On Tue, 17 Sep 2024 21:52:47 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
>> Introduce an API for Key Derivation Functions (KDFs), which are >> cryptographic algorithms for deriving additional keys from a secret key and >> other data. See [JEP 478](https://openjdk.org/jeps/478). >> >> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924). > > Kevin Driver has updated the pull request incrementally with one additional > commit since the last revision: > > refinement of addIKM and addSalt specifications src/java.base/share/classes/com/sun/crypto/provider/HKDFKeyDerivation.java line 92: > 90: } > 91: this.hmacAlgName = hmacAlgName; > 92: this.hmacLen = hmacLen; Instead of doing a binary search whenever an HKDFKeyDerivation object is constructed, it is better to organize the algorithm and output length into an enum, this way, supporting new Hmac algorithms would require adding new enum value. This should be sufficient since these arguments are internally supplied. For example, public enum SupportedHmac { SHA256("HmacSHA256", 32), SHA384("HmacSHA384", 48), SHA512("HmacSHA512", 64); public final String algo; public final int outLen; private SupportedHmac(String algo, int outLen) { this.algo = algo; this.outLen = outLen; } }; ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1765759691
