RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v43]

Wed Sep 18 21:46:59 UTC 2024

On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>> 
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   refinement of addIKM and addSalt specifications

src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java line 92:

> 90:         }
> 91:         this.hmacAlgName = hmacAlgName;
> 92:         this.hmacLen = hmacLen;

Instead of doing a binary search whenever an HKDFKeyDerivation object is constructed, it is better to organize the algorithm and output length into an enum, this way, supporting new Hmac algorithms would require adding new enum value. This should be sufficient since these arguments are internally supplied. For example,

public enum SupportedHmac {
        SHA256("HmacSHA256", 32),
        SHA384("HmacSHA384", 48),
        SHA512("HmacSHA512", 64);

        public final String algo;
        public final int outLen;
        private SupportedHmac(String algo, int outLen) {
            this.algo = algo;
            this.outLen = outLen;
        }
 };

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1765759691