RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v56]
Valerie Peng
valeriep at openjdk.org
Mon Oct 14 22:05:36 UTC 2024
On Fri, 11 Oct 2024 17:57:18 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>>
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>
> enable debug flag for exhaustive test @run
test/jdk/com/sun/crypto/provider/KDF/HKDFKnownAnswerTests.java line 65:
> 63: // Non-mandatory fields - may be null
> 64: salt = (saltStr != null) ? HexFormat.of().parseHex(saltStr) : null;
> 65: info = (infoStr != null) ? HexFormat.of().parseHex(infoStr) : null;
Instead of `null`, you should use new byte[0] for the default value when the corresponding string value is `null`. Because the `addSalt()` is always invoked regardless of the salt value.
test/jdk/com/sun/crypto/provider/KDF/HKDFKnownAnswerTests.java line 113:
> 111: add(new TestData("RFC 5869 Test Case 3", "HKDF-SHA256",
> 112: "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
> 113: new String(new byte[0]), new String(new byte[0]), 42,
Instead of `new String(new byte[0])`, you should be able to just use `null` for optional arguments?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1800177530
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1800178544
More information about the security-dev
mailing list