RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Valerie Peng
valeriep at openjdk.org
Fri Aug 16 18:21:54 UTC 2024
On Tue, 13 Aug 2024 15:24:11 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> addressed several review comments, namely: - renaming the getParameters method - renaming the AlgorithmParameterSpec object - address some javadoc exception messages - add some information to KDF class private constructor javadocs - other general cleanup
src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 202:
> 200: salts = anExtractThenExpand.salts();
> 201: // we should be able to combine these Lists of keys into single
> 202: // SecretKey Objects,
"Single SecretKey objects" => "a byte[]"
"List of keys" is really "a list of key segments" which are combined into one key. Same goes for salts. The API is designed with the protocol usage in mind, but the naming we have here does not directly line up with RFC5869 which only mentions singular "IKM" and "SALT".
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720163152
More information about the security-dev
mailing list