On Saturday, May 26, 2018 7:12:36 AM CEST Herbert Xu wrote: > On Tue, May 22, 2018 at 11:00:40AM +0800, Yu Chen wrote: > > Hi all, > > The request is that, we'd like to generate a symmetric key derived from > > user provided passphase(not rely on any third-party library). May I know if > > there is a PBKDF2(Password-Based Key Derivation Function 2) support in the > > kernel? (https://tools.ietf.org/html/rfc2898#5.2) > > We have hmac sha1 in the kernel, do we have plan to port/implement > > corresponding PBKDF2 in the kernel too? > > The rule for adding crypto code to the kernel is simple, there > must be an in-kernel user of the algorithm. So we are talking about an in-kernel user here. Again, the PBKDF2 user would be hibernation. It could either take a key from user space, which would require a key-generating user-space component to be present in the initramfs (I guess no issue for a regular distro, but I can imagine cases when it may be a difficulty), or take a passphrase from user space and generate a key by itself (that's what we would like to use PBKDF2 for). We would prefer the latter for various reasons (convenience mostly, but also not having to rely on user space to do the right thing). Thanks, Rafael