On Tue, Aug 09, 2016 at 02:28:37PM +0200, Stephan Mueller wrote: > The SP800-108 compliant Key Derivation Function is implemented as a > random number generator considering that it behaves like a deterministic > RNG. > > All three KDF types specified in SP800-108 are implemented. > > The code comments provide details about how to invoke the different KDF > types. > > Signed-off-by: Stephan Mueller <smueller@xxxxxxxxxx> So I have no problems with this functionality existing in the kernel, assuming that the keys patch using it is accepted. However, I'm still at a loss as to why this has to be done as an RNG. IOW what benefit does implementing this as an RNG give us compared to just using the underlying hash directly from the keys subsystem? In general the crypto API caters to algorithms that carry more than one implementation, especially if one of them is hardware- dependent. I really can't see how KDF would fit this criterion. Thanks, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
