Am Mittwoch, 27. Januar 2016, 13:14:09 schrieb Herbert Xu: Hi Herbert, >On Tue, Jan 26, 2016 at 07:19:17AM +0100, Stephan Mueller wrote: >> Hi, >> >> this patch set implements all three key derivation functions defined in >> SP800-108. >> >> The implementation is provided as a template for random number generators, >> since a KDF can be considered a form of deterministic RNG where the key >> material is used as a seed. >> >> With the KDF implemented as a template, all types of keyed hashes can be >> utilized, including HMAC and CMAC. The testmgr tests are derived from >> publicly available test vectors from NIST. >> >> The KDF are all tested with a complete round of CAVS testing on 32 and 64 >> bit. >> >> The patch set introduces an extension to the kernel crypto API in the first >> patch by adding a template handling for random number generators based on >> the same logic as for keyed hashes. > >What is this going to use this inside the kernel? With the current development of EXT4 encryption we currently have the logic that the files are either open (read/writable) or closed (not accessible). There is a scenario for a third option: a file is writable in a "device- locked" state, but not readable. The logic that would implement such mechanism is nicely described in [1] section D.3.3, especially figure 4. To use such a mechanism, the generated shared secret should definitely go through a KDF to ensure that the key has the right size for the underlying symmetric cipher. This approach would allow locking your device, but yet the system could still write confidential data (like getting emails, generating logs, etc.) but the data is not accessible unless you unlock the device. So, my idea was to provide a building block for such encryption scenarios which I would think will come. Besides, if crypto network protocols are contemplated to be included into the kernel (like TLS), I would think that the KDF should be handled by the kernel crypto API as a central place for such logic. Thus, my patch would provide the framework by providing the RNG template handling to have that KDF here. [1] https://www.niap-ccevs.org/pp/pp_md_v2.0.pdf (PS: please only read D.3.3 and especially figure 4 from that document as I think this is the only real nice and generally useful information in there) Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
