Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange for EC and XEC keys #234

Merged
merged 20 commits into from
Dec 20, 2023

Conversation

jrihtarsic
Copy link
Contributor

@coheigea
Copy link
Contributor

coheigea commented Nov 1, 2023

@jrihtarsic Please see the codeql comments

@jrihtarsic
Copy link
Contributor Author

@phax many thanks for all of the the comments. Let me know if you spot anything else.

Copy link

@phax phax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I cannot comment on the crypto stuff itself, so please don't bother too much with my notes :)

@coheigea
Copy link
Contributor

Let me know please when this is ready for review

@phax
Copy link

phax commented Nov 10, 2023

I like it ;-) Thanks @jrihtarsic for all the changes 😍

Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few more comments. I still need to do another couple of review passes thru the code though.

Copy link
Member

@seanjmullan seanjmullan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some more comments. Probably will need one more round of review.

@seanjmullan
Copy link
Member

As a follow-on enhancement, it would probably be useful to implement HKDF (see https://www.rfc-editor.org/rfc/rfc9231#name-hkdf-key-derivation) which seems to be more relevant than ConcatKDF.

@jrihtarsic
Copy link
Contributor Author

jrihtarsic commented Dec 18, 2023

@seanjmullan I have already prepared an implementation for HKDF a few weeks ago. I did not add it to this one since the change is already big and it is easier to follow changes with smaller and feature-oriented PRs )
Please see the:
https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-607

Here is the branch
https://github.com/jrihtarsic/santuario-xml-security-java/tree/main-ecdh-hkdf-implementation
and the implementation
https://github.com/jrihtarsic/santuario-xml-security-java/blob/main-ecdh-hkdf-implementation/src/main/java/org/apache/xml/security/keys/derivedKey/HKDF.java

I will prepare a PR for that as soon as this one is merged.

@seanjmullan
Copy link
Member

I am pretty much done with my review. I think the javadoc could be improved in various methods/classes but I don't want to hold this up anymore and this can probably be improved in the next revision or over time. I did not review the tests, so hopefully those are ok or someone else has reviewed them. Sorry it took so long. I'll do a final sanity check tomorrow on your latest commits and then if all looks good, add my approval.

@coheigea coheigea merged commit 6839cde into apache:main Dec 20, 2023
3 checks passed
@jrihtarsic
Copy link
Contributor Author

@seanjmullan Thank you very much for your valuable comments and suggestions. I will prepare the next PR for HKDF in the next week, where I will also focus more on code documentation.

coheigea pushed a commit that referenced this pull request Jan 12, 2024
…or EC and XEC keys (#234)

* Implementation of the Diffie-Hellman agreement for EC and XEC keys for main branch (4.0.x)

* Fix CodeQL warnings

* Update for the PR comments

* Update for the PR comments part 2

* Update for the PR comments part 3

* Update for the PR comments part 4

* Update for the PR comments part 4

* Update for the PR comments part 5

* Improve code quality

* Update for the PR comments part 6

* Move encryption specific classes to org.apache.xml.security.encryption package.

* Fix the PR comments

* Added DEREncodedKeyValue for DH and RSASSA-PSS keys, other PR fixes

* PR updates on usage of the AlgorithmParameterSpec interface

* PR updates for method XMLCipher.encryptKey

* PR update descriptions and class names

* PR update descriptions and class names

* PR - fix typos and javadoc

* PR updates

---------

Co-authored-by: RIHTARSIC Joze <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants