On Fri, 30 Aug 2024 23:26:12 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). >> >> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924). > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > change impl class to use byte arrays rather than SecretKey objects where > possible src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 167: > 165: // Since we're defining these values internally, it is > unlikely. > 166: throw new ProviderException( > 167: "could not instantiate a Mac with the provided > algorithm", There's a bit of inconsistency in using capitalization on abbreviations, examples are: "HKDF" vs "Mac"/"Hmac" vs "ikm". I'd suggest aligning with prior art and use that consistently. src/java.base/share/classes/com/sun/crypto/provider/HkdfKeyDerivation.java line 354: > 352: // sized the buffers to their largest possible size > up-front, > 353: // but just in case... > 354: throw new RuntimeException(sbe); If this is truly something which should not be possible, it might be better to throw an InternalError. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1745737456 PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1745742211
