RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v43]

[Valerie Peng]

On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver <kdriver at openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic algorithms for deriving additional keys from a secret key and other data. See [JEP 478](https://openjdk.org/jeps/478).
>> 
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request incrementally with one additional commit since the last revision:
> 
>   refinement of addIKM and addSalt specifications

src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java line 66:

> 64:             SHA384_HMAC_SIZE,
> 65:             SHA512_HMAC_SIZE
> 66:     };

These lines can be removed if using enum to group the name and output length together. The current check does very little, it only ensures that the specified hmac length is one of the supported values, but no correlation with the hmac algorithm name. The enum sample code is shown in a separate comment below.

src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java line 396:

> 394:         public HKDFSHA256(KDFParameters kdfParameters)
> 395:                 throws InvalidAlgorithmParameterException {
> 396:             super("HmacSHA256", SHA256_HMAC_SIZE, kdfParameters);

Using the enum, this line would be:
`            super(SupportedHmac.SHA256, kdfParameters);`

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1765762735
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1765768566