Community over Code EU 2024: The countdown has started!

2024-05-14 Thread Ryan Skraba 
[Note: You're receiving this email because you are subscribed to one
or more project dev@ mailing lists at the Apache Software Foundation.]

We are very close to Community Over Code EU -- check out the amazing
program and the special discounts that we have for you.

Special discounts

You still have the opportunity to secure your ticket for Community
Over Code EU. Explore the various options available, including the
regular pass, the committer and groups pass, and now introducing the
one-day pass tailored for locals in Bratislava.

We also have a special discount for you to attend both Community Over
Code and Berlin Buzzwords from June 9th to 11th. Visit our website to
find out more about this opportunity and contact te...@sg.com.mx to
get the discount code.

Take advantage of the discounts and register now!
https://eu.communityovercode.org/tickets/

Check out the full program!

This year Community Over Code Europe will bring to you three days of
keynotes and sessions that cover topics of interest for ASF projects
and the greater open source ecosystem including data engineering,
performance engineering, search, Internet of Things (IoT) as well as
sessions with tips and lessons learned on building a healthy open
source community.

Check out the program: https://eu.communityovercode.org/program/

Keynote speaker highlights for Community Over Code Europe include:

* Dirk-Willem Van Gulik, VP of Public Policy at the Apache Software
Foundation, will discuss the Cyber Resiliency Act and its impact on
open source (All your code belongs to Policy Makers, Politicians, and
the Law).

* Dr. Sherae Daniel will share the results of her study on the impact
of self-promotion for open source software developers (To Toot or not
to Toot, that is the question).

* Asim Hussain, Executive Director of the Green Software Foundation
will present a framework they have developed for quantifying the
environmental impact of software (Doing for Sustainability what Open
Source did for Software).

* Ruth Ikegah will  discuss the growth of the open source movement in
Africa (From Local Roots to Global Impact: Building an Inclusive Open
Source Community in Africa)

* A discussion panel on EU policies and regulations affecting
specialists working in Open Source Program Offices

Additional activities

* Poster sessions: We invite you to stop by our poster area and see if
the ideas presented ignite a conversation within your team.

* BOF time: Don't miss the opportunity to discuss in person with your
open source colleagues on your shared interests.

* Participants reception: At the end of the first day, we will have a
reception at the event venue. All participants are welcome to attend!

* Spontaneous talks: There is a dedicated room and social space for
having spontaneous talks and sessions. Get ready to share with your
peers.

* Lighting talks: At the end of the event we will have the awaited
Lighting talks, where every participant is welcome to share and
enlighten us.

Please remember:  If you haven't applied for the visa, we will provide
the necessary letter for the process. In the unfortunate case of a
visa rejection, your ticket will be reimbursed.

See you in Bratislava,

Community Over Code EU Team

Re: [PR] Implementation of the HKDF derivation function [santuario-xml-security-java]

2024-05-14 Thread via GitHub 


jrihtarsic commented on code in PR #271:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1600182025


##
src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/HKDF.java:
##
@@ -0,0 +1,182 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.encryption.keys.content.derivedKey;
+
+import org.apache.xml.security.encryption.XMLCipherUtil;
+import org.apache.xml.security.encryption.params.HKDFParams;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.I18n;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.ByteBuffer;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import static java.lang.System.Logger.Level.DEBUG;
+
+/**
+ * The implementation of the HMAC-based Extract-and-Expand Key Derivation 
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 
5869.
+ * 
+ * The HKDF algorithm is defined as follows:
+ * 
+ * N = ceil(L/HashLen)
+ * T = T(1) | T(2) | T(3) | ... | T(N)
+ * OKM = first L bytes of T
+ * where:
+ * T(0) = empty string (zero length)
+ * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
+ * T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
+ * T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
+ * ...
+ * 
+ */
+public class HKDF implements DerivationAlgorithm {
+
+
+private static final System.Logger LOG = 
System.getLogger(HKDF.class.getName());
+
+/**
+ * Derive a key using the HMAC-based Extract-and-Expand Key Derivation 
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869.
+ *
+ * @param secret The "shared" secret to use for key derivation
+ * @param params The key derivation parameters (salt, info, key length, 
...)
+ * @return The derived key of the specified length in bytes defined in the 
params
+ * @throws IllegalArgumentException if the parameters are missing
+ * @throws XMLSecurityException if the hmac hash algorithm is not 
supported
+ */
+@Override
+public byte[] deriveKey(byte[] secret, HKDFParams params) throws 
XMLSecurityException {
+// check if the parameters are set
+if (params == null) {
+throw new 
IllegalArgumentException(I18n.translate("KeyDerivation.MissingParameters"));
+}
+
+String jceAlgorithmName;
+try {
+jceAlgorithmName = 
XMLCipherUtil.getJCEMacHashForUri(params.getHmacHashAlgorithm());
+} catch (NoSuchAlgorithmException e) {
+throw new XMLSecurityException(e, 
"KeyDerivation.NotSupportedParameter", new 
Object[]{params.getHmacHashAlgorithm()});
+}
+
+byte[] prk = extractKey(jceAlgorithmName, params.getSalt(), secret);
+return expandKey(jceAlgorithmName, prk, params.getInfo(), 
params.getKeyLength());
+}
+
+/**
+ * The method "extracts" the pseudo-random key (PRK) based on HMAC-Hash 
function
+ * (optional) salt value (a non-secret random value) and the shared 
secret/input
+ * keying material (IKM).
+ * Calculation of the  extracted key:
+ * PRK = HMAC-Hash(salt, IKM)
+ *
+ * @param jceAlgorithmName the java JCE HMAC algorithm name to use for key 
derivation
+ * (e.g. HmacSHA256, HmacSHA384, HmacSHA512)
+ * @param salt the optional salt value (a non-secret random 
value);
+ * @param secret   the shared secret/input keying material (IKM) 
to use for
+ * key derivation
+ * @return the pseudo-random key bytes
+ * @throws XMLSecurityException if the jceAlgorithmName is not supported
+ */
+public byte[] extractKey(String jceAlgorithmName, byte[] salt, byte[] 
secret) throws XMLSecurityException {
+Mac hMac = initHMac(jceAlgorithmName, salt, true);
+hMac.reset();
+return hMac.doFinal(secret);
+}
+
+/**
+ * The method inits Hash-MAC with given PRK (as salt) and output OKM is 
calculated as follows:
+ * 
+ *  T(0) = empty string (zero length)
+ *  T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
+

Re: [PR] Implementation of the HKDF derivation function [santuario-xml-security-java]

2024-05-14 Thread via GitHub 


seanjmullan commented on code in PR #271:
URL: 
https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1599989548


##
src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/HKDF.java:
##
@@ -0,0 +1,182 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.encryption.keys.content.derivedKey;
+
+import org.apache.xml.security.encryption.XMLCipherUtil;
+import org.apache.xml.security.encryption.params.HKDFParams;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.I18n;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.ByteBuffer;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import static java.lang.System.Logger.Level.DEBUG;
+
+/**
+ * The implementation of the HMAC-based Extract-and-Expand Key Derivation 
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 
5869.
+ * 
+ * The HKDF algorithm is defined as follows:
+ * 
+ * N = ceil(L/HashLen)
+ * T = T(1) | T(2) | T(3) | ... | T(N)
+ * OKM = first L bytes of T
+ * where:
+ * T(0) = empty string (zero length)
+ * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
+ * T(2) = HMAC-Hash(PRK, T(1) | info | 0x02)
+ * T(3) = HMAC-Hash(PRK, T(2) | info | 0x03)
+ * ...
+ * 
+ */
+public class HKDF implements DerivationAlgorithm {
+
+
+private static final System.Logger LOG = 
System.getLogger(HKDF.class.getName());
+
+/**
+ * Derive a key using the HMAC-based Extract-and-Expand Key Derivation 
Function (HKDF)
+ * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869.
+ *
+ * @param secret The "shared" secret to use for key derivation
+ * @param params The key derivation parameters (salt, info, key length, 
...)
+ * @return The derived key of the specified length in bytes defined in the 
params
+ * @throws IllegalArgumentException if the parameters are missing
+ * @throws XMLSecurityException if the hmac hash algorithm is not 
supported
+ */
+@Override
+public byte[] deriveKey(byte[] secret, HKDFParams params) throws 
XMLSecurityException {
+// check if the parameters are set
+if (params == null) {
+throw new 
IllegalArgumentException(I18n.translate("KeyDerivation.MissingParameters"));
+}
+
+String jceAlgorithmName;
+try {
+jceAlgorithmName = 
XMLCipherUtil.getJCEMacHashForUri(params.getHmacHashAlgorithm());
+} catch (NoSuchAlgorithmException e) {
+throw new XMLSecurityException(e, 
"KeyDerivation.NotSupportedParameter", new 
Object[]{params.getHmacHashAlgorithm()});
+}
+
+byte[] prk = extractKey(jceAlgorithmName, params.getSalt(), secret);
+return expandKey(jceAlgorithmName, prk, params.getInfo(), 
params.getKeyLength());
+}
+
+/**
+ * The method "extracts" the pseudo-random key (PRK) based on HMAC-Hash 
function
+ * (optional) salt value (a non-secret random value) and the shared 
secret/input
+ * keying material (IKM).
+ * Calculation of the  extracted key:
+ * PRK = HMAC-Hash(salt, IKM)
+ *
+ * @param jceAlgorithmName the java JCE HMAC algorithm name to use for key 
derivation
+ * (e.g. HmacSHA256, HmacSHA384, HmacSHA512)
+ * @param salt the optional salt value (a non-secret random 
value);
+ * @param secret   the shared secret/input keying material (IKM) 
to use for
+ * key derivation
+ * @return the pseudo-random key bytes
+ * @throws XMLSecurityException if the jceAlgorithmName is not supported
+ */
+public byte[] extractKey(String jceAlgorithmName, byte[] salt, byte[] 
secret) throws XMLSecurityException {
+Mac hMac = initHMac(jceAlgorithmName, salt, true);
+hMac.reset();
+return hMac.doFinal(secret);
+}
+
+/**
+ * The method inits Hash-MAC with given PRK (as salt) and output OKM is 
calculated as follows:
+ * 
+ *  T(0) = empty string (zero length)
+ *  T(1) = HMAC-Hash(PRK, T(0) | info | 0x01)
+