RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v44]
Kevin Driver
kdriver at openjdk.org
Tue May 14 21:31:14 UTC 2024
On Tue, 14 May 2024 13:15:43 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> javadoc improvements
>
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 108:
>
>> 106: }
>> 107:
>> 108: /**
>
> The method spec should start with a paragraph saying "Adds key input material (IKM) to this builder", and then a new paragraph can talk about "AddIKM may be called....".
>
> Also, the "may be called when..." sounds like there is another `setIKM` method when the IKM can be provided in a single shot. We should be very clear that this is the only method. We can probably say something like this:
>
> This method can be invoked multiple times on a builder, appending each newly added IKM to the existing IKM. This is particularly useful for "labeled" HKDF Extract used in TLS 1.3 and HPKE, where the IKM consists of concatenated components, which may include both byte arrays and (possibly non-extractable) secret keys.
>
> This applies to the 3 methods below as well.
Added portions of this to the class pre-amble, since you said elsewhere that would be a better place, rather than repeating 4 times.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1600670116
More information about the security-dev
mailing list