RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]

Valerie Peng valeriep at openjdk.org
Wed Aug 14 01:49:58 UTC 2024 

On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>> 
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   addressed several review comments, namely: - renaming the getParameters method - renaming the AlgorithmParameterSpec object - address some javadoc exception messages - add some information to KDF class private constructor javadocs - other general cleanup

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 428:

> 426:          * <p>
> 427:          * Note: {@code addIKMValue} and {@code addSaltValue} may be called
> 428:          * afterward to supply additional values, if desired

What does this mean? {@code addIKMValue} and {@code addSaltValue} are methods of (@code Builder} class and do not belong to the {@code ExtractThenExpand} class. Copy-n-paste error?

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 443:

> 441:          *     if {@code length} is not > 0
> 442:          */
> 443:         private ExtractThenExpand(Extract ext, byte[] info, int length) {

Check {@code ext} to be not null?

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 444:

> 442:          */
> 443:         private ExtractThenExpand(Extract ext, byte[] info, int length) {
> 444:             // null-checked previously

nit: where is this checked? I didn't find it. The comment seems incorrect.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1716201175
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1716202528
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1716204668

More information about the security-dev mailing list