SANTUARIO-511: Implementation of the Diffie-Hellman-ES key exchange f…

…or EC and XEC keys (#234) * Implementation of the Diffie-Hellman agreement for EC and XEC keys for main branch (4.0.x) * Fix CodeQL warnings * Update for the PR comments * Update for the PR comments part 2 * Update for the PR comments part 3 * Update for the PR comments part 4 * Update for the PR comments part 4 * Update for the PR comments part 5 * Improve code quality * Update for the PR comments part 6 * Move encryption specific classes to org.apache.xml.security.encryption package. * Fix the PR comments * Added DEREncodedKeyValue for DH and RSASSA-PSS keys, other PR fixes * PR updates on usage of the AlgorithmParameterSpec interface * PR updates for method XMLCipher.encryptKey * PR update descriptions and class names * PR update descriptions and class names * PR - fix typos and javadoc * PR updates --------- Co-authored-by: RIHTARSIC Joze <[email protected]>
apache · Jan 12, 2024 · 16932a2 · 16932a2
1 parent 91f806c
commit 16932a2
Show file tree

Hide file tree

Showing 61 changed files with 3,863 additions and 212 deletions.
diff --git a/src/main/java/org/apache/xml/security/algorithms/MessageDigestAlgorithm.java b/src/main/java/org/apache/xml/security/algorithms/MessageDigestAlgorithm.java
@@ -99,7 +99,7 @@ public static MessageDigestAlgorithm getInstance(
         return new MessageDigestAlgorithm(doc, algorithmURI);
     }
 
-    private static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
+    public static MessageDigest getDigestInstance(String algorithmURI) throws XMLSignatureException {
         String algorithmID = JCEMapper.translateURItoJCEID(algorithmURI);
 
         if (algorithmID == null) {

diff --git a/src/main/java/org/apache/xml/security/encryption/AgreementMethod.java b/src/main/java/org/apache/xml/security/encryption/AgreementMethod.java
@@ -18,9 +18,12 @@
  */
 package org.apache.xml.security.encryption;
 
+import java.security.PublicKey;
 import java.util.Iterator;
 
-import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.encryption.keys.OriginatorKeyInfo;
+import org.apache.xml.security.encryption.keys.RecipientKeyInfo;
 import org.w3c.dom.Element;
 
 /**
@@ -88,6 +91,22 @@ public interface AgreementMethod {
      */
     void setKANonce(byte[] kanonce);
 
+
+    /**
+     * Returns KeyDerivationMethod information used in the <code>AgreementMethod</code>.
+     * @return The KeyDerivationMethod information regarding the <code>AgreementMethod</code>.
+     */
+    KeyDerivationMethod getKeyDerivationMethod() throws XMLSecurityException;
+
+    /**
+     * This method is used to set the <code>KeyDerivationMethod</code> when the <code>AgreementMethod</code> is being
+     * used to derive a key. The <code>KeyDerivationMethod</code> is declared as  <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+     * but is used in ECDH_ES
+     *
+     * @param keyDerivationMethod
+     */
+    void setKeyDerivationMethod(KeyDerivationMethod keyDerivationMethod);
+
     /**
      * Returns additional information regarding the <code>AgreementMethod</code>.
      * @return additional information regarding the <code>AgreementMethod</code>.
@@ -114,35 +133,42 @@ public interface AgreementMethod {
      *     <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
      *   </pre>
      */
-    void revoveAgreementMethodInformation(Element info);
+    void removeAgreementMethodInformation(Element info);
 
     /**
      * Returns information relating to the originator's shared secret.
      *
      * @return information relating to the originator's shared secret.
      */
-    KeyInfo getOriginatorKeyInfo();
+    OriginatorKeyInfo getOriginatorKeyInfo() throws XMLSecurityException;
 
     /**
      * Sets the information relating to the originator's shared secret.
      *
      * @param keyInfo information relating to the originator's shared secret.
      */
-    void setOriginatorKeyInfo(KeyInfo keyInfo);
+    void setOriginatorKeyInfo(OriginatorKeyInfo keyInfo);
+
+    /**
+     * Sets the originator's PublicKey to generate the secret
+     *
+     * @param publicKey originator's PublicKey
+     */
+    void setOriginatorPublicKey(PublicKey publicKey);
 
     /**
      * Returns information relating to the recipient's shared secret.
      *
      * @return information relating to the recipient's shared secret.
      */
-    KeyInfo getRecipientKeyInfo();
+    RecipientKeyInfo getRecipientKeyInfo() throws XMLSecurityException;
 
     /**
      * Sets the information relating to the recipient's shared secret.
      *
      * @param keyInfo information relating to the recipient's shared secret.
      */
-    void setRecipientKeyInfo(KeyInfo keyInfo);
+    void setRecipientKeyInfo(RecipientKeyInfo keyInfo);
 
     /**
      * Returns the algorithm URI of this <code>CryptographicMethod</code>.

diff --git a/src/main/java/org/apache/xml/security/encryption/KeyDerivationMethod.java b/src/main/java/org/apache/xml/security/encryption/KeyDerivationMethod.java
@@ -0,0 +1,46 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.xml.security.encryption;
+
+/**
+ * The key derivation is to generate new cryptographic key material from existing key material such as the shared
+ * secret and any other (private or public) information. The purpose of the key derivation is an extension of a given
+ * but limited set of original key materials and to limit the use (exposure) of such key material.
+ *
+ * The Schema for KeyDerivationMethod is as follows:
+ * <pre>
+ * <element name="KeyDerivationMethod" type="xenc:KeyDerivationMethodType"/>
+ * <complexType name="KeyDerivationMethodType">
+ *   <sequence>
+ *     <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ *   </sequence>
+ *   <attribute name="Algorithm" type="anyURI" use="required"/>
+ * </complexType>
+ * </pre>
+ */
+public interface KeyDerivationMethod {
+
+    /**
+     * Returns the algorithm URI of this <code>KeyDerivationMethod</code>.
+     *
+     * @return the algorithm URI of this <code>KeyDerivationMethod</code>
+     */
+    String getAlgorithm();
+}