RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v16]
Valerie Peng
valeriep at openjdk.org
Wed Aug 28 23:54:31 UTC 2024
On Wed, 28 Aug 2024 20:44:10 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with two additional commits since the last revision:
>
> - consistency with wording for addIKM and addSalt
> - another round of code review comments
test/jdk/javax/crypto/KDF/KDFDelayedProviderSyncTest.java line 66:
> 64: public void testDerive()
> 65: throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
> 66: SecretKey result = kdfUnderTest.deriveKey("AES", kdfParameterSpec);
Here the key algorithm is "AES" with output length 42 bytes. However, AES only has 128, 192, and 256-bits key sizes though. Based on the javadoc, this combination is not valid and should throw IAPE? Maybe use some other algorithm as the key algorithm?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1735402441
More information about the security-dev
mailing list