Re: [PR] SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys [santuario-xml-security-java]

via GitHub Thu, 14 Dec 2023 08:20:09 -0800


seanjmullan commented on code in PR #234:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1426904959



##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;

Review Comment:
   Typo: s/chiperSpec/cipherSpec/



##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;
+        KeyPair origninatorKeyPair = null;
+        Key wrapKey = this.key;
+        if (params instanceof OAEPParameterSpec) {
+            chiperSpec = params;
+            wrapKey = this.key;
+        } else if (params instanceof KeyAgreementParameterSpec) {
+            KeyAgreementParameterSpec keyAgreementParameter = 
(KeyAgreementParameterSpec) params;
+            PublicKey recipientPublicKey = (PublicKey) this.key;
+            if (keyAgreementParameter.getRecipientPublicKey() == null) {
+                
keyAgreementParameter.setRecipientPublicKey(recipientPublicKey);
+            }
+            if (keyAgreementParameter.getOriginatorPrivateKey() == null) {
+                origninatorKeyPair = 
KeyUtils.generateEphemeralDHKeyPair(recipientPublicKey, null);

Review Comment:
   What if `keyAgreementParameter.getRecipientPublicKey()` was not `null`? 
Should you be using that instead?



##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;
+        KeyPair origninatorKeyPair = null;
+        Key wrapKey = this.key;
+        if (params instanceof OAEPParameterSpec) {
+            chiperSpec = params;
+            wrapKey = this.key;
+        } else if (params instanceof KeyAgreementParameterSpec) {
+            KeyAgreementParameterSpec keyAgreementParameter = 
(KeyAgreementParameterSpec) params;
+            PublicKey recipientPublicKey = (PublicKey) this.key;

Review Comment:
   Isn't this the key you are wrapping, which is typically a symmetric key? I 
don't see why this is the recipient's public key.



##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;
+        KeyPair origninatorKeyPair = null;
+        Key wrapKey = this.key;
+        if (params instanceof OAEPParameterSpec) {
+            chiperSpec = params;
+            wrapKey = this.key;
+        } else if (params instanceof KeyAgreementParameterSpec) {
+            KeyAgreementParameterSpec keyAgreementParameter = 
(KeyAgreementParameterSpec) params;
+            PublicKey recipientPublicKey = (PublicKey) this.key;
+            if (keyAgreementParameter.getRecipientPublicKey() == null) {
+                
keyAgreementParameter.setRecipientPublicKey(recipientPublicKey);
+            }
+            if (keyAgreementParameter.getOriginatorPrivateKey() == null) {
+                origninatorKeyPair = 
KeyUtils.generateEphemeralDHKeyPair(recipientPublicKey, null);
+                keyAgreementParameter.setOriginatorKeyPair(origninatorKeyPair);
+            }
+
+            wrapKey = 
KeyUtils.aesWrapKeyWithDHGeneratedKey(keyAgreementParameter);
+        }

Review Comment:
   Should throw an exception if params are unrecognized.



##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;
+        KeyPair origninatorKeyPair = null;
+        Key wrapKey = this.key;
+        if (params instanceof OAEPParameterSpec) {
+            chiperSpec = params;
+            wrapKey = this.key;
+        } else if (params instanceof KeyAgreementParameterSpec) {
+            KeyAgreementParameterSpec keyAgreementParameter = 
(KeyAgreementParameterSpec) params;
+            PublicKey recipientPublicKey = (PublicKey) this.key;
+            if (keyAgreementParameter.getRecipientPublicKey() == null) {
+                
keyAgreementParameter.setRecipientPublicKey(recipientPublicKey);
+            }
+            if (keyAgreementParameter.getOriginatorPrivateKey() == null) {
+                origninatorKeyPair = 
KeyUtils.generateEphemeralDHKeyPair(recipientPublicKey, null);

Review Comment:
   Typo: s/origninatorKeyPair/originatorKeyPair/



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Re: [PR] SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys [santuario-xml-security-java]

Reply via email to