Re: [PR] [WSS-710] Implementation of the configurations for KeyDerivation functions [ws-wss4j]

Wed, 20 Mar 2024 04:59:53 -0700 


jrihtarsic commented on code in PR #298:
URL: https://github.com/apache/ws-wss4j/pull/298#discussion_r1531940269


##########
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java:
##########
@@ -561,6 +581,56 @@ private KeyAgreementParameters 
buildKeyAgreementParameter(PublicKey recipientPub
         return dhSpec;
     }
 
+    /**
+     * Method builds the KeyDerivationParameters for keyDerivationMethod and 
default values. The default values for
+     * the key derivation method are:
+     * <ul>
+     *   <li>ConcatKDF
+     *     <ul>
+     *       <li> DigestAlgorithm: 
"http://www.w3.org/2001/04/xmlenc#sha256";</li>
+     *       <li> AlgorithmID: "0000"</li>
+     *       <li> PartyUInfo: ""</li>
+     *       <li> PartyVInfo: ""</li>
+     *       <li> SuppPubInfo: null</li>
+     *       <li> SuppPrivInfo: null</li>
+     *     </ul>
+     *   <li>HKDF: SHA-256
+     *     <ul>
+     *       <li> PRF: http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 </li>
+     *       <li> Salt: random 256 bit value</li>
+     *       <li> Info: null</li>
+     *     </ul>
+     *   </li>
+     * </ul>
+     *
+     * @param keyBitLength the length of the derived key in bits
+     * @return KeyDerivationParameters the {@link KeyDerivationParameters} for 
generating the
+     * key for encrypting transport key and generating XML elements.
+     * @throws WSSecurityException if the KeyDerivationParameters cannot be 
created
+     */
+    private KeyDerivationParameters buildKeyDerivationParameters(int 
keyBitLength) throws WSSecurityException {
+
+        switch (keyDerivationMethod) {
+            case WSS4JConstants.KEYDERIVATION_CONCATKDF:
+                return 
XMLCipherUtil.constructConcatKeyDerivationParameter(keyBitLength, 
WSConstants.SHA256,
+                        "0000", "", "", null, null);
+            case WSS4JConstants.KEYDERIVATION_HKDF:
+                // use semi random value for salt.
+                // rfc5869: Yet, even a salt value of less quality (shorter in
+                //   size or with limited entropy) may still make a significant
+                //   contribution to the security of the output keying material
+                byte[] semiRandom = new byte[keyBitLength / 8];
+                new Random().nextBytes(semiRandom);

Review Comment:
   Sure.
   As you can see from  rfc5869:  
[3.1](https://datatracker.ietf.org/doc/html/rfc5869#section-3.1).  To Salt or 
not to Salt
    > Yet, even a salt value of less quality (shorter in
    >  size or with limited entropy) may still make a significant
    >  contribution to the security of the output keying material.
    
   In this case (for the HKDF), the salt is public, and it doesn't matter if 
it's made from high or limited entropy, but it makes a difference as long as 
it's there.
    
    
    



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org

Reply via email to