github-advanced-security[bot] commented on code in PR #271:
URL:
https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r159388
##
src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/HKDF.java:
##
@@ -0,0 +1,182 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.encryption.keys.content.derivedKey;
+
+import org.apache.xml.security.encryption.XMLCipherUtil;
+import org.apache.xml.security.encryption.params.HKDFParams;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.I18n;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.ByteBuffer;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import static java.lang.System.Logger.Level.DEBUG;
+
+/**
+ * The implementation of the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC
5869.
+ *
+ * The HKDF algorithm is defined as follows:
+ *
+ * N = ceil(L/HashLen)
+ * T = T(1) | T(2) | T(3) | ... | T(N)
+ * OKM = first L bytes of T
+ * where:
+ * T(0) = empty string (zero length)
+ * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
+ * T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
+ * T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
+ * ...
+ *
+ */
+public class HKDF implements DerivationAlgorithm {
+
+
+private static final System.Logger LOG =
System.getLogger(HKDF.class.getName());
+
+/**
+ * Derive a key using the HMAC-based Extract-and-Expand Key Derivation
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869.
+ *
+ * @param secret The "shared" secret to use for key derivation
+ * @param params The key derivation parameters (salt, info, key length,
...)
+ * @return The derived key of the specified length in bytes defined in the
params
+ * @throws IllegalArgumentException if the parameters are missing
+ * @throws XMLSecurityException if the hmac hash algorithm is not
supported
+ */
+@Override
+public byte[] deriveKey(byte[] secret, HKDFParams params) throws
XMLSecurityException {
+// check if the parameters are set
+if (params == null) {
+throw new
IllegalArgumentException(I18n.translate("KeyDerivation.MissingParameters"));
+}
+
+String jceAlgorithmName;
+try {
+jceAlgorithmName =
XMLCipherUtil.getJCEMacHashForUri(params.getHmacHashAlgorithm());
+} catch (NoSuchAlgorithmException e) {
+throw new XMLSecurityException(e,
"KeyDerivation.NotSupportedParameter", new
Object[]{params.getHmacHashAlgorithm()});
+}
+
+byte[] prk = extractKey(jceAlgorithmName, params.getSalt(), secret);
+return expandKey(jceAlgorithmName, prk, params.getInfo(),
params.getKeyLength());
+}
+
+/**
+ * The method "extracts" the pseudo-random key (PRK) based on HMAC-Hash
function
+ * (optional) salt value (a non-secret random value) and the shared
secret/input
+ * keying material (IKM).
+ * Calculation of the extracted key:
+ * PRK = HMAC-Hash(salt, IKM)
+ *
+ * @param jceAlgorithmName the java JCE HMAC algorithm name to use for key
derivation
+ * (e.g. HmacSHA256, HmacSHA384, HmacSHA512)
+ * @param salt the optional salt value (a non-secret random
value);
+ * @param secret the shared secret/input keying material (IKM)
to use for
+ * key derivation
+ * @return the pseudo-random key bytes
+ * @throws XMLSecurityException if the jceAlgorithmName is not supported
+ */
+public byte[] extractKey(String jceAlgorithmName, byte[] salt, byte[]
secret) throws XMLSecurityException {
+Mac hMac = initHMac(jceAlgorithmName, salt, true);
+hMac.reset();
+return hMac.doFinal(secret);
+}
+
+/**
+ * The method inits Hash-MAC with given PRK (as salt) and output OKM is
calculated as follows:
+ *
+ * T(0) = empty string (zero length)
+ * T(1) = HMAC-Hash(PRK, T(0) |
