RFR: 8331008: KDF Implementation (Preview) [v26]

[Sean Mullan]

On Sun, 12 May 2024 18:13:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> src/java.base/share/classes/javax/crypto/KDF.java line 398:
>> 
>>> 396:      * <p>
>>> 397:      * Delayed provider selection is also supported such that the provider
>>> 398:      * performing the derive is not selected until the method is called.
>> 
>> Delayed provider selection is an important enough topic that it probably should be in the class summary. However it is complicated to word correctly as there is also the case if someone calls `getProviderName` beforehand which locks the provider to the first one supporting the algorithm. I would probably also avoid "delayed provider" as that is not a term currently used in the javadocs. Suggest something like:
>> 
>> If a provider is not specified in the getInstance method when instantiating a KDF object, the provider is selected the first time the deriveKey or deriveData method is called and a provider is chosen that supports the parameters passed to the deriveKey or deriveData method, for example the initial key material. However, if getProviderName is called before calling the deriveKey or deriveData methods, the first provider supporting the KDF algorithm is chosen which may not be the desired one; therefore it is recommended to not call getProviderName until after a key derivation operation.
>
> This is because the selection occurs just once. Should we explicitly mention this?

Yes, maybe add at end: "Once a provider is selected, it cannot be changed."

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598535050