RFR: 8331008: KDF Implementation [v6]
Sean Mullan
mullan at openjdk.org
Fri May 10 16:04:07 UTC 2024
On Thu, 9 May 2024 15:11:39 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> change algorithm standard name for HKDFs in SunJCE provider
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 201:
>
>> 199: * the PRK (may be null)
>> 200: * @param info
>> 201: * the info (may be null)
>
> I know you use a null `prk` in `ExtractExpand`, but this method is public available for the Expand-Only mode and we don't want end users to provide a null here.
>
> For `info`, I'd rather allow empty input and reject null.
I agree, the method should throw NPE if prk or info is null.
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 255:
>
>> 253: * @return the unmodifiable {@code List} of IKM values
>> 254: */
>> 255: public List<SecretKey> ikms() {
>
> The `ikms` is already unmodifiable when this object is created back in `Builder.extractOnly`. Or, you may move the `copyOf` methods from that method to the constructor in this class.
Yes, and same comment for the `salts()` method.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1596925342
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1596928947
More information about the security-dev
mailing list