RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v33]

Sean Mullan mullan at openjdk.org
Mon May 13 19:07:13 UTC 2024 

On Mon, 13 May 2024 16:30:54 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   update @return statement

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 294:

> 292: 
> 293:         /**
> 294:          * Returns the unmodifiable {@code List} of initial key material values.

Suggest: "Returns an unmodifiable {@code List} of the initial key material values." (same comment on line 296).

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 303:

> 301: 
> 302:         /**
> 303:          * Returns the unmodifiable {@code List} of salt values.

Suggest: "Returns an unmodifiable {@code List} of the salt values." (same comment on line 305).

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 363:

> 361: 
> 362:         /**
> 363:          * Returns the length of output keying material.

s/of/of the/ (same comment on line 365). Also should it be "key material"?

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 407:

> 405:          * Returns the {@code List} of initial key material values.
> 406:          *
> 407:          * @return the initial key material values

This should be an unmodifiable list (spec should be the same as Extract.ikms)

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 414:

> 412: 
> 413:         /**
> 414:          * Returns the {@code List} of salt values.

This should be an unmodifiable list (spec should be the same as `Extract.salts`)

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 423:

> 421: 
> 422:         /**
> 423:          * Returns the optional context and application specific information.

Same comment about adding text that says it returns a copy/clone here.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598920088
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598921147
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598929581
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598938284
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598937535
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598934077

More information about the security-dev mailing list