RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v14]

[Kevin Driver]

On Thu, 1 Aug 2024 22:54:35 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> src/java.base/share/classes/javax/crypto/KDF.java line 304:
>> 
>>> 302:      *     if no {@code Provider} supports a {@code KDFSpi} implementation for
>>> 303:      *     the specified algorithm
>>> 304:      * @throws InvalidAlgorithmParameterException
>> 
>> In your current implementation, parameters are never checked. IIUC, it will only be used (i.e. passed into the constructor of implementations) in deriveXyz calls.
>> 
>> This brings out another issue. When deriveXyz is called and and InvalidAlgorithmParameterException is thrown, do we need if it's because the constructor fails or the engineDeriveXyz call fails? This is a bigger problem.
>
> ~`KDFParameters` is an empty interface **and** optional. There is nothing to validate, yet. The parameters need only be passed to the implementation. The HKDF implementation does not require them.~ 
> 
> After discussion, I understand the first concern better. It is not related to the HKDF implementation. We will discuss this further "offline". 
> 
> Your second concern is relevant if `getInstance` and `deriveX` happen in the same try/catch but not otherwise. In that case, the exception message can do the work of informing the user what occurred. An implementation could also create a subclass of `InvalidAlgorithmParameterException` to indicate by type instead of message.

Addressed in https://github.com/openjdk/jdk/pull/20301/commits/c9c3bc6cb16157a13e898e807cbf0cf8a30fb045. Please indicate if this is resolved.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1723911961