RFR: 8331008: KDF Implementation (Preview) [v31]
Kevin Driver
kdriver at openjdk.org
Mon May 13 16:15:54 UTC 2024
On Fri, 10 May 2024 15:51:56 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 201:
>>
>>> 199: * the PRK (may be null)
>>> 200: * @param info
>>> 201: * the info (may be null)
>>
>> I know you use a null `prk` in `ExtractExpand`, but this method is public available for the Expand-Only mode and we don't want end users to provide a null here.
>>
>> For `info`, I'd rather allow empty input and reject null.
>
> I agree, the method should throw NPE if prk or info is null.
see: e49f139baa6
>> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 255:
>>
>>> 253: * @return the unmodifiable {@code List} of IKM values
>>> 254: */
>>> 255: public List<SecretKey> ikms() {
>>
>> The `ikms` is already unmodifiable when this object is created back in `Builder.extractOnly`. Or, you may move the `copyOf` methods from that method to the constructor in this class.
>
> Yes, and same comment for the `salts()` method.
see: e49f139baa6
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598723736
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598723503
More information about the security-dev
mailing list