RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Kevin Driver
kdriver at openjdk.org
Fri Aug 16 19:17:55 UTC 2024
On Thu, 15 Aug 2024 22:24:18 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> addressed several review comments, namely: - renaming the getParameters method - renaming the AlgorithmParameterSpec object - address some javadoc exception messages - add some information to KDF class private constructor javadocs - other general cleanup
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 300:
>
>> 298: }
>> 299: Mac hmacObj = Mac.getInstance(hmacAlgName);
>> 300: hmacObj.init(new SecretKeySpec(salt, "HKDF-Salt"));
>
> Why use "HKDF-Salt" as key algorithm name? This is just internal key for the Hmac object and maybe it's safer to just use the `hmacAlgName` as the key algorithm? The key algorithm does not affect the Hmac operation anyway.
@wangweij felt this was advantageous.
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 328:
>
>> 326: *
>> 327: * @throws InvalidKeyException
>> 328: * if an invalid key was provided through the {@code HkdfParameterSpec}
>
> Clarify "key" with "{@code prk}" and get rid of the trailing description.
I think the more verbose version is clearer.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720238725
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720241013
More information about the security-dev
mailing list