RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v15]
Sean Mullan
mullan at openjdk.org
Tue Aug 27 11:34:20 UTC 2024
On Mon, 26 Aug 2024 17:54:18 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> code review comments and test renaming
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 282:
>
>> 280: * @param length
>> 281: * the length of the output key material (must be greater than 0 and
>> 282: * less than 255 * HMAC length)
>
> The maximum size of `length` is not checked in this class but it's worth mentioning. Also, the size of `prk` also has a minimum size that is not checked here. I suggest talking about both in the method spec.
The way this is worded it is part of the API specification, so I would expect `IllegalArgumentException` to be thrown if the length is less than 255 * HMAC length. But as I understand, only the HKDF impl can do that. I would change this to only say the length must be greater than 0, and add an "Implementation Note" that says HKDF implementations will enforce that the length is less than 255 * HMAC length.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1732648538
More information about the security-dev
mailing list