From: "Stephan Müller" <smueller@chronox.de>
To: herbert@gondor.apana.org.au, ebiggers@kernel.org,
mathew.j.martineau@linux.intel.com, dhowells@redhat.com
Cc: linux-crypto@vger.kernel.org, linux-fscrypt@vger.kernel.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org
Subject: [PATCH 0/5] Add KDF implementations to crypto API
Date: Mon, 04 Jan 2021 22:45:57 +0100 [thread overview]
Message-ID: <4616980.31r3eYUQgx@positron.chronox.de> (raw)
Hi,
The key derviation functions are considered to be a cryptographic
operation. As cryptographic operations are provided via the kernel
crypto API, this patch set consolidates the KDF implementations into the
crypto API.
The KDF implementations are provided as service functions. Yet, the
interface to the two provided KDFs are identical with the goal to allow
them to be transformed into a crypto API template eventually.
The KDFs execute a power-on self test with test vectors from commonly
known sources.
Tbe SP800-108 KDF implementation is used to replace the implementation
in the keys subsystem. The implementation was verified using the
keyutils command line test code provided in
tests/keyctl/dh_compute/valid. All tests show that the expected values
are calculated with the new code.
The HKDF addition is used to replace the implementation in the filesystem
crypto extension. This code was tested by using an EXT4 encrypted file
system that was created and contains files written to by the current
implementation. Using the new implementation a successful read of the
existing files was possible and new files / directories were created
and read successfully. These newly added file system objects could be
successfully read using the current code. Yet if there is a test suite
to validate whether the invokcation of the HKDF calculates the same
result as the existing implementation, I would be happy to validate
the implementation accordingly.
Stephan Mueller (5):
crypto: Add key derivation self-test support code
crypto: add SP800-108 counter key derivation function
crypto: add RFC5869 HKDF
security: DH - use KDF implementation from crypto API
fs: use HKDF implementation from kernel crypto API
crypto/Kconfig | 14 ++
crypto/Makefile | 6 +
crypto/hkdf.c | 226 +++++++++++++++++++++++++
crypto/kdf_sp800108.c | 149 ++++++++++++++++
fs/crypto/Kconfig | 2 +-
fs/crypto/fscrypt_private.h | 4 +-
fs/crypto/hkdf.c | 108 +++---------
include/crypto/hkdf.h | 48 ++++++
include/crypto/internal/kdf_selftest.h | 68 ++++++++
include/crypto/kdf_sp800108.h | 59 +++++++
security/keys/Kconfig | 2 +-
security/keys/dh.c | 118 ++-----------
12 files changed, 617 insertions(+), 187 deletions(-)
create mode 100644 crypto/hkdf.c
create mode 100644 crypto/kdf_sp800108.c
create mode 100644 include/crypto/hkdf.h
create mode 100644 include/crypto/internal/kdf_selftest.h
create mode 100644 include/crypto/kdf_sp800108.h
--
2.26.2
next reply other threads:[~2021-01-04 21:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-04 21:45 Stephan Müller [this message]
2021-01-04 21:47 ` [PATCH 1/5] crypto: Add key derivation self-test support code Stephan Müller
2021-01-04 21:47 ` [PATCH 2/5] crypto: add SP800-108 counter key derivation function Stephan Müller
2021-01-04 21:49 ` [PATCH 3/5] crypto: add RFC5869 HKDF Stephan Müller
2021-01-07 7:30 ` Eric Biggers
2021-01-07 7:53 ` Stephan Mueller
2021-01-07 18:53 ` Eric Biggers
2021-01-04 21:49 ` [PATCH 4/5] security: DH - use KDF implementation from crypto API Stephan Müller
2021-01-12 1:34 ` Jarkko Sakkinen
2021-01-04 21:50 ` [PATCH 5/5] fs: use HKDF implementation from kernel " Stephan Müller
2021-01-07 7:19 ` Eric Biggers
2021-01-07 7:49 ` Stephan Mueller
2021-01-07 18:47 ` Eric Biggers
2021-01-04 22:20 ` [PATCH 0/5] Add KDF implementations to " Eric Biggers
2021-01-07 6:37 ` Stephan Mueller
2021-01-07 6:59 ` Eric Biggers
2021-01-07 7:12 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4616980.31r3eYUQgx@positron.chronox.de \
--to=smueller@chronox.de \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).