diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..90e2fb4 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +# dependabot analyzing maven dependencies +version: 2 +updates: + - package-ecosystem: "maven" + directory: "/" + open-pull-requests-limit: 3 + schedule: + interval: "weekly" + labels: + - "dependencies" diff --git a/.github/workflows/build_deploy.yml b/.github/workflows/build_deploy.yml new file mode 100644 index 0000000..d750d9c --- /dev/null +++ b/.github/workflows/build_deploy.yml @@ -0,0 +1,94 @@ +name: Build and Deploy with Maven + +on: + push: + branches: + - main + tags: + - '*' # Trigger on all tags + pull_request: { } + +env: + SONARQUBE_PROJECT: patrickfav_singlestep-kdf + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout Code + uses: actions/checkout@v3 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Cache SonarCloud packages + uses: actions/cache@v3 + with: + path: ~/.sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache Maven + id: cache-primes + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Set up JDK + uses: actions/setup-java@v3 + with: + java-version: '11' + distribution: 'temurin' + - name: Build with Maven + run: ./mvnw -B clean verify -DcommonConfig.jarSign.skip=true + - name: Analyze with SonaQube + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: mvn -B org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=$SONARQUBE_PROJECT + + deploy: + needs: build + if: startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - name: Retrieve Keystore from secrets + env: + KEYSTORE_BASE64: ${{ secrets.KEYSTORE_BASE64 }} + run: | + echo $KEYSTORE_BASE64 | base64 --decode > keystore.jks + - name: Cache Maven + id: cache-primes + uses: actions/cache@v3 + with: + path: ~/.m2 + key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} + restore-keys: ${{ runner.os }}-m2 + - name: Set up Maven Central Repository + uses: actions/setup-java@v3 + with: + java-version: '11' + distribution: 'temurin' + server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml + server-username: MAVEN_USERNAME # env variable for username in deploy + server-password: MAVEN_PASSWORD # env variable for token in deploy + gpg-private-key: ${{ secrets.MAVEN_GPG_PRIVATE_KEY }} # Value of the GPG private key to import + gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase + - name: Publish package + # prepare bcrypt with verify, stage and then release, after that build all modules to upload to github + run: ./mvnw -B verify -DskipTests + env: + OPENSOURCE_PROJECTS_KS_PW: ${{ secrets.KEYSTORE_PASSWORD }} + OPENSOURCE_PROJECTS_KEY_PW: ${{ secrets.KEYSTORE_KEY_PASSWORD }} + MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }} + MAVEN_PASSWORD: ${{ secrets.OSSRH_TOKEN }} + MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }} + - name: Create and upload Github Release + uses: xresloader/upload-to-github-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + file: "target/singlestep-*.jar;target/*.sha256;target/checksum-sha256.txt" + tags: true + draft: false diff --git a/.mvn/maven.config b/.mvn/maven.config index b9d8785..f1099e4 100644 --- a/.mvn/maven.config +++ b/.mvn/maven.config @@ -1 +1 @@ --DcommonConfig.compiler.profile=jdk7_w_errorprone +-DcommonConfig.compiler.profile=jdk7 diff --git a/.mvn/wrapper/MavenWrapperDownloader.java b/.mvn/wrapper/MavenWrapperDownloader.java deleted file mode 100644 index b901097..0000000 --- a/.mvn/wrapper/MavenWrapperDownloader.java +++ /dev/null @@ -1,117 +0,0 @@ -/* - * Copyright 2007-present the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -import java.net.*; -import java.io.*; -import java.nio.channels.*; -import java.util.Properties; - -public class MavenWrapperDownloader { - - private static final String WRAPPER_VERSION = "0.5.6"; - /** - * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided. - */ - private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/" - + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar"; - - /** - * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to - * use instead of the default one. - */ - private static final String MAVEN_WRAPPER_PROPERTIES_PATH = - ".mvn/wrapper/maven-wrapper.properties"; - - /** - * Path where the maven-wrapper.jar will be saved to. - */ - private static final String MAVEN_WRAPPER_JAR_PATH = - ".mvn/wrapper/maven-wrapper.jar"; - - /** - * Name of the property which should be used to override the default download url for the wrapper. - */ - private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl"; - - public static void main(String args[]) { - System.out.println("- Downloader started"); - File baseDirectory = new File(args[0]); - System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath()); - - // If the maven-wrapper.properties exists, read it and check if it contains a custom - // wrapperUrl parameter. - File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH); - String url = DEFAULT_DOWNLOAD_URL; - if(mavenWrapperPropertyFile.exists()) { - FileInputStream mavenWrapperPropertyFileInputStream = null; - try { - mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile); - Properties mavenWrapperProperties = new Properties(); - mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream); - url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url); - } catch (IOException e) { - System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'"); - } finally { - try { - if(mavenWrapperPropertyFileInputStream != null) { - mavenWrapperPropertyFileInputStream.close(); - } - } catch (IOException e) { - // Ignore ... - } - } - } - System.out.println("- Downloading from: " + url); - - File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH); - if(!outputFile.getParentFile().exists()) { - if(!outputFile.getParentFile().mkdirs()) { - System.out.println( - "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'"); - } - } - System.out.println("- Downloading to: " + outputFile.getAbsolutePath()); - try { - downloadFileFromURL(url, outputFile); - System.out.println("Done"); - System.exit(0); - } catch (Throwable e) { - System.out.println("- Error downloading"); - e.printStackTrace(); - System.exit(1); - } - } - - private static void downloadFileFromURL(String urlString, File destination) throws Exception { - if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) { - String username = System.getenv("MVNW_USERNAME"); - char[] password = System.getenv("MVNW_PASSWORD").toCharArray(); - Authenticator.setDefault(new Authenticator() { - @Override - protected PasswordAuthentication getPasswordAuthentication() { - return new PasswordAuthentication(username, password); - } - }); - } - URL website = new URL(urlString); - ReadableByteChannel rbc; - rbc = Channels.newChannel(website.openStream()); - FileOutputStream fos = new FileOutputStream(destination); - fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE); - fos.close(); - rbc.close(); - } - -} diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar index 2cc7d4a..bf82ff0 100644 Binary files a/.mvn/wrapper/maven-wrapper.jar and b/.mvn/wrapper/maven-wrapper.jar differ diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties index 642d572..dc3affc 100644 --- a/.mvn/wrapper/maven-wrapper.properties +++ b/.mvn/wrapper/maven-wrapper.properties @@ -1,2 +1,18 @@ -distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.6.3/apache-maven-3.6.3-bin.zip -wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index df77781..0000000 --- a/.travis.yml +++ /dev/null @@ -1,50 +0,0 @@ -# To let the CI execute the maven wrapper, use this command and push the change: -# git update-index --chmod=+x mvnw - -language: java -jdk: - - openjdk8 - -env: - global: - - secure: "YDS+pN6os7qC8FUe4cwUgqfvgYTaOkLmEgc21GRIztDXAIpov61PjCsOwGbZjVOgUahU8f6qLWZ8dfkjitP65tdTMywYDKhVgb6xYGPwkt82AuKDJXlVRgYQRoUo/hl94IDcu4Yk49FHHWXKcUCOEAjIrpgUIIMguTroPg46Qoh5nrfeL2d9/K8XLB0rqcUfFeyClcQgF7dMSkD7trkGSoqVRwidUDwZrRR9tQsM+mWAviL8JhhVB5biN17CLn/xmbVd85ml1XFwneSTsKBK3+Ah/nujB6XZmDltCiwXDOBHrDLaliwP8LCHI96PFuUpfrdHG1ixBkTULzIWO4nEJ8ucWx4j3ygSruvUNE8a7XkalP2fGFjHjYIHhQgs+I5ve0fM+fOxaXWPvMFhbmk05k5m6U+WTji1w1awvsmPnYwjjg8M0sWleXNLhqaqZK3fwBj6I05OnYeKMT26VDGhmtu4E88TaNkrrj/6gsIVgZh/mwmrSW/+skHeDKnD+M3RqEaJPDqmHemYD8uTBaSm+/6DowsblDa3j9GYj2p5LydNGMnLOALizYFCrsmbrSJCSowRbn32x/pCA3PeQddFwlZ9eMmxMhEYXysFblKnXR0+oB4uu+HY8hUG+MzVEVzANmYMiS5No3Mc+UVxwFJFUwmxgukcPaxYchGrieRcMFg=" - - secure: "GGeJgwmHDPe9wyE7DWO1qRoMjZmKrQGtgwf836w1nvvm5Q1Oulak6GracKMphICT2TD4h4wj7s0NPC1gqmb/jihCzqSEuYzWVKlEZlu6MquwD+nmMU2MSyd9dlti3sAqH1sU6tWmpN4CJUTfBd6f9ZvBubQVHgv4fb+WMmFOgCIDcLVwy9mLQ6qugnEZhYggmZyP5FvzPSsGu2BQgjITyC4ry3ciRyLZLjYoxO+5LeWR/eg2WoSo0uxHYpkJQNUP1hI0WGRTAdCo/tHo3YaTSyWVT9/rb6OBWqsWmhEgNI/4IGGLqqFXHXJKTyoyZ5ireAYy65yseImRvgEsOWIgXS1gji5nV12P2VB4Vdq8GN0gfuckvpZH3e0lBIMHOBoS9/usr1WuGphptuyrtFcFozYT8S1ncRfX+cj/emoImi8kcvzJa0Xvbq56dcDOxjAhd7E4sw2fYui7JmIxhJKbzgACQ1g6iBl2xe++OlCsVtTarHb9NwB6/F3DzXsWIeAZEM7N7Nzrz6AhSNyfVblkUKCimv3RB52ecfmli8RHwrdXLzFFo7vnr4fMPCxTyxW8G1hDXYHSmQ+g9uHTS06Lx3JKsJ0xVihqlb2ITuSSX42Q4GJf7E4hBniY0MCg0MAgAX154AwIXFMw5iyevD8HRPy/E3f8WsgEEwWJCLySIMo=" - -before_install: - - openssl aes-256-cbc -K $encrypted_874f18e13406_key -iv $encrypted_874f18e13406_iv -in secrets.tar.enc -out secrets.tar -d - - tar xvf secrets.tar - -script: - - ./mvnw clean install -Djarsigner.skip=false - -after_success: - - ./mvnw test jacoco:report coveralls:report - -deploy: - - provider: script - script: ./mvnw -s ci-settings.xml deploy -X checkstyle:checkstyle - skip_cleanup: true - on: - branch: master - tags: true - - provider: releases - api_key: - secure: "OUt8CaFFdEVRmoLnqiqcyUkRAlhonOw+fAvQEAYl6ROA8cRRzhSleVIElmRkwVsaNCWsmOyviEPSbuzGKQAajQTjRP5y44/eX+aLBkZDVhjCyH1hhR63NzZTgYJZeE00AT+Fqd1afrPDHYVyBI+zX7/9CUu34pbARh/Bkbpk79CATkAcI9+OAGAs7flhBvToa3MIWOW6Bwy+1liiQnzAGNGPRL4GmwUPpTgccoPSn/HfV11gzEI1krf+bAZg/dGmVonTTi2FyOWo1pAiiaQ6oDlrFBPoRZYSYjFJ+PeoeHoQT2hWSibywUkzdWmQN6lhXXjIlTENHo3PAutDQUrQJlfu4FeVTeSXqRxNuGYzLNwQDKwgXDPhWEiDXp1swkKYRMS6TGMOktTJid9GbUS/nPG6g6rGRqlb0CuTeX5dm94zmiuoWaxp9HKj84ksF6AknzD2BI8bTKVNxgzNnDofW75EgD4cAC/kDtsCbiTEvpUZTSaW9HbLliFIDh8BUOj80ctZM0Qt75Qn41Oa4whHQJtPv4iAQ1r4HqtKGhrE4TtqkQRPRiUyAQVGiWFWmU88c5JoFL5D820ImYgbCgfKi8oNAWAwW6PVP5X8ZriUstkf0yx3Gzvjp7jYZbsNUx+nAcZooIUSf0o1BHriUFRtCgidQvZSHzZ7ZHsGQqYGGDc=" - file_glob: true - file: - - "target/singlestep-*.jar" - - "target/*.sha256" - - "target/checksum-sha256.txt" - skip_cleanup: true - on: - branch: master - tags: true - -cache: - directories: - - $HOME/.m2 - -notifications: - slack: - secure: "eQL4s+1hwUIvPoFok5ridSE2Rheyb1mcjl432FRYWIxAEcAjWB0FFnvZJMwZCEL5wLrEWu9PBEerdY81oN3uSR2J616pcji1DLSmQ52OBvQnBFmxzdqrhCGKJJQidhBQq3+GXBHnhQRP1J4FXkFVXAiQnxPDM+LKaSwi88VLQLsI7RqQ54HcF+UT3jv39HsIZy7eWaHTmeE+9QiS9acEIwzZmAGwtE4QAPBBSSLH+MGcVZROyAoWxf3ysNoId+ZJNvzMvg7QRSZX+FQADDbbAsCWDwXFNttu3mJe6PEQfSI/QlU/cc2WMnkqss6i07gd0I65FduFTnDUj91XnlQXAFiympRvygPgiDDf/X6KuZn6wB2i8VXEX3P/MbcmwMfGecNusbATvrTcpU+8K6uQQ6G9Yu90Iq0+AIOeM5poeG/DDOmObeMbcBPeRh9+IMYIo3d7/VJCCampSztJY2eQV6a3c6BXzaWmw3/617pF1AF5D1lqHSWCS0tRXE3AOk/xCMVaACEuKWch2I/oZZQORcZPPAlggzxOEBWDUEzqXsPiDdlJtGMPnri2vciXNFIeX0DpAhI/lD1Ytiw41PFvbUQNG0uSlOjDqi3nqrrOy3NESkYCJAMJyoMFWZ2UjyIGiod03NC82nhhEjpEClICq8YKJr4MrX2tYWxltUrbvmw=" - email: false diff --git a/CHANGELOG b/CHANGELOG index 8c8ae08..5a7d5ea 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,8 +2,10 @@ ## v0.3.0 -* use block length if null salt is provided instead of hash out length (makes not difference, hmac always pads to block length) #1 +* use block length if null salt is provided instead of hash out length (makes no difference, hmac always pads to block length) #1 * add OSWAP dependency check plugin to Maven POM #2 +* update various dependencies and move CI to github actions +* start using sonaqube ## v0.2.0 diff --git a/README.md b/README.md index f83989f..ec6500d 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,20 @@ # Single Step KDF (NIST SP 800-56C) -This is an implementation of the single-step key derivation function as described in [NIST SP 800-56C revision 1, chapter 4](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf). It is an unopinionated approach towards the subject, allowing all 3 options (message digest, hmac and kmac) as H function and leaving open the exact format of the `fixedInfo` parameter. - +This is an implementation of the single-step key derivation function as described +in [NIST SP 800-56C revision 1, chapter 4](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf). +It is an unopinionated approach towards the subject, allowing all 3 options (message digest, hmac and kmac) as H +function and leaving open the exact format of the `fixedInfo` parameter. [![Maven Central](https://img.shields.io/maven-central/v/at.favre.lib/singlestep-kdf)](https://mvnrepository.com/artifact/at.favre.lib/singlestep-kdf) -[![Build Status](https://travis-ci.com/patrickfav/singlestep-kdf.svg?branch=master)](https://travis-ci.com/patrickfav/singlestep-kdf) +[![Github Actions](https://github.com/patrickfav/singlestep-kdf/actions/workflows/build_deploy.yml/badge.svg)](https://github.com/patrickfav/singlestep-kdf/actions) [![Javadocs](https://www.javadoc.io/badge/at.favre.lib/singlestep-kdf.svg)](https://www.javadoc.io/doc/at.favre.lib/singlestep-kdf) -[![Coverage Status](https://coveralls.io/repos/github/patrickfav/singlestep-kdf/badge.svg?branch=master)](https://coveralls.io/github/patrickfav/singlestep-kdf?branch=master) -[![Maintainability](https://api.codeclimate.com/v1/badges/bbc7ebd960a9f0bb7baa/maintainability)](https://codeclimate.com/github/patrickfav/singlestep-kdf/maintainability) +[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=patrickfav_singlestep-kdf&metric=coverage)](https://sonarcloud.io/summary/new_code?id=patrickfav_singlestep-kdf) +[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=patrickfav_singlestep-kdf&metric=security_rating)](https://sonarcloud.io/summary/new_code?id=patrickfav_singlestep-kdf) +[![Technical Debt](https://sonarcloud.io/api/project_badges/measure?project=patrickfav_singlestep-kdf&metric=sqale_index)](https://sonarcloud.io/summary/new_code?id=patrickfav_singlestep-kdf) -This is a standalone, lightweight, simple to use, fully tested and stable implementation in Java. The code is compiled with [Java 7](https://en.wikipedia.org/wiki/Java_version_history#Java_SE_7) to be compatible with most [_Android_](https://www.android.com/) versions as well as normal Java applications. +This is a standalone, lightweight, simple to use, fully tested and stable implementation in Java. The code is compiled +with [Java 7](https://en.wikipedia.org/wiki/Java_version_history#Java_SE_7) to be compatible with most [ +_Android_](https://www.android.com/) versions as well as normal Java applications. ## Quickstart @@ -42,7 +47,9 @@ NIST 800-56C specifies the KDF with an H-function which may be a [hash](https:// ### Using with Message Digest (Option 1) -Using Option 1, ie. `H(x) = hash(x)`, where hash is an approved hash function. Note that when you use this option, the salt parameter is not supported. If you want to incorporate a salt just include it into the `fixedInfo` parameter. **If you have no specific reason for choosing Option 1, I would always prefer Option 2 (HMAC) over this one.** +Using Option 1, i.e. `H(x) = hash(x)`, where hash is an approved hash function. Note that when you use this option, the +salt parameter is not supported. If you want to incorporate a salt just include it into the `fixedInfo` parameter. **If +you have no specific reason for choosing Option 1, I would always prefer Option 2 (HMAC) over this one.** ```java // a shared secret provided by your protocol @@ -55,7 +62,11 @@ SecretKey secretKey = new SecretKeySpec(keyMaterial, "AES"); ``` ### Using with HMAC (Option 2) -Using Option 2, ie. `H(x) = HMAC-hash(salt, x)`, where HMAC-hash is an implementation of the HMAC algorithm (as defined in FIPS 198) employing an approved hash function. A salt which serves as the HMAC key, and x (the input to H) is a bit string that serves as the HMAC "message". This library can use any `Mac` implementation. If no salt is provided, an empty array is internally initialized. + +Using Option 2, i.e. `H(x) = HMAC-hash(salt, x)`, where HMAC-hash is an implementation of the HMAC algorithm (as defined +in FIPS 198) employing an approved hash function. A salt which serves as the HMAC key, and x (the input to H) is a bit +string that serves as the HMAC "message". This library can use any `Mac` implementation. If no salt is provided, an +empty array is internally initialized. ```java byte[] keyMaterial = SingleStepKdf.fromHmacSha256().derive(sharedSecret, 32, salt, fixedInfo); @@ -64,7 +75,13 @@ byte[] keyMaterial = SingleStepKdf.fromHmacSha256().derive(sharedSecret, 32, sal ### Using with KMAC (Option 3) -KMAC is a MAC using [SHA-3/Keccak](https://en.wikipedia.org/wiki/SHA-3). Unlike SHA-1 and SHA-2, [Keccak](http://keccak.noekeon.org/) does not have the [length-extension weakness](https://en.wikipedia.org/wiki/Length_extension_attack), hence does not need the HMAC nested construction. Instead, MAC computation can be performed by simply prepending the message with the key. Java has a SHA-3 implementation [since version 9](https://openjdk.java.net/jeps/287). This library is designed to support Java 7, so no default implementation is present for KMAC. It is probably quite easy to implement it yourself using either the `HFunctionFactory.MacFactory` or implementing yourself with `HFunction`. +KMAC is a MAC using [SHA-3/Keccak](https://en.wikipedia.org/wiki/SHA-3). Unlike SHA-1 and +SHA-2, [Keccak](http://keccak.noekeon.org/) does not have +the [length-extension weakness](https://en.wikipedia.org/wiki/Length_extension_attack), hence does not need the HMAC +nested construction. Instead, MAC computation can be performed by simply prepending the message with the key. Java has +an SHA-3 implementation [since version 9](https://openjdk.java.net/jeps/287). This library is designed to support Java +7, so no default implementation is present for KMAC. It is probably quite easy to implement it yourself using either +the `HFunctionFactory.MacFactory` or implementing yourself with `HFunction`. ### Using custom Message Digest / HMAC implementation @@ -77,11 +94,18 @@ SingleStepKdf sha1Kdf = SingleStepKdf.from(new HFunctionFactory.Default.DigestFa SingleStepKdf hmacSha1Kdf = SingleStepKdf.from(new HFunctionFactory.Default.DigestFactory("HmacSHA1")); ``` -### How to use the Fixed-Info Parameter +### How to use the Fixed-Info Parameter -A bit string of context-specific data that is appropriate for the relying key-establishment scheme. As its name suggests, the value of `FixedInfo` does not change during the execution of the process. +A bit string of context-specific data that is appropriate for the relying on key-establishment scheme. As its name +suggests, the value of `FixedInfo` does not change during the execution of the process. -`FixedInfo` may, for example, include appropriately formatted representations of the values of salt and/or the output length. The inclusion of additional copies of the values of salt and the output length in `FixedInfo` would ensure that each block of derived keying material is affected by all of the information conveyed in `OtherInput`. See [SP 800-56A](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf) and [SP 800-56B](https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-56br1.pdf) for more detailed recommendations concerning the format and content of `FixedInfo` (also known as OtherInfo in earlier versions of those documents). +`FixedInfo` may, for example, include appropriately formatted representations of the values of salt and/or the output +length. The inclusion of additional copies of the values of salt and the output length in `FixedInfo` would ensure that +each block of derived keying material is affected by all the information conveyed in `OtherInput`. +See [SP 800-56A](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar2.pdf) +and [SP 800-56B](https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-56br1.pdf) for more detailed +recommendations concerning the format and content of `FixedInfo` (also known as OtherInfo in earlier versions of those +documents). ## Download @@ -107,7 +131,7 @@ Add to your `build.gradle` module dependencies: ### Local Jar -[Grab jar from latest release.](https://github.com/patrickfav/singlestep-kdf/releases/latest) +[Grab jar from the latest release.](https://github.com/patrickfav/singlestep-kdf/releases/latest) ## Description @@ -128,13 +152,21 @@ Given knowledge of the key `k`, and (perhaps) partial knowledge of a message `x` This property is consistent with the use of the MAC algorithm as the specification of a family of pseudorandom functions defined on the appropriate message space and indexed by the choice of MAC key. Under Option 2 and Option 3 of the KDF specification below, the auxiliary function H is a particular selection from such a family. -### Two Step Key Derivation Function +### Two-Step Key Derivation Function -NIST 800-56C Rev1 also describes a two step kdf with a extract and expand phase. The most prominent implementation of it is [HKDF (RFC5869)](https://tools.ietf.org/html/rfc5869). A java implementation of it can be [found here](https://github.com/patrickfav/hkdf). +NIST 800-56C Rev1 also describes a two-step kdf with an extract and expand phase. The most prominent implementation of +it is [HKDF (RFC5869)](https://tools.ietf.org/html/rfc5869). A java implementation of it can +be [found here](https://github.com/patrickfav/hkdf). ### Test Vectors -Unfortunately it seems that the NIST did not provide any official test vectors ([see this post](https://crypto.stackexchange.com/questions/64140/where-can-i-find-official-test-vectors-for-nist-sp-800-56c-r1-single-step-kdf)). This implementation ist tested against the [code snippets posted here](https://stackoverflow.com/questions/10879658/existing-implementations-for-nist-sp-800-56a-concatenation-key-derivation-functi/10971402#10971402). Additionally I released my [own test vectors in the wiki](https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors) so you could test against another possible already existing implementation. +Unfortunately it seems that the NIST did not provide any official test +vectors ([see this post](https://crypto.stackexchange.com/questions/64140/where-can-i-find-official-test-vectors-for-nist-sp-800-56c-r1-single-step-kdf)). +This implementation ist tested against +the [code snippets posted here](https://stackoverflow.com/questions/10879658/existing-implementations-for-nist-sp-800-56a-concatenation-key-derivation-functi/10971402#10971402). +Additionally, I released +my [own test vectors in the wiki](https://github.com/patrickfav/singlestep-kdf/wiki/NIST-SP-800-56C-Rev1:-Non-Official-Test-Vectors), +so you could test against another possible already existing implementation. ## Security Relevant Information @@ -147,7 +179,7 @@ The build will fail if any issue is found. #### Signed Jar -The provided JARs in the Github release page are signed with my private key: +The provided JARs in the GitHub release page are signed with my private key: CN=Patrick Favre-Bulle, OU=Private, O=PF Github Open Source, L=Vienna, ST=Vienna, C=AT Validity: Thu Sep 07 16:40:57 SGT 2017 to: Fri Feb 10 16:40:57 SGT 2034 @@ -189,7 +221,7 @@ This project uses my [`common-parent`](https://github.com/patrickfav/mvn-common- the plugin versions aswell as providing the checkstyle config rules. Specifically they are maintained in [`checkstyle-config`](https://github.com/patrickfav/checkstyle-config). Locally the files will be copied after you `mvnw install` into your `target` folder and is called `target/checkstyle-checker.xml`. So if you use a plugin for your IDE, use this file as your local configuration. -## Tech Stack +## Tech-Stack * Java 7 * Maven (Wrapper) diff --git a/mvnw b/mvnw index 41c0f0c..b7f0646 100755 --- a/mvnw +++ b/mvnw @@ -19,7 +19,7 @@ # ---------------------------------------------------------------------------- # ---------------------------------------------------------------------------- -# Maven Start Up Batch script +# Apache Maven Wrapper startup batch script, version 3.1.1 # # Required ENV vars: # ------------------ @@ -27,7 +27,6 @@ # # Optional ENV vars # ----------------- -# M2_HOME - location of maven2's installed home dir # MAVEN_OPTS - parameters passed to the Java VM when running Maven # e.g. to debug Maven itself, use # set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 @@ -36,6 +35,10 @@ if [ -z "$MAVEN_SKIP_RC" ] ; then + if [ -f /usr/local/etc/mavenrc ] ; then + . /usr/local/etc/mavenrc + fi + if [ -f /etc/mavenrc ] ; then . /etc/mavenrc fi @@ -58,9 +61,9 @@ case "`uname`" in # See https://developer.apple.com/library/mac/qa/qa1170/_index.html if [ -z "$JAVA_HOME" ]; then if [ -x "/usr/libexec/java_home" ]; then - export JAVA_HOME="`/usr/libexec/java_home`" + JAVA_HOME="`/usr/libexec/java_home`"; export JAVA_HOME else - export JAVA_HOME="/Library/Java/Home" + JAVA_HOME="/Library/Java/Home"; export JAVA_HOME fi fi ;; @@ -72,36 +75,8 @@ if [ -z "$JAVA_HOME" ] ; then fi fi -if [ -z "$M2_HOME" ] ; then - ## resolve links - $0 may be a link to maven's home - PRG="$0" - - # need this for relative symlinks - while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG="`dirname "$PRG"`/$link" - fi - done - - saveddir=`pwd` - - M2_HOME=`dirname "$PRG"`/.. - - # make it fully qualified - M2_HOME=`cd "$M2_HOME" && pwd` - - cd "$saveddir" - # echo Using m2 at $M2_HOME -fi - # For Cygwin, ensure paths are in UNIX format before anything is touched if $cygwin ; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --unix "$M2_HOME"` [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"` [ -n "$CLASSPATH" ] && @@ -110,8 +85,6 @@ fi # For Mingw, ensure paths are in UNIX format before anything is touched if $mingw ; then - [ -n "$M2_HOME" ] && - M2_HOME="`(cd "$M2_HOME"; pwd)`" [ -n "$JAVA_HOME" ] && JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" fi @@ -145,7 +118,7 @@ if [ -z "$JAVACMD" ] ; then JAVACMD="$JAVA_HOME/bin/java" fi else - JAVACMD="`which java`" + JAVACMD="`\\unset -f command; \\command -v java`" fi fi @@ -159,12 +132,9 @@ if [ -z "$JAVA_HOME" ] ; then echo "Warning: JAVA_HOME environment variable is not set." fi -CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher - # traverses directory structure from process work directory to filesystem root # first directory with .mvn subdirectory is considered project base directory find_maven_basedir() { - if [ -z "$1" ] then echo "Path not specified to find_maven_basedir" @@ -184,7 +154,7 @@ find_maven_basedir() { fi # end of workaround done - echo "${basedir}" + printf '%s' "$(cd "$basedir"; pwd)" } # concatenates all lines of a file @@ -194,11 +164,16 @@ concat_lines() { fi } -BASE_DIR=`find_maven_basedir "$(pwd)"` +BASE_DIR=$(find_maven_basedir "$(dirname $0)") if [ -z "$BASE_DIR" ]; then exit 1; fi +MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR +if [ "$MVNW_VERBOSE" = true ]; then + echo $MAVEN_PROJECTBASEDIR +fi + ########################################################################################## # Extension to allow automatically downloading the maven-wrapper.jar from Maven-central # This allows using the maven wrapper in projects that prohibit checking in binary data. @@ -212,16 +187,16 @@ else echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." fi if [ -n "$MVNW_REPOURL" ]; then - jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" + wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" else - jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" + wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" fi while IFS="=" read key value; do - case "$key" in (wrapperUrl) jarUrl="$value"; break ;; + case "$key" in (wrapperUrl) wrapperUrl="$value"; break ;; esac done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" if [ "$MVNW_VERBOSE" = true ]; then - echo "Downloading from: $jarUrl" + echo "Downloading from: $wrapperUrl" fi wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" if $cygwin; then @@ -229,42 +204,49 @@ else fi if command -v wget > /dev/null; then + QUIET="--quiet" if [ "$MVNW_VERBOSE" = true ]; then echo "Found wget ... using wget" + QUIET="" fi if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - wget "$jarUrl" -O "$wrapperJarPath" + wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" else - wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" + wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" fi + [ $? -eq 0 ] || rm -f "$wrapperJarPath" elif command -v curl > /dev/null; then + QUIET="--silent" if [ "$MVNW_VERBOSE" = true ]; then echo "Found curl ... using curl" + QUIET="" fi if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then - curl -o "$wrapperJarPath" "$jarUrl" -f + curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L else - curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f + curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L fi - + [ $? -eq 0 ] || rm -f "$wrapperJarPath" else if [ "$MVNW_VERBOSE" = true ]; then echo "Falling back to using Java to download" fi - javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + javaSource="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" # For Cygwin, switch paths to Windows format before running javac if $cygwin; then + javaSource=`cygpath --path --windows "$javaSource"` javaClass=`cygpath --path --windows "$javaClass"` fi - if [ -e "$javaClass" ]; then - if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + if [ -e "$javaSource" ]; then + if [ ! -e "$javaClass" ]; then if [ "$MVNW_VERBOSE" = true ]; then echo " - Compiling MavenWrapperDownloader.java ..." fi # Compiling the Java class - ("$JAVA_HOME/bin/javac" "$javaClass") + ("$JAVA_HOME/bin/javac" "$javaSource") fi - if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + if [ -e "$javaClass" ]; then # Running the downloader if [ "$MVNW_VERBOSE" = true ]; then echo " - Running MavenWrapperDownloader.java ..." @@ -278,16 +260,10 @@ fi # End of extension ########################################################################################## -export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} -if [ "$MVNW_VERBOSE" = true ]; then - echo $MAVEN_PROJECTBASEDIR -fi MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" # For Cygwin, switch paths to Windows format before running java if $cygwin; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --path --windows "$M2_HOME"` [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` [ -n "$CLASSPATH" ] && @@ -305,6 +281,7 @@ WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain exec "$JAVACMD" \ $MAVEN_OPTS \ + $MAVEN_DEBUG_OPTS \ -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ - "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/mvnw.cmd b/mvnw.cmd index 8611571..474c9d6 100644 --- a/mvnw.cmd +++ b/mvnw.cmd @@ -18,13 +18,12 @@ @REM ---------------------------------------------------------------------------- @REM ---------------------------------------------------------------------------- -@REM Maven Start Up Batch script +@REM Apache Maven Wrapper startup batch script, version 3.1.1 @REM @REM Required ENV vars: @REM JAVA_HOME - location of a JDK home dir @REM @REM Optional ENV vars -@REM M2_HOME - location of maven2's installed home dir @REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands @REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending @REM MAVEN_OPTS - parameters passed to the Java VM when running Maven @@ -46,8 +45,8 @@ if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") @REM Execute a user defined script before this one if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre @REM check for pre script, once with legacy .bat ending and once with .cmd ending -if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" -if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" +if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* +if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* :skipRcPre @setlocal @@ -120,10 +119,10 @@ SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain -set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" +set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" -FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( - IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B +FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( + IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B ) @REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central @@ -134,11 +133,11 @@ if exist %WRAPPER_JAR% ( ) ) else ( if not "%MVNW_REPOURL%" == "" ( - SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar" + SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar" ) if "%MVNW_VERBOSE%" == "true" ( echo Couldn't find %WRAPPER_JAR%, downloading it ... - echo Downloading from: %DOWNLOAD_URL% + echo Downloading from: %WRAPPER_URL% ) powershell -Command "&{"^ @@ -146,7 +145,7 @@ if exist %WRAPPER_JAR% ( "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ "}"^ - "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ + "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^ "}" if "%MVNW_VERBOSE%" == "true" ( echo Finished downloading %WRAPPER_JAR% @@ -158,7 +157,13 @@ if exist %WRAPPER_JAR% ( @REM work with both Windows and non-Windows executions. set MAVEN_CMD_LINE_ARGS=%* -%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +%MAVEN_JAVA_EXE% ^ + %JVM_CONFIG_MAVEN_PROPS% ^ + %MAVEN_OPTS% ^ + %MAVEN_DEBUG_OPTS% ^ + -classpath %WRAPPER_JAR% ^ + "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ + %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* if ERRORLEVEL 1 goto error goto end @@ -168,15 +173,15 @@ set ERROR_CODE=1 :end @endlocal & set ERROR_CODE=%ERROR_CODE% -if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost +if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost @REM check for post script, once with legacy .bat ending and once with .cmd ending -if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" -if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" +if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" +if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" :skipRcPost @REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' -if "%MAVEN_BATCH_PAUSE%" == "on" pause +if "%MAVEN_BATCH_PAUSE%"=="on" pause -if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% +if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% -exit /B %ERROR_CODE% +cmd /C exit /B %ERROR_CODE% diff --git a/pom.xml b/pom.xml index cf9088f..4606392 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,7 @@ at.favre.lib common-parent - 12 + 20 singlestep-kdf @@ -21,16 +21,14 @@ https://github.com/patrickfav/singlestep-kdf 2018 - - - jcenter - jcenter - https://jcenter.bintray.com - - false - - - + + + patrickfav + https://sonarcloud.io + jacoco + reuseReports + java + @@ -54,10 +52,6 @@ org.jacoco jacoco-maven-plugin - - org.eluder.coveralls - coveralls-maven-plugin - org.apache.maven.plugins maven-jarsigner-plugin @@ -84,23 +78,14 @@ org.bouncycastle bcprov-jdk15on - 1.67 + 1.70 test - - - bintray-patrickfav - patrickfav-singlestep-kdf - https://api.bintray.com/maven/patrickfav/maven/singlestep-kdf/;publish=1 - - - - https://github.com/patrickfav/singlestep-kdf.git - https://github.com/patrickfav/singlestep-kdf.git - HEAD + scm:git:https://github.com/patrickfav/singlestep-kdf.git + scm:git:https://github.com/patrickfav/singlestep-kdf.git https://github.com/patrickfav/singlestep-kdf @@ -110,7 +95,7 @@ - Travis - https://travis-ci.com/patrickfav/singlestep-kdf + Github Actions + https://github.com/patrickfav/singlestep-kdf/actions diff --git a/secrets.tar.enc b/secrets.tar.enc deleted file mode 100644 index 9b45489..0000000 Binary files a/secrets.tar.enc and /dev/null differ diff --git a/src/main/java/at/favre/lib/crypto/singlstepkdf/HFunction.java b/src/main/java/at/favre/lib/crypto/singlstepkdf/HFunction.java index 866c527..62ddaa8 100644 --- a/src/main/java/at/favre/lib/crypto/singlstepkdf/HFunction.java +++ b/src/main/java/at/favre/lib/crypto/singlstepkdf/HFunction.java @@ -43,7 +43,7 @@ * out = func.calculate() * *

- * see https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Cr1.pdf + * see NIST.SP.800-56Cr1 */ @SuppressWarnings("WeakerAccess") public interface HFunction { @@ -53,7 +53,7 @@ public interface HFunction { * with hash type functions and may throw an {@link UnsupportedOperationException}. Call this before {@link #update(byte[])} * * @param key to be used; if null is passed, default_salt is used, which is in the case of - * HMAC a empty byte array the length of the underyling hash function (e.g. 32 + * HMAC an empty byte array the length of the underyling hash function (e.g. 32 * bytes for SHA-256) */ void init(byte[] key); @@ -92,7 +92,7 @@ public interface HFunction { int getHFuncOutputBytes(); /** - * Update the function with a new input that will internally added to the + * Update the function with a new input that will internally add to the * already available input * * @param array to process @@ -235,8 +235,7 @@ static int getBlockLengthByte(String algorithm) { if (name.startsWith("sha1") || name.startsWith("sha224") || name.startsWith("sha256") || name.startsWith("hmacsha1") || name.startsWith("hmacsha256")) { return 64; - } else if (name.startsWith("sha512") || name.startsWith("sha384") || name.equals("sha256") - || name.startsWith("hmacsha512")) { + } else if (name.startsWith("sha512") || name.startsWith("sha384") || name.startsWith("hmacsha512")) { return 128; } else if (name.startsWith("sha3224")) { return 144; diff --git a/src/main/java/at/favre/lib/crypto/singlstepkdf/SingleStepKdf.java b/src/main/java/at/favre/lib/crypto/singlstepkdf/SingleStepKdf.java index 27e2587..4f29cc8 100644 --- a/src/main/java/at/favre/lib/crypto/singlstepkdf/SingleStepKdf.java +++ b/src/main/java/at/favre/lib/crypto/singlstepkdf/SingleStepKdf.java @@ -117,7 +117,7 @@ public String getHFunctionDescription() { * * @param sharedSecretZ called 'Z' in the spec: a byte string that represents the shared secret * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length - * (in bytes) of the secret keying material to be derived (ie. how long the output + * (in bytes) of the secret keying material to be derived (i.e. how long the output * will be in bytes) * @return derived keying material (to use as secret key) */ @@ -134,13 +134,13 @@ public byte[] derive(byte[] sharedSecretZ, * * @param sharedSecretZ called 'Z' in the spec: a byte string that represents the shared secret * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length - * (in bytes) of the secret keying material to be derived (ie. how long the output + * (in bytes) of the secret keying material to be derived (i.e. how long the output * will be in bytes) - * @param fixedInfo a bit string of context-specific data that is appropriate for the relying + * @param fixedInfo a bit string of context-specific data that is appropriate for the relying on * key-establishment scheme. FixedInfo may, for example, include appropriately * formatted representations of the values of salt and/or L. The inclusion of * additional copies of the values of salt and L in FixedInfo would ensure that - * each block of derived keying material is affected by all of the information + * each block of derived keying material is affected by all the information * conveyed in OtherInput. See [SP 800-56A] and [SP 800-56B] for more detailed * recommendations concerning the format and content of FixedInfo. * @return derived keying material (to use as secret key) @@ -157,15 +157,15 @@ public byte[] derive(byte[] sharedSecretZ, * * @param sharedSecretZ called 'Z' in the spec: a byte string that represents the shared secret * @param outLengthBytes called 'L' in the spec: a positive integer that indicates the length - * (in bytes) of the secret keying material to be derived (ie. how long the output + * (in bytes) of the secret keying material to be derived (i.e. how long the output * will be in bytes) * @param salt (secret or non-secret) byte string that should be provided when HMAC h * function is used, if null is passed the default_salt is used - * @param fixedInfo a bit string of context-specific data that is appropriate for the relying + * @param fixedInfo a bit string of context-specific data that is appropriate for the relying on * key-establishment scheme. FixedInfo may, for example, include appropriately * formatted representations of the values of salt and/or L. The inclusion of * additional copies of the values of salt and L in FixedInfo would ensure that - * each block of derived keying material is affected by all of the information + * each block of derived keying material is affected by all the information * conveyed in OtherInput. See [SP 800-56A] and [SP 800-56B] for more detailed * recommendations concerning the format and content of FixedInfo. * @return derived keying material (to use as secret key)