Stephan Mueller <smueller@xxxxxxxxxx> wrote: > The KDF patches are fully tested. All that would be needed on the key > retention side after the shared secret generation are the following calls: > > kdf = crypto_alloc_rng(NAME, 0, 0); > > crypto_rng_reset(kdf, <shared_secret>, sizeof(<shared_secret>)); > > crypto_rng_generate(kdf, LABEL, sizeof(LABEL), outbuf, outbuflen); > > NAME would be the KDF type such as "kdf_ctr(hmac(sha256))" > > LABEL would be an arbitrary string defined by the key service (e.g. > "LxKeyRet"). So there wouldn't be a change to the DH keyctl (including functional)? David -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html