RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]
Sean Mullan
mullan at openjdk.org
Wed Aug 7 15:08:44 UTC 2024
On Sat, 3 Aug 2024 00:43:20 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:
>>
>> - update test to include Spi updates
>> - Update with latest from master
>>
>> Merge remote-tracking branch 'origin/master' into kdf-jep-wip
>> # Please enter a commit message to explain why this merge is necessary,
>> # especially if it merges an updated upstream into a topic branch.
>> #
>> # Lines starting with '#' will be ignored, and an empty message aborts
>> # the commit.
>> - add engineGetKDFParameters to the KDFSpi
>> - code review comment fix for javadoc specification
>> - change course on null return values from derive methods
>> - code review comments
>> - threading refactor + code review comments
>> - review comments
>> - review comments
>> - update code snippet type in KDF
>> - ... and 6 more: https://git.openjdk.org/jdk/compare/8617fa72...dd2ee48f
>
> src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java line 468:
>
>> 466: "com.sun.crypto.provider.HkdfKeyDerivation$HkdfSHA384");
>> 467: ps("KDF", "HKDFWithHmacSHA512",
>> 468: "com.sun.crypto.provider.HkdfKeyDerivation$HkdfSHA512");
>
> Have you considered names such as HKDFWithSHA256? The "Hmac" part is sort of implied by the HKDF (Hmac-based Key Derivation Function). This also better matches the names used in [RFC 8619](https://datatracker.ietf.org/doc/html/rfc8619 ) which defines OIDs for HKDF. Now that we are adding support for HKDF, maybe add these oids to KnownOIDs?
+1. A similar naming convention is also used for TLS: https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-kdf-ids
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1707213354
More information about the security-dev
mailing list