jrihtarsic commented on code in PR #298:
URL: https://github.com/apache/ws-wss4j/pull/298#discussion_r1531896178
##########
ws-security-dom/src/main/java/org/apache/wss4j/dom/message/WSSecEncryptedKey.java:
##########
@@ -561,6 +581,56 @@ private KeyAgreementParameters
buildKeyAgreementParameter(PublicKey recipientPub
return dhSpec;
}
+ /**
+ * Method builds the KeyDerivationParameters for keyDerivationMethod and
default values. The default values for
+ * the key derivation method are:
+ * <ul>
+ * <li>ConcatKDF
+ * <ul>
+ * <li> DigestAlgorithm:
"http://www.w3.org/2001/04/xmlenc#sha256";</li>
+ * <li> AlgorithmID: "0000"</li>
+ * <li> PartyUInfo: ""</li>
+ * <li> PartyVInfo: ""</li>
+ * <li> SuppPubInfo: null</li>
+ * <li> SuppPrivInfo: null</li>
+ * </ul>
+ * <li>HKDF: SHA-256
+ * <ul>
+ * <li> PRF: http://www.w3.org/2001/04/xmldsig-more#hmac-sha256 </li>
+ * <li> Salt: random 256 bit value</li>
+ * <li> Info: null</li>
+ * </ul>
+ * </li>
+ * </ul>
+ *
+ * @param keyBitLength the length of the derived key in bits
+ * @return KeyDerivationParameters the {@link KeyDerivationParameters} for
generating the
+ * key for encrypting transport key and generating XML elements.
+ * @throws WSSecurityException if the KeyDerivationParameters cannot be
created
+ */
+ private KeyDerivationParameters buildKeyDerivationParameters(int
keyBitLength) throws WSSecurityException {
+
+ switch (keyDerivationMethod) {
+ case WSS4JConstants.KEYDERIVATION_CONCATKDF:
+ return
XMLCipherUtil.constructConcatKeyDerivationParameter(keyBitLength,
WSConstants.SHA256,
+ "0000", "", "", null, null);
+ case WSS4JConstants.KEYDERIVATION_HKDF:
+ // use semi random value for salt.
+ // rfc5869: Yet, even a salt value of less quality (shorter in
+ // size or with limited entropy) may still make a significant
+ // contribution to the security of the output keying material
+ byte[] semiRandom = new byte[keyBitLength / 8];
+ new Random().nextBytes(semiRandom);
Review Comment:
In this particular case (and only this one) the SecureRandom does not
significantly enhance cryptographic security but does impact performance.
The Random is most optimal choice for most use cases with HKDF.
However, if a user requires stronger cryptographic security for HKDF salt,
they can provide their own value using keyDerivationParameters.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@ws.apache.org
For additional commands, e-mail: dev-h...@ws.apache.org
