'Re: [PATCH v4 0/4] Add SP800-108 KDF implementation to crypto API'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    Re: [PATCH v4 0/4] Add SP800-108 KDF implementation to crypto API
From:       Herbert Xu <herbert () gondor ! apana ! org ! au>
Date:       2021-11-26 5:32:01
Message-ID: 20211126053201.GD17477 () gondor ! apana ! org ! au
[Download RAW message or body]

On Fri, Nov 19, 2021 at 07:55:03AM +0100, Stephan Müller wrote:
> Hi,
> 
> The key derviation functions are considered to be a cryptographic
> operation. As cryptographic operations are provided via the kernel
> crypto API, this patch set consolidates the SP800-108 KDF
> implementation into the crypto API.
> 
> If this patch is accepted, another patch set will be published attempting
> to move the HKDF implementation from the crypto file system code base
> to the kernel crypto API.
> 
> The KDF implementation is provided as service functions. Yet, the
> interface to the the provided KDF is modeled such, that additional
> KDF implementation can use the same API style. The goal is to allow
> the transformation from a service function into a crypto API template
> eventually.
> 
> The KDF executes a power-on self test with test vectors from commonly
> known sources.
> 
> Tbe SP800-108 KDF implementation is used to replace the implementation
> in the keys subsystem. The implementation was verified using the
> keyutils command line test code provided in
> tests/keyctl/dh_compute/valid. All tests show that the expected values
> are calculated with the new code.
> 
> Changes v3 to v4:
> * SP800-108 KDF kernel configuration parameter is not user selectable
>   as suggested by Eric Biggers
> * update the error code path for the self test handling to mirror
>   testmgr.c as suggested by Eric Biggers
> * further cleanup in kdf_alloc as suggested by Mat Martineau
> 
> Changes v2 to v3:
> 
> * port to kernel 5.16-rc1
> * remove the HKDF patch to only leave the SP800-108 patch
> 
> Stephan Mueller (4):
>   crypto: Add key derivation self-test support code
>   crypto: add SP800-108 counter key derivation function
>   security: DH - remove dead code for zero padding
>   security: DH - use KDF implementation from crypto API
> 
>  crypto/Kconfig                         |   4 +
>  crypto/Makefile                        |   5 +
>  crypto/kdf_sp800108.c                  | 153 +++++++++++++++++++++++++
>  include/crypto/internal/kdf_selftest.h |  71 ++++++++++++
>  include/crypto/kdf_sp800108.h          |  61 ++++++++++
>  security/keys/Kconfig                  |   2 +-
>  security/keys/dh.c                     | 130 ++++-----------------
>  7 files changed, 315 insertions(+), 111 deletions(-)
>  create mode 100644 crypto/kdf_sp800108.c
>  create mode 100644 include/crypto/internal/kdf_selftest.h
>  create mode 100644 include/crypto/kdf_sp800108.h

All applied.  Thanks.
-- 
Email: Herbert Xu <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic