Community over Code EU 2024: The countdown has started!
[Note: You're receiving this email because you are subscribed to one or more project dev@ mailing lists at the Apache Software Foundation.] We are very close to Community Over Code EU -- check out the amazing program and the special discounts that we have for you. Special discounts You still have the opportunity to secure your ticket for Community Over Code EU. Explore the various options available, including the regular pass, the committer and groups pass, and now introducing the one-day pass tailored for locals in Bratislava. We also have a special discount for you to attend both Community Over Code and Berlin Buzzwords from June 9th to 11th. Visit our website to find out more about this opportunity and contact te...@sg.com.mx to get the discount code. Take advantage of the discounts and register now! https://eu.communityovercode.org/tickets/ Check out the full program! This year Community Over Code Europe will bring to you three days of keynotes and sessions that cover topics of interest for ASF projects and the greater open source ecosystem including data engineering, performance engineering, search, Internet of Things (IoT) as well as sessions with tips and lessons learned on building a healthy open source community. Check out the program: https://eu.communityovercode.org/program/ Keynote speaker highlights for Community Over Code Europe include: * Dirk-Willem Van Gulik, VP of Public Policy at the Apache Software Foundation, will discuss the Cyber Resiliency Act and its impact on open source (All your code belongs to Policy Makers, Politicians, and the Law). * Dr. Sherae Daniel will share the results of her study on the impact of self-promotion for open source software developers (To Toot or not to Toot, that is the question). * Asim Hussain, Executive Director of the Green Software Foundation will present a framework they have developed for quantifying the environmental impact of software (Doing for Sustainability what Open Source did for Software). * Ruth Ikegah will discuss the growth of the open source movement in Africa (From Local Roots to Global Impact: Building an Inclusive Open Source Community in Africa) * A discussion panel on EU policies and regulations affecting specialists working in Open Source Program Offices Additional activities * Poster sessions: We invite you to stop by our poster area and see if the ideas presented ignite a conversation within your team. * BOF time: Don't miss the opportunity to discuss in person with your open source colleagues on your shared interests. * Participants reception: At the end of the first day, we will have a reception at the event venue. All participants are welcome to attend! * Spontaneous talks: There is a dedicated room and social space for having spontaneous talks and sessions. Get ready to share with your peers. * Lighting talks: At the end of the event we will have the awaited Lighting talks, where every participant is welcome to share and enlighten us. Please remember: If you haven't applied for the visa, we will provide the necessary letter for the process. In the unfortunate case of a visa rejection, your ticket will be reimbursed. See you in Bratislava, Community Over Code EU Team
Re: [PR] Implementation of the HKDF derivation function [santuario-xml-security-java]
jrihtarsic commented on code in PR #271: URL: https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1600182025 ## src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/HKDF.java: ## @@ -0,0 +1,182 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.xml.security.encryption.keys.content.derivedKey; + +import org.apache.xml.security.encryption.XMLCipherUtil; +import org.apache.xml.security.encryption.params.HKDFParams; +import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.utils.I18n; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import java.nio.ByteBuffer; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; + +import static java.lang.System.Logger.Level.DEBUG; + +/** + * The implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) + * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869. + * + * The HKDF algorithm is defined as follows: + * + * N = ceil(L/HashLen) + * T = T(1) | T(2) | T(3) | ... | T(N) + * OKM = first L bytes of T + * where: + * T(0) = empty string (zero length) + * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) + * T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) + * T(3) = HMAC-Hash(PRK, T(2) | info | 0x03) + * ... + * + */ +public class HKDF implements DerivationAlgorithm { + + +private static final System.Logger LOG = System.getLogger(HKDF.class.getName()); + +/** + * Derive a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) + * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869. + * + * @param secret The "shared" secret to use for key derivation + * @param params The key derivation parameters (salt, info, key length, ...) + * @return The derived key of the specified length in bytes defined in the params + * @throws IllegalArgumentException if the parameters are missing + * @throws XMLSecurityException if the hmac hash algorithm is not supported + */ +@Override +public byte[] deriveKey(byte[] secret, HKDFParams params) throws XMLSecurityException { +// check if the parameters are set +if (params == null) { +throw new IllegalArgumentException(I18n.translate("KeyDerivation.MissingParameters")); +} + +String jceAlgorithmName; +try { +jceAlgorithmName = XMLCipherUtil.getJCEMacHashForUri(params.getHmacHashAlgorithm()); +} catch (NoSuchAlgorithmException e) { +throw new XMLSecurityException(e, "KeyDerivation.NotSupportedParameter", new Object[]{params.getHmacHashAlgorithm()}); +} + +byte[] prk = extractKey(jceAlgorithmName, params.getSalt(), secret); +return expandKey(jceAlgorithmName, prk, params.getInfo(), params.getKeyLength()); +} + +/** + * The method "extracts" the pseudo-random key (PRK) based on HMAC-Hash function + * (optional) salt value (a non-secret random value) and the shared secret/input + * keying material (IKM). + * Calculation of the extracted key: + * PRK = HMAC-Hash(salt, IKM) + * + * @param jceAlgorithmName the java JCE HMAC algorithm name to use for key derivation + * (e.g. HmacSHA256, HmacSHA384, HmacSHA512) + * @param salt the optional salt value (a non-secret random value); + * @param secret the shared secret/input keying material (IKM) to use for + * key derivation + * @return the pseudo-random key bytes + * @throws XMLSecurityException if the jceAlgorithmName is not supported + */ +public byte[] extractKey(String jceAlgorithmName, byte[] salt, byte[] secret) throws XMLSecurityException { +Mac hMac = initHMac(jceAlgorithmName, salt, true); +hMac.reset(); +return hMac.doFinal(secret); +} + +/** + * The method inits Hash-MAC with given PRK (as salt) and output OKM is calculated as follows: + * + * T(0) = empty string (zero length) + * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) +
Re: [PR] Implementation of the HKDF derivation function [santuario-xml-security-java]
seanjmullan commented on code in PR #271: URL: https://github.com/apache/santuario-xml-security-java/pull/271#discussion_r1599989548 ## src/main/java/org/apache/xml/security/encryption/keys/content/derivedKey/HKDF.java: ## @@ -0,0 +1,182 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.xml.security.encryption.keys.content.derivedKey; + +import org.apache.xml.security.encryption.XMLCipherUtil; +import org.apache.xml.security.encryption.params.HKDFParams; +import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.utils.I18n; + +import javax.crypto.Mac; +import javax.crypto.spec.SecretKeySpec; +import java.nio.ByteBuffer; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; + +import static java.lang.System.Logger.Level.DEBUG; + +/** + * The implementation of the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) + * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869. + * + * The HKDF algorithm is defined as follows: + * + * N = ceil(L/HashLen) + * T = T(1) | T(2) | T(3) | ... | T(N) + * OKM = first L bytes of T + * where: + * T(0) = empty string (zero length) + * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) + * T(2) = HMAC-Hash(PRK, T(1) | info | 0x02) + * T(3) = HMAC-Hash(PRK, T(2) | info | 0x03) + * ... + * + */ +public class HKDF implements DerivationAlgorithm { + + +private static final System.Logger LOG = System.getLogger(HKDF.class.getName()); + +/** + * Derive a key using the HMAC-based Extract-and-Expand Key Derivation Function (HKDF) + * as defined in https://datatracker.ietf.org/doc/html/rfc5869;>RFC 5869. + * + * @param secret The "shared" secret to use for key derivation + * @param params The key derivation parameters (salt, info, key length, ...) + * @return The derived key of the specified length in bytes defined in the params + * @throws IllegalArgumentException if the parameters are missing + * @throws XMLSecurityException if the hmac hash algorithm is not supported + */ +@Override +public byte[] deriveKey(byte[] secret, HKDFParams params) throws XMLSecurityException { +// check if the parameters are set +if (params == null) { +throw new IllegalArgumentException(I18n.translate("KeyDerivation.MissingParameters")); +} + +String jceAlgorithmName; +try { +jceAlgorithmName = XMLCipherUtil.getJCEMacHashForUri(params.getHmacHashAlgorithm()); +} catch (NoSuchAlgorithmException e) { +throw new XMLSecurityException(e, "KeyDerivation.NotSupportedParameter", new Object[]{params.getHmacHashAlgorithm()}); +} + +byte[] prk = extractKey(jceAlgorithmName, params.getSalt(), secret); +return expandKey(jceAlgorithmName, prk, params.getInfo(), params.getKeyLength()); +} + +/** + * The method "extracts" the pseudo-random key (PRK) based on HMAC-Hash function + * (optional) salt value (a non-secret random value) and the shared secret/input + * keying material (IKM). + * Calculation of the extracted key: + * PRK = HMAC-Hash(salt, IKM) + * + * @param jceAlgorithmName the java JCE HMAC algorithm name to use for key derivation + * (e.g. HmacSHA256, HmacSHA384, HmacSHA512) + * @param salt the optional salt value (a non-secret random value); + * @param secret the shared secret/input keying material (IKM) to use for + * key derivation + * @return the pseudo-random key bytes + * @throws XMLSecurityException if the jceAlgorithmName is not supported + */ +public byte[] extractKey(String jceAlgorithmName, byte[] salt, byte[] secret) throws XMLSecurityException { +Mac hMac = initHMac(jceAlgorithmName, salt, true); +hMac.reset(); +return hMac.doFinal(secret); +} + +/** + * The method inits Hash-MAC with given PRK (as salt) and output OKM is calculated as follows: + * + * T(0) = empty string (zero length) + * T(1) = HMAC-Hash(PRK, T(0) | info | 0x01) +