RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v16]
Valerie Peng
valeriep at openjdk.org
Thu Aug 29 22:39:34 UTC 2024
On Thu, 29 Aug 2024 20:01:57 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> test/jdk/javax/crypto/KDF/KDFDelayedProviderSyncTest.java line 66:
>>
>>> 64: public void testDerive()
>>> 65: throws InvalidAlgorithmParameterException, NoSuchAlgorithmException {
>>> 66: SecretKey result = kdfUnderTest.deriveKey("AES", kdfParameterSpec);
>>
>> Here the key algorithm is "AES" with output length 42 bytes. However, AES only has 128, 192, and 256-bits key sizes though. Based on the javadoc, this combination is not valid and should throw IAPE? Maybe use some other algorithm as the key algorithm?
>
> Addressed in https://github.com/openjdk/jdk/pull/20301/commits/deadc28d6d81f5ecc056b38762f6cda49fd0cfe5. Please confirm.
Changing to "Generic" is fine, however, there is still the remaining question of whether the HKDF impl of SunJCE provider should do algorithm-specific key length checking. Just something to keep in mind, this comment is more for `HkdfKeyDerivation.java` though.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1737298625
More information about the security-dev
mailing list