RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Weijun Wang
weijun at openjdk.org
Fri Aug 16 21:43:13 UTC 2024
On Fri, 16 Aug 2024 19:30:40 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 226:
>>
>>> 224: byte[] extractResult = hkdfExtract(inputKeyMaterial, (salt
>>> 225: == null) ? null : salt.getEncoded());
>>> 226: pseudoRandomKey = new SecretKeySpec(extractResult, "RAW");
>>
>> Use `hmacAlgName` instead of `RAW` as the key algorithm? Or is it well-established fact that most if not all Hmac impls doesn't care or check the key algorithm?
>
> @wangweij felt this was advantageous.
Valerie is correct. I might have confused algorithm name and format name.
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 300:
>>
>>> 298: }
>>> 299: Mac hmacObj = Mac.getInstance(hmacAlgName);
>>> 300: hmacObj.init(new SecretKeySpec(salt, "HKDF-Salt"));
>>
>> Why use "HKDF-Salt" as key algorithm name? This is just internal key for the Hmac object and maybe it's safer to just use the `hmacAlgName` as the key algorithm? The key algorithm does not affect the Hmac operation anyway.
>
> @wangweij felt this was advantageous.
I think Valerie is right. In case a Mac implementation is picky on the key algorithm name.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720378787
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1720378058
More information about the security-dev
mailing list