Re: [PATCH 0/4] crypto: Key Derivation Function (SP800-108)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mittwoch, 27. Januar 2016, 15:35:41 schrieb Herbert Xu:

Hi Herbert,

>On Wed, Jan 27, 2016 at 08:33:00AM +0100, Stephan Mueller wrote:
>> With the current development of EXT4 encryption we currently have the
>> logic that the files are either open (read/writable) or closed (not
>> accessible).
>> 
>> There is a scenario for a third option: a file is writable in a "device-
>> locked" state, but not readable. The logic that would implement such
>> mechanism is nicely described in [1] section D.3.3, especially figure 4.
>> To use such a mechanism, the generated shared secret should definitely go
>> through a KDF to ensure that the key has the right size for the underlying
>> symmetric cipher.
>> 
>> This approach would allow locking your device, but yet the system could
>> still write confidential data (like getting emails, generating logs, etc.)
>> but the data is not accessible unless you unlock the device.
>> 
>> So, my idea was to provide a building block for such encryption scenarios
>> which I would think will come.
>> 
>> Besides, if crypto network protocols are contemplated to be included into
>> the kernel (like TLS), I would think that the KDF should be handled by the
>> kernel crypto API as a central place for such logic. Thus, my patch would
>> provide the framework by providing the RNG template handling to have that
>> KDF here.
>While this is all very nice until such a user is ready for submission
>into the kernel I'd rather not add this.

Ok, I have no problems with that. I put the patches onto my web server if 
people are interested in it [1].

[1] http://www.chronox.de/kdf.html

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux