From: Stephan Mueller <smueller@chronox.de>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
"Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
keyrings@vger.kernel.org,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>,
Ryan Chen <yu.chen.surf@gmail.com>,
David Howells <dhowells@redhat.com>,
Giovanni Gherdovich <ggherdovich@suse.cz>,
Randy Dunlap <rdunlap@infradead.org>,
Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
Date: Wed, 09 Jan 2019 06:45:21 +0000 [thread overview]
Message-ID: <309406107.k3W2fMQUza@tauon.chronox.de> (raw)
In-Reply-To: <1546994671.6077.10.camel@HansenPartnership.com>
Am Mittwoch, 9. Januar 2019, 01:44:31 CET schrieb James Bottomley:
Hi James,
> Actually, it would be enormously helpful if we could reuse these pieces
> for the TPM as well.
Could you please help me understand whether the KDFs in TPM are directly
usable as a standalone cipher primitive or does it go together with additional
key generation operations?
> It has two KDFs: KDFa, which is the CTR-KDF from
> SP800-108 and KDFe which is the SP800-56A KDF for elliptic curve one
> pass Diffie Hellman, so if we're going to do the former, I'd really
> like the latter as well.
>
> The way the TPM parametrises input to both KDFs is
>
> (hashAlg, key, label, contextU, contextV, bits)
>
> Where
>
> hashAlg = the hash algorithm used as the PRF
> key = the input parameter of variable bit size or
> the x co-ordinate of the shared point
> label = An ASCII string representing the use
> contextU = public input U
> contextV = public input V
> bits = number of output bits
When implementing KDFs as an extension of the kernel crypto API's RNG facility
we currently have to handle the limitiation of the existing API. The label/
context data (and when considering RFC 5869 HKDF requring IKM, salt and
additional information as input) currently cannot directly be communicated
through the API.
The issue is that the RNG facility currently has the following prototype
defined:
int (*generate)(struct crypto_rng *tfm,
const u8 *src, unsigned int slen,
u8 *dst, unsigned int dlen);
The src pointer would need to take the label/context data.
Would it be appropriate, to implement a type cast to a structure from the u8
pointer?
E.g. for the aforementioned label/context data, we could define something like
struct crypto_kdf_ctr {
char *label;
size_t label_len;
u8 *contextU;
size_t contextU_len;
u8 *contextV;
size_t contextV_len;
};
And the implementation of the generate function for CTR KDF would then have a
type cast along the following lines:
if (slen != sizeof(struct crypto_kdf_ctr))
return -EINVAL;
const struct crypto_kdf_ctr *kdf_ctr_input = (struct crypto_kdf_ctr *)src;
For different KDFs, different structs would be needed.
Ciao
Stephan
WARNING: multiple messages have this Message-ID (diff)
From: Stephan Mueller <smueller@chronox.de>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Andy Lutomirski <luto@amacapital.net>,
Herbert Xu <herbert@gondor.apana.org.au>,
"Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
"Rafael J . Wysocki" <rjw@rjwysocki.net>,
Pavel Machek <pavel@ucw.cz>,
linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org,
keyrings@vger.kernel.org,
"Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>,
Ryan Chen <yu.chen.surf@gmail.com>,
David Howells <dhowells@redhat.com>,
Giovanni Gherdovich <ggherdovich@suse.cz>,
Randy Dunlap <rdunlap@infradead.org>,
Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
Date: Wed, 09 Jan 2019 07:45:21 +0100 [thread overview]
Message-ID: <309406107.k3W2fMQUza@tauon.chronox.de> (raw)
In-Reply-To: <1546994671.6077.10.camel@HansenPartnership.com>
Am Mittwoch, 9. Januar 2019, 01:44:31 CET schrieb James Bottomley:
Hi James,
> Actually, it would be enormously helpful if we could reuse these pieces
> for the TPM as well.
Could you please help me understand whether the KDFs in TPM are directly
usable as a standalone cipher primitive or does it go together with additional
key generation operations?
> It has two KDFs: KDFa, which is the CTR-KDF from
> SP800-108 and KDFe which is the SP800-56A KDF for elliptic curve one
> pass Diffie Hellman, so if we're going to do the former, I'd really
> like the latter as well.
>
> The way the TPM parametrises input to both KDFs is
>
> (hashAlg, key, label, contextU, contextV, bits)
>
> Where
>
> hashAlg = the hash algorithm used as the PRF
> key = the input parameter of variable bit size or
> the x co-ordinate of the shared point
> label = An ASCII string representing the use
> contextU = public input U
> contextV = public input V
> bits = number of output bits
When implementing KDFs as an extension of the kernel crypto API's RNG facility
we currently have to handle the limitiation of the existing API. The label/
context data (and when considering RFC 5869 HKDF requring IKM, salt and
additional information as input) currently cannot directly be communicated
through the API.
The issue is that the RNG facility currently has the following prototype
defined:
int (*generate)(struct crypto_rng *tfm,
const u8 *src, unsigned int slen,
u8 *dst, unsigned int dlen);
The src pointer would need to take the label/context data.
Would it be appropriate, to implement a type cast to a structure from the u8
pointer?
E.g. for the aforementioned label/context data, we could define something like
struct crypto_kdf_ctr {
char *label;
size_t label_len;
u8 *contextU;
size_t contextU_len;
u8 *contextV;
size_t contextV_len;
};
And the implementation of the generate function for CTR KDF would then have a
type cast along the following lines:
if (slen != sizeof(struct crypto_kdf_ctr))
return -EINVAL;
const struct crypto_kdf_ctr *kdf_ctr_input = (struct crypto_kdf_ctr *)src;
For different KDFs, different structs would be needed.
Ciao
Stephan
next prev parent reply other threads:[~2019-01-09 6:45 UTC|newest]
Thread overview: 181+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-03 14:32 [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-03 14:32 ` [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-06 8:01 ` Stephan Mueller
2019-01-06 8:01 ` Stephan Mueller
2019-01-06 8:25 ` Stephan Mueller
2019-01-06 8:25 ` Stephan Mueller
2019-01-07 15:33 ` joeyli
2019-01-07 15:33 ` joeyli
2019-01-07 15:52 ` Stephan Mueller
2019-01-07 15:52 ` Stephan Mueller
2019-01-08 5:03 ` Herbert Xu
2019-01-08 5:03 ` Herbert Xu
2019-01-08 7:09 ` Stephan Mueller
2019-01-08 7:09 ` Stephan Mueller
2019-01-08 23:54 ` Andy Lutomirski
2019-01-08 23:54 ` Andy Lutomirski
2019-01-09 0:44 ` James Bottomley
2019-01-09 0:44 ` James Bottomley
2019-01-09 0:44 ` James Bottomley
2019-01-09 1:43 ` Andy Lutomirski
2019-01-09 1:43 ` Andy Lutomirski
2019-01-09 6:49 ` James Bottomley
2019-01-09 6:49 ` James Bottomley
2019-01-09 18:11 ` joeyli
2019-01-09 18:11 ` joeyli
2019-01-11 15:53 ` Jarkko Sakkinen
2019-01-11 15:53 ` Jarkko Sakkinen
2019-01-09 18:34 ` Andy Lutomirski
2019-01-09 18:34 ` Andy Lutomirski
2019-01-09 19:46 ` James Bottomley
2019-01-09 19:46 ` James Bottomley
2019-01-09 20:12 ` Andy Lutomirski
2019-01-09 20:12 ` Andy Lutomirski
2019-01-09 21:43 ` James Bottomley
2019-01-09 21:43 ` James Bottomley
2019-01-09 22:19 ` Pavel Machek
2019-01-09 22:19 ` Pavel Machek
2019-01-11 16:04 ` Jarkko Sakkinen
2019-01-11 16:04 ` Jarkko Sakkinen
2019-01-11 14:02 ` Jarkko Sakkinen
2019-01-11 14:02 ` Jarkko Sakkinen
2019-01-11 15:28 ` James Bottomley
2019-01-11 15:28 ` James Bottomley
2019-01-18 14:33 ` Jarkko Sakkinen
2019-01-18 14:33 ` Jarkko Sakkinen
2019-01-18 20:59 ` James Bottomley
2019-01-18 20:59 ` James Bottomley
2019-01-20 16:02 ` Jarkko Sakkinen
2019-01-20 16:02 ` Jarkko Sakkinen
2019-01-09 6:45 ` Stephan Mueller [this message]
2019-01-09 6:45 ` Stephan Mueller
2019-01-09 6:58 ` James Bottomley
2019-01-09 6:58 ` James Bottomley
2019-01-09 7:05 ` Stephan Mueller
2019-01-09 7:05 ` Stephan Mueller
2019-01-09 8:21 ` Eric Biggers
2019-01-09 8:21 ` Eric Biggers
2019-01-09 10:17 ` Stephan Mueller
2019-01-09 10:17 ` Stephan Mueller
2019-01-09 17:34 ` Eric Biggers
2019-01-09 17:34 ` Eric Biggers
2019-01-09 18:18 ` Stephan Mueller
2019-01-09 18:18 ` Stephan Mueller
2019-01-11 19:08 ` [PATCH 0/6] General Key Derivation Function Support Stephan Müller
2019-01-11 19:08 ` Stephan Müller
2019-01-11 19:09 ` [PATCH 1/6] crypto: add template handling for RNGs Stephan Müller
2019-01-11 19:09 ` Stephan Müller
2019-01-11 19:10 ` [PATCH 2/6] crypto: kdf - SP800-108 Key Derivation Function Stephan Müller
2019-01-11 19:10 ` Stephan Müller
2019-01-12 5:27 ` Eric Biggers
2019-01-12 5:27 ` Eric Biggers
2019-01-14 9:31 ` Stephan Müller
2019-01-14 9:31 ` Stephan Müller
2019-01-11 19:10 ` [PATCH 3/6] crypto: kdf - add known answer tests Stephan Müller
2019-01-11 19:10 ` Stephan Müller
2019-01-12 5:26 ` Eric Biggers
2019-01-12 5:26 ` Eric Biggers
2019-01-14 9:26 ` Stephan Müller
2019-01-14 9:26 ` Stephan Müller
2019-01-11 19:10 ` [PATCH 4/6] crypto: hkdf - RFC5869 Key Derivation Function Stephan Müller
2019-01-11 19:10 ` Stephan Müller
2019-01-12 5:12 ` Eric Biggers
2019-01-12 5:12 ` Eric Biggers
2019-01-12 9:55 ` Herbert Xu
2019-01-12 9:55 ` Herbert Xu
2019-01-13 7:56 ` Stephan Müller
2019-01-13 7:56 ` Stephan Müller
2019-01-13 16:52 ` James Bottomley
2019-01-13 16:52 ` James Bottomley
2019-01-14 9:30 ` Stephan Müller
2019-01-14 9:30 ` Stephan Müller
2019-01-14 17:53 ` Eric Biggers
2019-01-14 17:53 ` Eric Biggers
2019-01-14 18:44 ` Stephan Mueller
2019-01-14 18:44 ` Stephan Mueller
2019-01-11 19:10 ` [PATCH 5/6] crypto: hkdf - add known answer tests Stephan Müller
2019-01-11 19:10 ` Stephan Müller
2019-01-12 5:19 ` Eric Biggers
2019-01-12 5:19 ` Eric Biggers
2019-01-14 9:25 ` Stephan Müller
2019-01-14 9:25 ` Stephan Müller
2019-01-14 17:44 ` Eric Biggers
2019-01-14 17:44 ` Eric Biggers
2019-01-11 19:11 ` [PATCH 6/6] crypto: tcrypt - add KDF test invocation Stephan Müller
2019-01-11 19:11 ` Stephan Müller
2019-01-16 11:06 ` [PATCH v2 0/6] General Key Derivation Function Support Stephan Müller
2019-01-16 11:06 ` Stephan Müller
2019-01-16 11:07 ` [PATCH v2 1/6] crypto: add template handling for RNGs Stephan Müller
2019-01-16 11:07 ` Stephan Müller
2019-01-16 11:08 ` [PATCH v2 2/6] crypto: kdf - SP800-108 Key Derivation Function Stephan Müller
2019-01-16 11:08 ` Stephan Müller
2019-01-16 11:08 ` [PATCH v2 3/6] crypto: kdf - add known answer tests Stephan Müller
2019-01-16 11:08 ` Stephan Müller
2019-01-16 11:08 ` [PATCH v2 4/6] crypto: hkdf - HMAC-based Extract-and-Expand KDF Stephan Müller
2019-01-16 11:08 ` Stephan Müller
2019-01-16 11:09 ` [PATCH v2 5/6] crypto: hkdf - add known answer tests Stephan Müller
2019-01-16 11:09 ` Stephan Müller
2019-01-16 11:09 ` [PATCH v2 6/6] crypto: tcrypt - add KDF test invocation Stephan Müller
2019-01-16 11:09 ` Stephan Müller
2019-01-28 10:07 ` [PATCH v2 0/6] General Key Derivation Function Support Stephan Mueller
2019-01-28 10:07 ` Stephan Mueller
2019-01-30 10:08 ` Herbert Xu
2019-01-30 10:08 ` Herbert Xu
2019-01-30 14:39 ` Stephan Mueller
2019-01-30 14:39 ` Stephan Mueller
2019-02-08 7:45 ` Herbert Xu
2019-02-08 7:45 ` Herbert Xu
2019-02-08 8:00 ` Stephan Mueller
2019-02-08 8:00 ` Stephan Mueller
2019-02-08 8:05 ` Herbert Xu
2019-02-08 8:05 ` Herbert Xu
2019-02-08 8:17 ` Stephan Mueller
2019-02-08 8:17 ` Stephan Mueller
2019-02-19 5:44 ` Herbert Xu
2019-02-19 5:44 ` Herbert Xu
2019-01-09 15:34 ` [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler James Bottomley
2019-01-09 15:34 ` James Bottomley
2019-01-09 6:27 ` Stephan Mueller
2019-01-09 6:27 ` Stephan Mueller
2019-01-03 14:32 ` [PATCH 2/5] PM / hibernate: Generate and verify signature for snapshot image Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-06 8:09 ` Stephan Mueller
2019-01-06 8:09 ` Stephan Mueller
2019-01-07 18:58 ` Dan Carpenter
2019-01-07 18:58 ` Dan Carpenter
2019-01-03 14:32 ` [PATCH 3/5] PM / hibernate: Encrypt " Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-06 8:23 ` Stephan Mueller
2019-01-06 8:23 ` Stephan Mueller
2019-01-03 14:32 ` [PATCH 4/5 v2] PM / hibernate: Erase the snapshot master key in snapshot pages Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-03 14:32 ` [PATCH 5/5 v2] PM / hibernate: An option to request that snapshot image must be authenticated Lee, Chun-Yi
2019-01-03 14:32 ` Lee, Chun-Yi
2019-01-06 18:10 ` [PATCH 0/5 v2][RFC] Encryption and authentication for hibernate snapshot image Pavel Machek
2019-01-06 18:10 ` Pavel Machek
2019-01-07 17:37 ` joeyli
2019-01-07 17:37 ` joeyli
2019-01-07 18:07 ` Pavel Machek
2019-01-07 18:07 ` Pavel Machek
2019-01-08 21:41 ` Andy Lutomirski
2019-01-08 21:41 ` Andy Lutomirski
2019-01-08 23:42 ` Pavel Machek
2019-01-08 23:42 ` Pavel Machek
2019-01-09 16:39 ` joeyli
2019-01-09 16:39 ` joeyli
2019-01-09 16:47 ` Stephan Mueller
2019-01-09 16:47 ` Stephan Mueller
2019-01-11 14:29 ` joeyli
2019-01-11 14:29 ` joeyli
2019-01-09 16:51 ` joeyli
2019-01-09 16:51 ` joeyli
2019-01-09 18:47 ` Andy Lutomirski
2019-01-09 18:47 ` Andy Lutomirski
2019-01-10 15:12 ` joeyli
2019-01-10 15:12 ` joeyli
2019-01-11 1:09 ` Andy Lutomirski
2019-01-11 1:09 ` Andy Lutomirski
2019-01-11 14:59 ` joeyli
2019-01-11 14:59 ` joeyli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=309406107.k3W2fMQUza@tauon.chronox.de \
--to=smueller@chronox.de \
--cc=James.Bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=ggherdovich@suse.cz \
--cc=herbert@gondor.apana.org.au \
--cc=jannh@google.com \
--cc=joeyli.kernel@gmail.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=luto@kernel.org \
--cc=oneukum@suse.com \
--cc=pavel@ucw.cz \
--cc=rafael.j.wysocki@intel.com \
--cc=rdunlap@infradead.org \
--cc=rjw@rjwysocki.net \
--cc=yu.c.chen@intel.com \
--cc=yu.chen.surf@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.