On Mon, 13 May 2024 09:18:55 GMT, Alan Bateman <al...@openjdk.org> wrote:
>> Kevin Driver has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> re-enable preview annotations
>
> src/java.base/share/classes/javax/crypto/KDF.java line 50:
>
>> 48: * {@code KDF} objects are instantiated through the {@code getInstance}
>> family
>> 49: * of methods. Key derivation algorithm names follow a naming
>> convention of
>> 50: * <I>Algorithm</I>with<I>PRF</I>. The algorithm field is the KDF
>> algorithm
>
> Do you mean "With" rather than "with" here?
In fact, is it true that all KDF algorithms look like "MechWithPRF"? There are
quite some KDF algorithms simply named "kdf1", "kdf2", and "kdf3" (although
these are legacy). If this naming convention is mainly for HKDF, I recommend
moving it into `HKDFParameterSpec`. Maybe in an `@implNote` there, tell the
implementor that only 3 algorithms are standardized now.
> src/java.base/share/classes/javax/crypto/spec/HKDFParameterSpec.java line 351:
>
>> 349: * <a href="http://tools.ietf.org/html/rfc5869";>RFC 5869</a>.
>> 350: */
>> 351: final class ExtractExpand implements HKDFParameterSpec {
>
> This may have come up previously but I'm curious why ExtractExpand doesn't
> extend Extract. It's not quite an Expand because of the pseudorandom key.
My opinion is that it's not worth doing. People would write `obj instanceof
Extract` and forget the expand part.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598522239
PR Review Comment: https://git.openjdk.org/jdk/pull/18924#discussion_r1598544524
