jrihtarsic commented on code in PR #298: URL: https://github.com/apache/ws-wss4j/pull/298#discussion_r1531940269
########## ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java: ########## @@ -561,6 +581,56 @@ private KeyAgreementParameters buildKeyAgreementParameter(PublicKey recipientPub return dhSpec; } + /** + * Method builds the KeyDerivationParameters for keyDerivationMethod and default values. The default values for + * the key derivation method are: + * <ul> + * <li>ConcatKDF + * <ul> + * <li> DigestAlgorithm: "http://www.w3.org/2001/04/xmlenc#sha256"</li> + * <li> AlgorithmID: "0000"</li> + * <li> PartyUInfo: ""</li> + * <li> PartyVInfo: ""</li> + * <li> SuppPubInfo: null</li> + * <li> SuppPrivInfo: null</li> + * </ul> + * <li>HKDF: SHA-256 + * <ul> + * <li> PRF: http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 </li> + * <li> Salt: random 256 bit value</li> + * <li> Info: null</li> + * </ul> + * </li> + * </ul> + * + * @param keyBitLength the length of the derived key in bits + * @return KeyDerivationParameters the {@link KeyDerivationParameters} for generating the + * key for encrypting transport key and generating XML elements. + * @throws WSSecurityException if the KeyDerivationParameters cannot be created + */ + private KeyDerivationParameters buildKeyDerivationParameters(int keyBitLength) throws WSSecurityException { + + switch (keyDerivationMethod) { + case WSS4JConstants.KEYDERIVATION_CONCATKDF: + return XMLCipherUtil.constructConcatKeyDerivationParameter(keyBitLength, WSConstants.SHA256, + "0000", "", "", null, null); + case WSS4JConstants.KEYDERIVATION_HKDF: + // use semi random value for salt. + // rfc5869: Yet, even a salt value of less quality (shorter in + // size or with limited entropy) may still make a significant + // contribution to the security of the output keying material + byte[] semiRandom = new byte[keyBitLength / 8]; + new Random().nextBytes(semiRandom); Review Comment: Sure. As you can see from rfc5869: [3.1](https://datatracker.ietf.org/doc/html/rfc5869#section-3.1). To Salt or not to Salt > Yet, even a salt value of less quality (shorter in > size or with limited entropy) may still make a significant > contribution to the security of the output keying material. In this case (for the HKDF), the salt is public, and it doesn't matter if it's made from high or limited entropy, but it makes a difference as long as it's there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org For additional commands, e-mail: dev-h...@ws.apache.org