Re: key retention service: DH support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Dienstag, 24. Mai 2016, 08:19:41 schrieb David Howells:

Hi David,

> Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> > The KDF patches are fully tested. All that would be needed on the key
> > retention side after the shared secret generation are the following calls:
> > 
> > kdf = crypto_alloc_rng(NAME, 0, 0);
> > 
> > crypto_rng_reset(kdf, <shared_secret>, sizeof(<shared_secret>));
> > 
> > crypto_rng_generate(kdf, LABEL, sizeof(LABEL), outbuf, outbuflen);
> > 
> > NAME would be the KDF type such as "kdf_ctr(hmac(sha256))"
> > 
> > LABEL would be an arbitrary string defined by the key service (e.g.
> > "LxKeyRet").
> 
> So there wouldn't be a change to the DH keyctl (including functional)?

Assuming that the LABEL and/or the KDF name are not configurable by user 
space, the only potential difference I would see is that a user could ask for 
the length of the output data.

Think of it like the KDF in a network protocol where the shared secret has 
some length X but the caller needs data of length Y for a specific use (e.g. a 
symmetric key plus an HMAC key). The use case for such "local" DH operation 
would be the writing of encrypted data while the system is locked. The 
encryption of the actual file data is done using a symmetric algo with 
symmetric key, potentially with an integrity key. Usually, the DH shared 
secret size is not equal to the size of a symmetric key. So, a KDF would be 
needed to bring it to the right size.

Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux