RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v28]

Kevin Driver kdriver at openjdk.org
Wed Sep 11 22:04:21 UTC 2024


On Wed, 11 Sep 2024 20:31:13 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   batch of review comments
>
> src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 299:
> 
>> 297:         throws InvalidKeyException, NoSuchAlgorithmException {
>> 298: 
>> 299:         if (salt == null) {
> 
> Also cover the empty `salt` case here. The `SecretKeySpec` creation below would fail.
> 
> Hint: when people call `addSalt(k)`, `k` can be empty. It doesn't have to be a `SecretKeySpec`. This is worth a test.

@wangweij: A salt value which is a byte array of length zero is not added to the List. See: 


public Builder addSalt(byte[] salt) {
            Objects.requireNonNull(salt, "salt must not be null");
            if (salt.length != 0) {
                return addSalt(new SecretKeySpec(salt, "Generic"));
            } else {
                return this;
            }
        }


I have added an `||` to this statement to check for zero-length.


There is already a test with an empty Extract in `BasicHKDFFunctions`.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1755730338


More information about the security-dev mailing list