All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Stephan Müller" <smueller@chronox.de>
To: herbert@gondor.apana.org.au
Cc: ebiggers@kernel.org, jarkko@kernel.org,
	Mat Martineau <mathew.j.martineau@linux.intel.com>,
	dhowells@redhat.com, linux-kernel@vger.kernel.org,
	linux-crypto@vger.kernel.org, keyrings@vger.kernel.org,
	simo@redhat.com
Subject: [PATCH v4 0/4] Add SP800-108 KDF implementation to crypto API
Date: Fri, 19 Nov 2021 07:55:03 +0100	[thread overview]
Message-ID: <4642773.OV4Wx5bFTl@positron.chronox.de> (raw)

Hi,

The key derviation functions are considered to be a cryptographic
operation. As cryptographic operations are provided via the kernel
crypto API, this patch set consolidates the SP800-108 KDF
implementation into the crypto API.

If this patch is accepted, another patch set will be published attempting
to move the HKDF implementation from the crypto file system code base
to the kernel crypto API.

The KDF implementation is provided as service functions. Yet, the
interface to the the provided KDF is modeled such, that additional
KDF implementation can use the same API style. The goal is to allow
the transformation from a service function into a crypto API template
eventually.

The KDF executes a power-on self test with test vectors from commonly
known sources.

Tbe SP800-108 KDF implementation is used to replace the implementation
in the keys subsystem. The implementation was verified using the
keyutils command line test code provided in
tests/keyctl/dh_compute/valid. All tests show that the expected values
are calculated with the new code.

Changes v3 to v4:
* SP800-108 KDF kernel configuration parameter is not user selectable
  as suggested by Eric Biggers
* update the error code path for the self test handling to mirror
  testmgr.c as suggested by Eric Biggers
* further cleanup in kdf_alloc as suggested by Mat Martineau

Changes v2 to v3:

* port to kernel 5.16-rc1
* remove the HKDF patch to only leave the SP800-108 patch

Stephan Mueller (4):
  crypto: Add key derivation self-test support code
  crypto: add SP800-108 counter key derivation function
  security: DH - remove dead code for zero padding
  security: DH - use KDF implementation from crypto API

 crypto/Kconfig                         |   4 +
 crypto/Makefile                        |   5 +
 crypto/kdf_sp800108.c                  | 153 +++++++++++++++++++++++++
 include/crypto/internal/kdf_selftest.h |  71 ++++++++++++
 include/crypto/kdf_sp800108.h          |  61 ++++++++++
 security/keys/Kconfig                  |   2 +-
 security/keys/dh.c                     | 130 ++++-----------------
 7 files changed, 315 insertions(+), 111 deletions(-)
 create mode 100644 crypto/kdf_sp800108.c
 create mode 100644 include/crypto/internal/kdf_selftest.h
 create mode 100644 include/crypto/kdf_sp800108.h

-- 
2.33.1





             reply	other threads:[~2021-11-19  6:59 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-11-19  6:55 Stephan Müller [this message]
2021-11-19  6:55 ` [PATCH v4 1/4] crypto: Add key derivation self-test support code Stephan Müller
2021-11-19  6:55 ` [PATCH v4 2/4] crypto: add SP800-108 counter key derivation function Stephan Müller
2021-11-19  6:58 ` [PATCH v4 3/4] security: DH - remove dead code for zero padding Stephan Müller
2021-11-19  6:59 ` [PATCH v4 4/4] security: DH - use KDF implementation from crypto API Stephan Müller
2021-11-19 18:36   ` Mat Martineau
2021-11-26  5:32 ` [PATCH v4 0/4] Add SP800-108 KDF implementation to " Herbert Xu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4642773.OV4Wx5bFTl@positron.chronox.de \
    --to=smueller@chronox.de \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mathew.j.martineau@linux.intel.com \
    --cc=simo@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.