On Thu, 27 Feb 2025 03:22:18 GMT, Weijun Wang <wei...@openjdk.org> wrote:
>> Implement HPKE as defined in https://datatracker.ietf.org/doc/rfc9180/. >> >>  > > Weijun Wang has updated the pull request incrementally with one additional > commit since the last revision: > > example and KAT src/java.base/share/classes/com/sun/crypto/provider/HPKE.java line 582: > 580: // deriveData must be called because we need to > increment nonce, the info must be allowed > 581: var base_nonce = > kdf.deriveData(secret_x.thenExpand(DHKEM.labeledInfo(suite_id, > "base_nonce".getBytes(StandardCharsets.UTF_8), > 582: key_schedule_context, aead.Nn), aead.Nn)); There are a few more of the in-lining with a length call here, but I assume you have more control over these values and/or some assurance that they aren't negative. src/java.base/share/classes/javax/crypto/spec/HPKEParameterSpec.java line 187: > 185: * Java Security Standard Algorithm Names > 186: * @since 25 > 187: */ Overall, this is a nice write-up. I may do another pass on just this later. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r1975736747 PR Review Comment: https://git.openjdk.org/jdk/pull/18411#discussion_r1975738381
