RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v11]
Valerie Peng
valeriep at openjdk.org
Wed Aug 21 00:17:13 UTC 2024
On Fri, 16 Aug 2024 21:13:34 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 338:
>>
>>> 336: // Calculate the number of rounds of HMAC that are needed to
>>> 337: // meet the requested data. Then set up the buffers we will need.
>>> 338: hmacObj.init(prk);
>>
>> RFC5869 sec 2.3 states that "PRK - a pseudorandom key of at least HashLen octets". Shouldn't we check it before passing to to `hmacObj`?
>
> Addressed in https://github.com/openjdk/jdk/pull/20301/commits/c6f491cd05c76088e6431b2ba9d4ab42b29e4055. Please indicate if this is resolved.
Well, if a non-extractrable hardware key is passed to us, it'd lead to NPE with the new check. Instead of calling getEncoded() on it and access length directly, maybe relying on `CipherCore.getKeyBytes(prk)` which will throw InvalidKeyException?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1724125391
More information about the security-dev
mailing list