RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v34]

Sean Mullan mullan at openjdk.org
Mon May 13 19:40:22 UTC 2024 

On Mon, 13 May 2024 19:01:09 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   code review comments

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 95:

> 93:          *
> 94:          * @return an {@code ExtractExpand}
> 95:          */

This should throw NPE if info is null, and IAE if length <= 0.

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 214:

> 212:     /**
> 213:      * Static helper-method that may be used to initialize a {@code Builder}
> 214:      * with an empty {@code Extract}

No need to say it is static. I would also avoid terms like "helper-method". Suggest rewording as "Returns a builder for building `Extract` and `ExtractExpand` objects.

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 233:

> 231:      *     the pseudorandom key
> 232:      * @param info
> 233:      *     the optional context and application specific information

Should also say that the byte array is copied to prevent subsequent modification.

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 241:

> 239:      * @throws NullPointerException
> 240:      *     if {@code prk} or {@code info} is {@code null}
> 241:      */

Should also throw `IllegalArgumentException` if length <= 0.

src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 263:

> 261:      *     a pre-generated {@code Extract}
> 262:      * @param info
> 263:      *     the optional context and application specific information

Should also say that the byte array is copied to prevent subsequent modification.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598993321
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598989198
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598995270
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598991476
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598995959

More information about the security-dev mailing list