RFR: 8331008: KDF Implementation (Preview) [v28]

[Weijun Wang]

On Mon, 13 May 2024 09:18:55 GMT, Alan Bateman <alanb at openjdk.org> wrote:

>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   re-enable preview annotations
>
> src/java.base/share/classes/javax/crypto/KDF.java line 50:
> 
>> 48:  * {@code KDF} objects are instantiated through the {@code getInstance} family
>> 49:  * of methods.  Key derivation algorithm names follow a naming convention of
>> 50:  * <I>Algorithm</I>with<I>PRF</I>.  The algorithm field is the KDF algorithm
> 
> Do you mean "With" rather than "with" here?

In fact, is it true that all KDF algorithms look like "MechWithPRF"? There are quite some KDF algorithms simply named "kdf1", "kdf2", and "kdf3" (although these are legacy). If this naming convention is mainly for HKDF, I recommend moving it into `HKDFParameterSpec`. Maybe in an `@implNote` there, tell the implementor that only 3 algorithms are standardized now.

> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 351:
> 
>> 349:      * <a href="http://tools.ietf.org/html/rfc5869">RFC 5869</a>.
>> 350:      */
>> 351:     final class ExtractExpand implements HKDFParameterSpec {
> 
> This may have come up previously but I'm curious why ExtractExpand doesn't extend Extract. It's not quite an Expand because of the pseudorandom key.

My opinion is that it's not worth doing. People would write `obj instanceof Extract` and forget the expand part.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598522239
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598544524