RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v10]

[Valerie Peng]

On Fri, 9 Aug 2024 01:40:51 GMT, Anthony Scarpino <ascarpino at openjdk.org> wrote:

>> Kevin Driver has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 16 additional commits since the last revision:
>> 
>>  - update test to include Spi updates
>>  - Update with latest from master
>>    
>>    Merge remote-tracking branch 'origin/master' into kdf-jep-wip
>>    # Please enter a commit message to explain why this merge is necessary,
>>    # especially if it merges an updated upstream into a topic branch.
>>    #
>>    # Lines starting with '#' will be ignored, and an empty message aborts
>>    # the commit.
>>  - add engineGetKDFParameters to the KDFSpi
>>  - code review comment fix for javadoc specification
>>  - change course on null return values from derive methods
>>  - code review comments
>>  - threading refactor + code review comments
>>  - review comments
>>  - review comments
>>  - update code snippet type in KDF
>>  - ... and 6 more: https://git.openjdk.org/jdk/compare/ef8559a3...dd2ee48f
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 74:
> 
>> 72:         if (kdfParameters != null) {
>> 73:             throw new InvalidAlgorithmParameterException(
>> 74:                 "RFC 5869 has no parameters for its KDF algorithms");
> 
> I think the exception should just say something like:  `hmacAlgName + " does not support parameters"`.  The algorithm name isn't necessary here if it is displayed somewhere along the exception stack.
>   I don't think putting an RFC number is helpful.

+1, clearer to just state "xxx does not use configuration parameters" or something similar where xxx is the HKDF algorithm name.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1716234103