Re: RFR: 8331008: Implement JEP 478: Key Derivation Function API (Preview) [v24]

Fri, 06 Sep 2024 07:12:52 -0700 

On Thu, 5 Sep 2024 23:17:32 GMT, Kevin Driver <kdri...@openjdk.org> wrote:

>> Introduce an API for Key Derivation Functions (KDFs), which are 
>> cryptographic algorithms for deriving additional keys from a secret key and 
>> other data. See [JEP 478](https://openjdk.org/jeps/478).
>> 
>> Work was begun in [another PR](https://github.com/openjdk/jdk/pull/18924).
>
> Kevin Driver has updated the pull request with a new target base due to a 
> merge or a rebase. The incremental webrev excludes the unrelated changes 
> brought in by the merge/rebase. The pull request contains 31 additional 
> commits since the last revision:
> 
>  - Merge remote-tracking branch 'origin/master' into kdf-jep-wip
>    # Please enter a commit message to explain why this merge is necessary,
>    # especially if it merges an updated upstream into a topic branch.
>    #
>    # Lines starting with '#' will be ignored, and an empty message aborts
>    # the commit.
>  - several more review comments
>  - change impl class to use byte arrays rather than SecretKey objects where 
> possible
>  - updated delayed provider selection javadoc
>  - review comments
>  - use a delegate record to hold the spi and provider
>  - assorted review comment changes
>  - another round of review comments
>  - consistency with wording for addIKM and addSalt
>  - another round of code review comments
>  - ... and 21 more: https://git.openjdk.org/jdk/compare/3c968600...a35e98c9

src/java.base/share/classes/java/security/Provider.java line 1608:

> 1606:         addEngine("KEM",                                true,  null);
> 1607:         addEngine("KDF",                                false,
> 1608:                             java.security.KDFParameters.class);

Suggestion:

        addEngine("KDF",                                false, 
KDFParameters.class);

src/java.base/share/classes/javax/crypto/KDF.java line 126:

> 124:     private Iterator<Service> serviceIterator;
> 125: 
> 126:     private final Object lock;

It might be better to do the following, as it should be the same thing no 
matter which constructor is used.

Suggestion:

    private final Object lock = new Object();

src/java.base/share/classes/javax/crypto/KDF.java line 165:

> 163:      * Returns the algorithm name of this {@code KDF} object.
> 164:      *
> 165:      * @return the algorithm name of this {@code KDF} object

Can the returned value be `null`?

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747177801
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747185440
PR Review Comment: https://git.openjdk.org/jdk/pull/20301#discussion_r1747186815

Reply via email to