On Thu, 1 Aug 2024 22:54:35 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/KDF.java line 304:
>>
>>> 302: * if no {@code Provider} supports a {@code KDFSpi}
>>> implementation for
>>> 303: * the specified algorithm
>>> 304: * @throws InvalidAlgorithmParameterException
>>
>> In your current implementation, parameters are never checked. IIUC, it will
>> only be used (i.e. passed into the constructor of implementations) in
>> deriveXyz calls.
>>
>> This brings out another issue. When deriveXyz is called and and
>> InvalidAlgorithmParameterException is thrown, do we need if it's because the
>> constructor fails or the engineDeriveXyz call fails? This is a bigger
>> problem.
>
> ~`KDFParameters` is an empty interface **and** optional. There is nothing to
> validate, yet. The parameters need only be passed to the implementation. The
> HKDF implementation does not require them.~
>
> After discussion, I understand the first concern better. It is not related to
> the HKDF implementation. We will discuss this further "offline".
>
> Your second concern is relevant if `getInstance` and `deriveX` happen in the
> same try/catch but not otherwise. In that case, the exception message can do
> the work of informing the user what occurred. An implementation could also
> create a subclass of `InvalidAlgorithmParameterException` to indicate by type
> instead of message.
Addressed in
https://github.com/openjdk/jdk/pull/20301/commits/c9c3bc6cb16157a13e898e807cbf0cf8a30fb045.
Please indicate if this is resolved.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1723911961
