RFR: 8347289: HKDF delayed provider selection failed with non-extractable PRK
Weijun Wang
weijun at openjdk.org
Wed Jan 8 19:45:36 UTC 2025
On Wed, 8 Jan 2025 19:21:29 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> A non-extractable PRK in HKDF Expand-Only is an invalid input, not an internal error.
>
> src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java line 183:
>
>> 181: // set this value in the "if"
>> 182: if ((pseudoRandomKey = anExpand.prk().getEncoded()) == null) {
>> 183: throw new InvalidAlgorithmParameterException(
>
> My only question here is whether the `Expand` could be created without a PRK for any other reason besides it being non-extractable. If we think so (even if it's just user-error), then perhaps the wording of the message for the IAPE should be revised from the currently proposed text.
In the creation of the `Expand` object, we've already guaranteed that PRK the object must be non null. The only problem here is its encoding.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22976#discussion_r1907726342
More information about the security-dev
mailing list