter + * is structured as in NIST SP 800-56A. + * <p> + * Identifier: http://www.w3.org/2009/xmlenc11#ConcatKDF + */ +public class ConcatKDF implements DerivationAlgorithm { + + private static final System.Logger LOG = System.getLogger(ConcatKDF.class.getName()); + + String algorithmURI; + + /** + * Constructor ConcatKDF with digest algorithmURI parameter such as http://www.w3.org/2001/04/xmlenc#sha256, + * http://www.w3.org/2001/04/xmlenc#sha512, etc. + */ + public ConcatKDF(String algorithmURI) { + this.algorithmURI = algorithmURI; + } + + + /** + * Default Constructor which sets the default digest algorithmURI parameter: http://www.w3.org/2001/04/xmlenc#sha256, + */ + public ConcatKDF() { + this(MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA256); + } + + + + /** + * Key DerivationAlgorithm implementation as defined in Section 5.8.1 of NIST SP 800-56A [SP800-56A] + * <ul> + * <li> reps = ⎡ keydatalen / hashlen⎤.</li> + * <li> If reps > (2>32 −1), then ABORT: output an error indicator and stop.</li> + * <li> Initialize a 32-bit, big-endian bit string counter as 0000000116.</li> + * <li> If counter || Z || OtherInfo is more than max_hash_inputlen bits long, then ABORT: output an error indicator and stop. + * <li> For i = 1 to reps by 1, do the following:<ul> + * <li> Compute Hashi = H(counter || Z || OtherInfo).</li> + * <li> Increment counter (modulo 232), treating it as an unsigned 32-bit integer.</li> + * </ul></li> + * <li> Let Hhash be set to Hashreps if (keydatalen / hashlen) is an integer; otherwise, let Hhash be set to the + * (keydatalen mod hashlen) leftmost bits of Hashreps.</li> + * <li>Set DerivedKeyingMaterial = Hash1 || Hash2 || ... || Hashreps-1 || Hhash</li> + * </ul> + * + * @param secret The "shared" secret to use for key derivation (e.g. the secret key) + * @param otherInfo as specified in [SP800-56A] the optional attributes: AlgorithmID, PartyUInfo, PartyVInfo, SuppPubInfo and SuppPrivInfo attributes are concatenated to form a bit string “OtherInfo” that is used with the key derivation function. + * @param offset the offset parameter is ignored by this implementation. + * @param keyLength The length of the key to derive + * @return The derived key + * @throws XMLEncryptionException if the key length is too long to be derived with the given algorithm + */ + @Override + public byte[] deriveKey(byte[] secret, byte[] otherInfo, int offset, long keyLength) throws XMLSecurityException { + + MessageDigest digest = MessageDigestAlgorithm.getDigestInstance(algorithmURI); + + long genKeyLength = offset+keyLength; + + int iDigestLength = digest.getDigestLength(); + if (genKeyLength / iDigestLength > (long) Integer.MAX_VALUE) { + LOG.log(Level.DEBUG, "Key size is to long to be derived with hash algorithm [{0}]", algorithmURI); Review Comment: For performance reasons, for debug logs it is recommended to use `isDebugEnabled` (similar for `System.Logger`) before the main log action -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@santuario.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org