Re: [PR] SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys [santuario-xml-security-java]

Thu, 14 Dec 2023 22:08:24 -0800 


jrihtarsic commented on code in PR #234:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/234#discussion_r1427590175


##########
src/main/java/org/apache/xml/security/encryption/XMLCipher.java:
##########
@@ -1364,26 +1377,41 @@ public EncryptedKey encryptKey(
         } else {
             c = contextCipher;
         }
-        // Now perform the encryption
 
+        AlgorithmParameterSpec chiperSpec = null;
+        KeyPair origninatorKeyPair = null;
+        Key wrapKey = this.key;
+        if (params instanceof OAEPParameterSpec) {
+            chiperSpec = params;
+            wrapKey = this.key;
+        } else if (params instanceof KeyAgreementParameterSpec) {
+            KeyAgreementParameterSpec keyAgreementParameter = 
(KeyAgreementParameterSpec) params;
+            PublicKey recipientPublicKey = (PublicKey) this.key;

Review Comment:
   This is an excellent question, and it has presented me with a challenge in 
terms of design implementation.
   With all code updates I made, I've tried to understand and then reuse as 
much of the existing code workflows as possible, so that the new functionality 
matches the existing library usage as closely as possible.
   
   In this example, I used an example of how XMLChiper is configured.
   XMLCipher.RSA_OAEP, where the public key is added at init phase
   
   See the example in test:
   
   KeyWrapEncryptionAlgorithmTest.testRSAOAEPKW:
   
   ```
   XMLCipher cipher = XMLCipher.getInstance(XMLCipher.RSA_OAEP); 
   cipher.init(XMLCipher.WRAP_MODE, rsaKeyPair.getPublic());
   EncryptedKey encryptedKey = cipher.encryptKey(document, key);
   ```
   
   And then I thought that I can do exactly the same with Key agreement using 
ECDH_ES  since similar "initial set of keys" is needed:
   
   ```
   XMLCipher cipher = XMLCipher.getInstance(XMLCipher.AES_128_KeyWrap);
   cipher.init(XMLCipher.WRAP_MODE, pubRecipientKey);
   KeyAgreementParameterSpec parameterSpec = //...  
    // KeyAgreementParameterSpec does not contain any keys and  it takes it 
from pubRecipientKey set by init method
   EncryptedKey encryptedKey = cipherEncKey.encryptKey(d, key, parameterSpec, 
null);
   ```
   



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to