RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v11]
Martin Balao
mbalao at openjdk.org
Fri Jan 17 20:37:39 UTC 2025
On Fri, 17 Jan 2025 19:59:22 GMT, Kevin Driver <kdriver at openjdk.org> wrote:
>> Martin Balao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Improve TestContext note about expectedOpOut
>>
>> Co-authored-by: Martin Balao Alonso <mbalao at redhat.com>
>> Co-authored-by: Francisco Ferrari Bihurriet <fferrari at redhat.com>
>
> test/jdk/sun/security/pkcs11/KDF/TestHKDF.java line 524:
>
>> 522: }
>> 523:
>> 524: private static void test_AES_HKDFWithHmacSHA256_EmptyBaseKey() {
>
> Glad to see this one here. Is there one for null or empty salt?
>
> Where are the KA values coming from?
We have tests in which _salt_ is `null` (i.e. not calling `addSalt`). If you think it is worth it, we can combine that with an empty key. The effect of an empty _salt_ (instead of `null`) is the same as not calling `addSalt`. Notice that we cannot create an instance of a `SecretKeySpec` with an empty `byte[]` as key.
Do you mean the values for the DH/ECDH key agreement?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1920710339
More information about the security-dev
mailing list