[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20211126053201.GD17477@gondor.apana.org.au>
Date: Fri, 26 Nov 2021 13:32:01 +0800
From: Herbert Xu <herbert@...dor.apana.org.au>
To: Stephan Müller <smueller@...onox.de>
Cc: ebiggers@...nel.org, jarkko@...nel.org,
Mat Martineau <mathew.j.martineau@...ux.intel.com>,
dhowells@...hat.com, linux-kernel@...r.kernel.org,
linux-crypto@...r.kernel.org, keyrings@...r.kernel.org,
simo@...hat.com
Subject: Re: [PATCH v4 0/4] Add SP800-108 KDF implementation to crypto API
On Fri, Nov 19, 2021 at 07:55:03AM +0100, Stephan Müller wrote:
> Hi,
>
> The key derviation functions are considered to be a cryptographic
> operation. As cryptographic operations are provided via the kernel
> crypto API, this patch set consolidates the SP800-108 KDF
> implementation into the crypto API.
>
> If this patch is accepted, another patch set will be published attempting
> to move the HKDF implementation from the crypto file system code base
> to the kernel crypto API.
>
> The KDF implementation is provided as service functions. Yet, the
> interface to the the provided KDF is modeled such, that additional
> KDF implementation can use the same API style. The goal is to allow
> the transformation from a service function into a crypto API template
> eventually.
>
> The KDF executes a power-on self test with test vectors from commonly
> known sources.
>
> Tbe SP800-108 KDF implementation is used to replace the implementation
> in the keys subsystem. The implementation was verified using the
> keyutils command line test code provided in
> tests/keyctl/dh_compute/valid. All tests show that the expected values
> are calculated with the new code.
>
> Changes v3 to v4:
> * SP800-108 KDF kernel configuration parameter is not user selectable
> as suggested by Eric Biggers
> * update the error code path for the self test handling to mirror
> testmgr.c as suggested by Eric Biggers
> * further cleanup in kdf_alloc as suggested by Mat Martineau
>
> Changes v2 to v3:
>
> * port to kernel 5.16-rc1
> * remove the HKDF patch to only leave the SP800-108 patch
>
> Stephan Mueller (4):
> crypto: Add key derivation self-test support code
> crypto: add SP800-108 counter key derivation function
> security: DH - remove dead code for zero padding
> security: DH - use KDF implementation from crypto API
>
> crypto/Kconfig | 4 +
> crypto/Makefile | 5 +
> crypto/kdf_sp800108.c | 153 +++++++++++++++++++++++++
> include/crypto/internal/kdf_selftest.h | 71 ++++++++++++
> include/crypto/kdf_sp800108.h | 61 ++++++++++
> security/keys/Kconfig | 2 +-
> security/keys/dh.c | 130 ++++-----------------
> 7 files changed, 315 insertions(+), 111 deletions(-)
> create mode 100644 crypto/kdf_sp800108.c
> create mode 100644 include/crypto/internal/kdf_selftest.h
> create mode 100644 include/crypto/kdf_sp800108.h
All applied. Thanks.
--
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Powered by blists - more mailing lists