RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v15]
Sean Mullan
mullan at openjdk.org
Tue Aug 27 10:42:16 UTC 2024
On Fri, 23 Aug 2024 21:48:44 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> code review comments and test renaming
src/java.base/share/classes/javax/crypto/KDF.java line 84:
> 82: * .addSalt(salt).thenExpand(info, 32);
> 83: *
> 84: * kdfHkdf.deriveKey("AES", derivationParameterSpec);
Should show what is returned, i.e. `SecretKey key = ...`
src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 142:
> 140: * if {@code length} is not greater than 0
> 141: */
> 142: public ExtractThenExpand thenExpand(byte[] info, int length) {
If it is a fairly common use case to not have an `info` parameter, then I think we should add a method that does not take this parameter, i.e. `thenExpand(int length)`.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1732589985
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1732593180
More information about the security-dev
mailing list