RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v30]
Kevin Driver
kdriver at openjdk.org
Thu Sep 12 22:00:44 UTC 2024
On Thu, 12 Sep 2024 20:48:05 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
>>
>> further review comment changes
>
> src/java.base/share/classes/javax/crypto/KDF.java line 82:
>
>> 80: * ensure that the selected provider can handle the key material that is passed
>> 81: * to those methods - for example, the key material may reside on a
>> 82: * hardware device that only a specific {@code KDF} provider can utilize.
>
> I think we should also add this sentence. This is similar to the provider search algorithm that is documented in all current JCE/JCA getInstance APIs so it is important to repeat it here.
>
> "Once initiated, the selection process traverses the list of registered security providers, starting with the most preferred `Provider`. A new `KDF` object encapsulating the `KDFSpi` implementation from the first provider that supports the specified algorithm and optional parameters is returned."
@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 222:
>
>> 220: * See also the Cipher Transformations section of the {@extLink
>> 221: * security_guide_jdk_providers JDK Providers} document for information
>> 222: * on the transformation defaults used by JDK providers.
>
> This sentence is specific to the Cipher API, it does not apply here and should be removed.
@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 281:
>
>> 279: * Returns a {@code KDF} object that implements the specified algorithm from
>> 280: * the specified security provider. The specified provider must be
>> 281: * registered in the security provider list.
>
> The second sentence should be removed. The Provider is passed in so does not need to be registered.
@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 339:
>
>> 337: * See also the Cipher Transformations section of the {@extLink
>> 338: * security_guide_jdk_providers JDK Providers} document for information
>> 339: * on the transformation defaults used by JDK providers.
>
> This sentence is specific to the Cipher API, it does not apply here and should be removed.
@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
> src/java.base/share/classes/javax/crypto/KDF.java line 461:
>
>> 459: * Returns a {@code KDF} object that implements the specified algorithm from
>> 460: * the specified provider and is initialized with the specified parameters.
>> 461: * The specified provider must be registered in the security provider list.
>
> The second sentence should be removed. The Provider is passed in so does not need to be registered.
@seanjmullan: Addressed in https://github.com/openjdk/jdk/pull/20301/commits/07480619a0fccc6b862712d015645421d887b984.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636967
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636167
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636799
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757635917
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1757636569
More information about the security-dev
mailing list