RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Valerie Peng
valeriep at openjdk.org
Fri Aug 16 01:21:59 UTC 2024
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> addressed several review comments, namely: - renaming the getParameters method - renaming the AlgorithmParameterSpec object - address some javadoc exception messages - add some information to KDF class private constructor javadocs - other general cleanup
src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 226:
> 224: byte[] extractResult = hkdfExtract(inputKeyMaterial, (salt
> 225: == null) ? null : salt.getEncoded());
> 226: pseudoRandomKey = new SecretKeySpec(extractResult, "RAW");
Use `hmacAlgName` instead of `RAW` as the key algorithm? Or is it well-established fact that most if not all Hmac impls doesn't care or check the key algorithm?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1719175171
More information about the security-dev
mailing list