Am Dienstag, 24. Mai 2016, 08:19:41 schrieb David Howells: Hi David, > Stephan Mueller <smueller@xxxxxxxxxx> wrote: > > The KDF patches are fully tested. All that would be needed on the key > > retention side after the shared secret generation are the following calls: > > > > kdf = crypto_alloc_rng(NAME, 0, 0); > > > > crypto_rng_reset(kdf, <shared_secret>, sizeof(<shared_secret>)); > > > > crypto_rng_generate(kdf, LABEL, sizeof(LABEL), outbuf, outbuflen); > > > > NAME would be the KDF type such as "kdf_ctr(hmac(sha256))" > > > > LABEL would be an arbitrary string defined by the key service (e.g. > > "LxKeyRet"). > > So there wouldn't be a change to the DH keyctl (including functional)? Assuming that the LABEL and/or the KDF name are not configurable by user space, the only potential difference I would see is that a user could ask for the length of the output data. Think of it like the KDF in a network protocol where the shared secret has some length X but the caller needs data of length Y for a specific use (e.g. a symmetric key plus an HMAC key). The use case for such "local" DH operation would be the writing of encrypted data while the system is locked. The encryption of the actual file data is done using a symmetric algo with symmetric key, potentially with an integrity key. Usually, the DH shared secret size is not equal to the size of a symmetric key. So, a KDF would be needed to bring it to the right size. Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
