Module org.apache.santuario.xmlsec

Package org.apache.xml.security.encryption.keys.content.derivedKey

Class ConcatKDF

java.lang.Object

org.apache.xml.security.encryption.keys.content.derivedKey.ConcatKDF

All Implemented Interfaces:

DerivationAlgorithm

public class ConcatKDF
extends Object
implements DerivationAlgorithm

Key DerivationAlgorithm implementation, defined in Section 5.8.1 of NIST SP 800-56A [SP800-56A], and is equivalent to the KDF3 function defined in ANSI X9.44-2007 [ANSI-X9-44-2007] when the contents of the OtherInfo parameter is structured as in NIST SP 800-56A.

Identifier of the key derivation algorithm: http://www.w3.org/2009/xmlenc11#ConcatKDF

Constructor Summary

Constructors

Constructor	Description
ConcatKDF()	Default Constructor which sets the default digest algorithmURI parameter: http://www.w3.org/2001/04/xmlenc#sha256,
ConcatKDF(String algorithmURI)	Constructor ConcatKDF with digest algorithmURI parameter such as http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512, etc.

Method Summary

Modifier and Type	Method	Description
byte[]	deriveKey(byte[] secret, byte[] otherInfo, int offset, long keyLength)	Key DerivationAlgorithm implementation as defined in Section 5.8.1 of NIST SP 800-56A [SP800-56A] reps = ⎡ keydatalen / hashlen⎤. If reps > (2>32 −1), then ABORT: output an error indicator and stop. Initialize a 32-bit, big-endian bit string counter as 0000000116. If counter || Z || OtherInfo is more than max_hash_inputlen bits long, then ABORT: output an error indicator and stop.
byte[]	deriveKey(byte[] sharedSecret, String algID, String partyUInfo, String partyVInfo, String suppPubInfo, String suppPrivInfo, long keyLength)	Method concatenate the bitstrings in following order algID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.xml.security.encryption.keys.content.derivedKey.DerivationAlgorithm

deriveKey

Constructor Detail

ConcatKDF

public ConcatKDF(String algorithmURI)

Constructor ConcatKDF with digest algorithmURI parameter such as http://www.w3.org/2001/04/xmlenc#sha256, http://www.w3.org/2001/04/xmlenc#sha512, etc.

ConcatKDF

public ConcatKDF()

Default Constructor which sets the default digest algorithmURI parameter: http://www.w3.org/2001/04/xmlenc#sha256,

Method Detail

deriveKey

public byte[] deriveKey(byte[] secret,
                        byte[] otherInfo,
                        int offset,
                        long keyLength)
                 throws XMLSecurityException

Key DerivationAlgorithm implementation as defined in Section 5.8.1 of NIST SP 800-56A [SP800-56A]

• reps = ⎡ keydatalen / hashlen⎤.
• If reps > (2>32 −1), then ABORT: output an error indicator and stop.
• Initialize a 32-bit, big-endian bit string counter as 0000000116.
• If counter || Z || OtherInfo is more than max_hash_inputlen bits long, then ABORT: output an error indicator and stop.
• For i = 1 to reps by 1, do the following:
  • Compute Hashi = H(counter || Z || OtherInfo).
  • Increment counter (modulo 232), treating it as an unsigned 32-bit integer.
• Let Hhash be set to Hashreps if (keydatalen / hashlen) is an integer; otherwise, let Hhash be set to the (keydatalen mod hashlen) leftmost bits of Hashreps.
• Set DerivedKeyingMaterial = Hash1 || Hash2 || ... || Hashreps-1 || Hhash

Specified by:

deriveKey in interface DerivationAlgorithm

Parameters:

secret - The "shared" secret to use for key derivation (e.g. the secret key)

otherInfo - as specified in [SP800-56A] the optional attributes: AlgorithmID, PartyUInfo, PartyVInfo, SuppPubInfo and SuppPrivInfo attributes are concatenated to form a bit string “OtherInfo” that is used with the key derivation function.

offset - the offset parameter is ignored by this implementation.

keyLength - The length of the key to derive

Returns:

The derived key

Throws:

XMLEncryptionException - if the key length is too long to be derived with the given algorithm

XMLSecurityException - if something goes wrong during the key derivation

deriveKey

public byte[] deriveKey(byte[] sharedSecret,
                        String algID,
                        String partyUInfo,
                        String partyVInfo,
                        String suppPubInfo,
                        String suppPrivInfo,
                        long keyLength)
                 throws XMLSecurityException

Method concatenate the bitstrings in following order algID || partyUInfo || partyVInfo || suppPubInfo || suppPrivInfo. to crate otherInfo as key derivation function input. If named parameters are null the value is ignored. Method parses the bitstring firs {@See https://www.w3.org/TR/xmlenc-core1/#sec-ConcatKDF} and then concatenates them to a byte array.

Parameters:

sharedSecret - The "shared" secret to use for key derivation (e.g. the secret key)

algID - A bit string that indicates how the derived keying material will be parsed and for which algorithm(s) the derived secret keying material will be used.

partyUInfo - A bit string containing public information that is required by the application using this KDF to be contributed by party U to the key derivation process. At a minimum, PartyUInfo shall include IDU, the identifier of party U. See the notes below..

partyVInfo - A bit string containing public information that is required by the application using this KDF to be contributed by party V to the key derivation process. At a minimum, PartyVInfo shall include IDV, the identifier of party V. See the notes below.

suppPubInfo - bit string containing additional, mutually-known public information.

suppPrivInfo - The suppPrivInfo A bit string containing additional, mutually-known public Information.

keyLength - The length of the key to derive

Returns:

The resulting other info.

Throws:

XMLSecurityException