On Tue, 23 Apr 2024 20:42:51 GMT, Kevin Driver <kdri...@openjdk.org> wrote:
> Introduce an API for Key Derivation Functions (KDFs), which are cryptographic > algorithms for deriving additional keys from a secret key and other data. See > [JEP 478](https://openjdk.org/jeps/478). Two comments on HKDF: 1. Expand length cannot exceed 255 * HashLen. See https://datatracker.ietf.org/doc/html/rfc5869#section-2.3. 2. Why disallow empty ikms and salts? For the salt side, RFC5869 allows [no salt](https://datatracker.ietf.org/doc/html/rfc5869#autoid-4). For the key size, I haven’t seen RFC5869 disallowing an empty key. ------------- PR Comment: https://git.openjdk.org/jdk/pull/18924#issuecomment-2102804455
