KDF API review, round 2
Jamil Nimeh
jamil.j.nimeh at oracle.com
Mon Nov 20 18:10:43 UTC 2017
> You're missing the point that setParameter() provides information used
> in all future calls to the signature generation, while init() provides
> data specifically for a given key stream production. In Signature()
> you call .setParameter() to set up the PSS parameters (or use the
> defaults). Each subsequent call to initSign or initVerify uses those
> PSS parameters. The equivalent part of .init() in KeyDerivation is
> actually the calls to .update() in signature as they provide the
> specific information for the production of the output key stream. In
> fact, setting up an HMAC signature instance and passing it the mixin
> data as part of a .update() is a way of producing the key stream round.
>
> So equivalences:
>
> KeyDerivation.getInstance(PRF) == Signature.getInstance(HMAC)
> KeyDerivation.setParameters() == Signature.setParameters()
> KeyDerivation.init(key, List<Parameters>) == concatenation of the
> results of multiple calls (each key stream round based on the needed
> output length) to [Signature.initSign(Key) followed by
> Signature.update(converttobytearray(List<Parameters>)) followed by
> Signature.sign()] to produce the key stream
> KeyDerivation.deriveKey() == various calls to key or object factories
> with parts of the key stream (signature).
>
Are you expecting that setParameters is called once per instantiation?
If so, then the parameters that would go into setParameter (an APS I
assume) could just as easily go into the getInstance call. It also
removes the chance that someone would call it twice.
If you're expecting someone to call setParameter more than once, then I
would expect an init must follow. So why not place it in a form of init
that allows you to change that particular set of params? Either way it
seems like we could coalesce this method into one of the calls that
sandwich it in your proposed model.
More information about the security-dev
mailing list