jrihtarsic commented on code in PR #298:
URL: https://github.com/apache/ws-wss4j/pull/298#discussion_r1533297348
##########
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java:
##########
@@ -561,6 +581,56 @@ private KeyAgreementParameters
buildKeyAgreementParameter(PublicKey recipientPub
return dhSpec;
}
+ /**
+ * Method builds the KeyDerivationParameters for keyDerivationMethod and
default values. The default values for
+ * the key derivation method are:
+ * <ul>
+ * <li>ConcatKDF
+ * <ul>
+ * <li> DigestAlgorithm:
"http://www.w3.org/2001/04/xmlenc#sha256";</li>
+ * <li> AlgorithmID: "0000"</li>
+ * <li> PartyUInfo: ""</li>
+ * <li> PartyVInfo: ""</li>
+ * <li> SuppPubInfo: null</li>
+ * <li> SuppPrivInfo: null</li>
+ * </ul>
+ * <li>HKDF: SHA-256
+ * <ul>
+ * <li> PRF: http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 </li>
+ * <li> Salt: random 256 bit value</li>
+ * <li> Info: null</li>
+ * </ul>
+ * </li>
+ * </ul>
+ *
+ * @param keyBitLength the length of the derived key in bits
+ * @return KeyDerivationParameters the {@link KeyDerivationParameters} for
generating the
+ * key for encrypting transport key and generating XML elements.
+ * @throws WSSecurityException if the KeyDerivationParameters cannot be
created
+ */
+ private KeyDerivationParameters buildKeyDerivationParameters(int
keyBitLength) throws WSSecurityException {
+
+ switch (keyDerivationMethod) {
+ case WSS4JConstants.KEYDERIVATION_CONCATKDF:
+ return
XMLCipherUtil.constructConcatKeyDerivationParameter(keyBitLength,
WSConstants.SHA256,
+ "0000", "", "", null, null);
+ case WSS4JConstants.KEYDERIVATION_HKDF:
+ // use semi random value for salt.
+ // rfc5869: Yet, even a salt value of less quality (shorter in
+ // size or with limited entropy) may still make a significant
+ // contribution to the security of the output keying material
+ byte[] semiRandom = new byte[keyBitLength / 8];
+ new Random().nextBytes(semiRandom);
Review Comment:
I already made and configuration option for this (to use provided salt)
EncryptionTest.testEncryptionDecryptionWithKeyAgreementAndHKDF
and I have a suggestion then to make it to use by default SecureRandom.
And if someone would like to improve performance (for example with a
systems with a high message load) with KeyAgreement Method it can set its own
parameter values using the option:
builder.setKeyDerivationParameters(keyDerivationParameters);
(or by setting the: ENC_KEY_DERIVATION_PARAMS)
I do not think additional configuration option is needed then?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
