RFR: 8328119: Support HKDF in SunPKCS11 (Preview) [v11]
Francisco Ferrari Bihurriet
fferrari at openjdk.org
Fri Jan 17 21:12:04 UTC 2025
On Fri, 17 Jan 2025 20:35:28 GMT, Martin Balao <mbalao at openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/KDF/TestHKDF.java line 524:
>>
>>> 522: }
>>> 523:
>>> 524: private static void test_AES_HKDFWithHmacSHA256_EmptyBaseKey() {
>>
>> Glad to see this one here. Is there one for null or empty salt?
>>
>> Where are the KA values coming from?
>
> We have tests in which _salt_ is `null` (i.e. not calling `addSalt`). If you think it is worth it, we can combine that with an empty key. The effect of an empty _salt_ (instead of `null`) is the same as not calling `addSalt`. Notice that we cannot create an instance of a `SecretKeySpec` with an empty `byte[]` as key.
>
> Do you mean the values for the DH/ECDH key agreement?
In a7c82ee3bb1cadfc3cdb7fee29a8398349d404ab, we've just added a new test case passing an empty base key, salt, and info.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1920763182
More information about the security-dev
mailing list