Am Dienstag, 24. Mai 2016, 08:04:28 schrieb David Howells: Hi David, > Stephan Mueller <smueller@xxxxxxxxxx> wrote: > > With the new DH support for the key retention service, support for DH > > derived keys pops up. > > > > The implementation in security/keys/dh.c returns the DH shared secret > > straight to the user space caller. > > > > I implemented a KDF with that exact scenario already in mind: [1]. > > > > I am wondering whether the shared secret should be processed by a KDF > > before returning the data to user space? > > > > [1] http://www.chronox.de/kdf.html > > Adding Mat to the cc list. If we want to modify the new DH keyctl, we have > a very short time window in which to do so. The KDF patches are fully tested. All that would be needed on the key retention side after the shared secret generation are the following calls: kdf = crypto_alloc_rng(NAME, 0, 0); crypto_rng_reset(kdf, <shared_secret>, sizeof(<shared_secret>)); crypto_rng_generate(kdf, LABEL, sizeof(LABEL), outbuf, outbuflen); NAME would be the KDF type such as "kdf_ctr(hmac(sha256))" LABEL would be an arbitrary string defined by the key service (e.g. "LxKeyRet"). Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html