RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v15]
Kevin Driver
kdriver at openjdk.org
Wed Aug 28 20:44:11 UTC 2024
On Tue, 27 Aug 2024 10:36:39 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> code review comments and test renaming
>
> src/java.base/share/classes/javax/crypto/KDF.java line 84:
>
>> 82: * .addSalt(salt).thenExpand(info, 32);
>> 83: *
>> 84: * kdfHkdf.deriveKey("AES", derivationParameterSpec);
>
> Should show what is returned, i.e. `SecretKey key = ...`
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
> src/java.base/share/classes/javax/crypto/KDF.java line 231:
>
>> 229: /**
>> 230: * Returns a {@code KDF} instance initialized with the specified algorithm from
>> 231: * the specified security provider.
>
> Add "The specified provider must be registered in the security provider list."
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
> src/java.base/share/classes/javax/crypto/KDF.java line 316:
>
>> 314: * @throws NoSuchAlgorithmException
>> 315: * if no {@code Provider} supports a {@code KDFSpi} implementation for
>> 316: * the specified algorithm
>
> The description of this exception should be the same as `getInstance(String)`.
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
> src/java.base/share/classes/javax/crypto/KDFSpi.java line 133:
>
>> 131: * <p>
>> 132: * The {@code engineDeriveData} method may be called multiple times on a
>> 133: * particular {@code KDFSpi} instance.
>
> You will need to change the wording on this, and the `engineDeriveData` method, so as not to imply this supports concurrent access.
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 265:
>
>> 263: * {@code ExtractThenExpand} objects.
>> 264: *
>> 265: * @return a {@code Builder} to mutate
>
> I would just say "a new Builder".
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 272:
>
>> 270:
>> 271: /**
>> 272: * Creates an {@code Expand} object
>
> Missing period.
Resolved in https://github.com/openjdk/jdk/pull/20301/commits/a65dc9da044297c313e02d698255bad915dc0a10.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735262441
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735262887
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735263032
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735263299
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735263521
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735263410
More information about the security-dev
mailing list