Re: [PATCH v3] KEYS: add SP800-56A KDF support for DH

[Mat Martineau <mathew.j.martineau@xxxxxxxxxxxxxxx>]

On Sat, 6 Aug 2016, Stephan Mueller wrote:

> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index a705a7d..7659b52 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -259,15 +259,32 @@ static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
> #endif
>
> #ifdef CONFIG_KEY_DH_OPERATIONS
> +#include <crypto/rng.h>
> +#include <linux/compat.h>

These may belong at the top of the file, even if they are only used when 
CONFIG_KEY_DH_OPERATIONS is defined.

> extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
> -			      size_t, void __user *);
> +			      size_t, struct keyctl_kdf_params __user *);
> +extern long __keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
> +				size_t, struct keyctl_kdf_params *);
> +extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
> +				char __user *buffer, size_t buflen,
> +				struct compat_keyctl_kdf_params __user *kdf);
> +#define KEYCTL_KDF_MAX_OUTPUT_LEN	1024	/* max length of KDF output */
> +#define KEYCTL_KDF_MAX_OI_LEN		64	/* max length of otherinfo */
> #else
> static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
> 				     char __user *buffer, size_t buflen,
> -				     void __user *reserved)
> +				     struct keyctl_kdf_params __user *kdf)
> {
> 	return -EOPNOTSUPP;
> }
> +
> +static inline long compat_keyctl_dh_compute(
> +				struct keyctl_dh_params __user *params,
> +				char __user *buffer, size_t buflen,
> +				struct keyctl_kdf_params __user *kdf)
> +{
> +	return -EOPNOTSUPP
> +}
> #endif
>
> /*
> diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
> index d580ad0..b106898 100644
> --- a/security/keys/keyctl.c
> +++ b/security/keys/keyctl.c
> @@ -1689,7 +1689,7 @@ SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
> 	case KEYCTL_DH_COMPUTE:
> 		return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
> 					 (char __user *) arg3, (size_t) arg4,
> -					 (void __user *) arg5);
> +					 (struct keyctl_kdf_params __user *) arg5);
>
> 	default:
> 		return -EOPNOTSUPP;

Regards,
--
Mat Martineau
Intel OTC

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html