[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2344329.gmPllosFfp@tauon.chronox.de>
Date: Wed, 09 Jan 2019 11:17:45 +0100
From: Stephan Mueller <smueller@...onox.de>
To: Eric Biggers <ebiggers@...nel.org>
Cc: James Bottomley <James.Bottomley@...senpartnership.com>,
Andy Lutomirski <luto@...capital.net>,
Herbert Xu <herbert@...dor.apana.org.au>,
"Lee, Chun-Yi" <joeyli.kernel@...il.com>,
"Rafael J . Wysocki" <rjw@...ysocki.net>,
Pavel Machek <pavel@....cz>, linux-kernel@...r.kernel.org,
linux-pm@...r.kernel.org, keyrings@...r.kernel.org,
"Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
Chen Yu <yu.c.chen@...el.com>,
Oliver Neukum <oneukum@...e.com>,
Ryan Chen <yu.chen.surf@...il.com>,
David Howells <dhowells@...hat.com>,
Giovanni Gherdovich <ggherdovich@...e.cz>,
Randy Dunlap <rdunlap@...radead.org>,
Jann Horn <jannh@...gle.com>, Andy Lutomirski <luto@...nel.org>
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
Am Mittwoch, 9. Januar 2019, 09:21:04 CET schrieb Eric Biggers:
Hi Eric,
>
> FWIW, it's been very slow going since I've been working on other projects
> and I also need to be very sure to get the API changes right, but I still
> plan to change the KDF in fscrypt (a.k.a. ext4/f2fs/ubifs encryption) to
> HKDF-SHA512 as part of a larger set of improvements to how fscrypt
> encryption keys are managed. I sent the last patchset a year ago
> (https://marc.info/?l=linux-fsdevel&m=150879493206257) but I'm working to
> revive it. In the work-in-progress version in my git tree, this is the
> commit that adds a HKDF implementation as fs/crypto/hkdf.c:
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/commit/?i
> d=e8a78767131c9717ee838f0c4e307948d65a4427 It basically just wraps a
> crypto_shash for "hmac(sha512)".
>
> I'd be fine with using a common implementation instead, provided that it
> gives the same functionality, including supporting user-specified salt and
> application-specific info strings, and isn't slower or more complex to use.
>
> (This comment is solely on the tangential discussion about KDF
> implementations; I've not looked at the hibernation image encryption stuff
> yet.)
Thanks for the clarification. I have started a generic HKDF implementation for
the kernel crypto API which lead to the questions above. I would then also try
to provide a HKDF proposal.
To use the (H)KDF, I currently envision 2 calls apart from alloc/free. The
following code would serve as an example.
* Example without proper error handling:
* char *keying_material = "\x00\x11\x22\x33\x44\x55\x66\x77";
* char *label_context = "\xde\xad\xbe\xef\x00\xde\xad\xbe\xef";
* kdf = crypto_alloc_rng(name, 0, 0);
* crypto_rng_reset(kdf, keying_material, 8);
* crypto_rng_generate(kdf, label_context, 9, outbuf, outbuflen);
That hopefully should be simple enough.
For HKDF, as mentioned, I would envision to use a struct instead of a char *
for the label_context to communicate IKM, Salt, and the label/info
information.
Ciao
Stephan
Powered by blists - more mailing lists