RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v15]
Kevin Driver
kdriver at openjdk.org
Wed Aug 28 20:44:14 UTC 2024
On Wed, 28 Aug 2024 18:41:52 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 142:
>>
>>> 140: * if {@code length} is not greater than 0
>>> 141: */
>>> 142: public ExtractThenExpand thenExpand(byte[] info, int length) {
>>
>> If it is a fairly common use case to not have an `info` parameter, then I think we should add a method that does not take this parameter, i.e. `thenExpand(int length)`.
>
> Every time HKDF-Expand is used in either TLS 1.3 or HPKE, there is always a non-empty info. Even if the original RFC says this argument is optional, I don't think it's useful to provide a one-argument overloaded method.
Agreed.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735262757
More information about the security-dev
mailing list