On Fri, 17 Jan 2025 20:35:28 GMT, Martin Balao <mba...@openjdk.org> wrote:
>> test/jdk/sun/security/pkcs11/KDF/TestHKDF.java line 524:
>>
>>> 522: }
>>> 523:
>>> 524: private static void test_AES_HKDFWithHmacSHA256_EmptyBaseKey() {
>>
>> Glad to see this one here. Is there one for null or empty salt?
>>
>> Where are the KA values coming from?
>
> We have tests in which _salt_ is `null` (i.e. not calling `addSalt`). If you
> think it is worth it, we can combine that with an empty key. The effect of an
> empty _salt_ (instead of `null`) is the same as not calling `addSalt`. Notice
> that we cannot create an instance of a `SecretKeySpec` with an empty `byte[]`
> as key.
>
> Do you mean the values for the DH/ECDH key agreement?
In a7c82ee3bb1cadfc3cdb7fee29a8398349d404ab, we've just added a new test case
passing an empty base key, salt, and info.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/22215#discussion_r1920763182
