On Fri, Jul 14, 2017 at 09:24:40AM -0700, Michael Halcrow wrote:
> > +static int hkdf_expand(struct crypto_shash *hmac, u8 context,
> > + const u8 *info, unsigned int infolen,
> > + u8 *okm, unsigned int okmlen)
> > +{
> > + SHASH_DESC_ON_STACK(desc, hmac);
> >
On Wed, Jul 12, 2017 at 02:00:32PM -0700, Eric Biggers wrote:
> From: Eric Biggers
>
> By design, the keys which userspace provides in the keyring are not used
> to encrypt data directly. Instead, a KDF (Key Derivation Function) is
> used to derive a unique encryption key
Am Donnerstag, 13. Juli 2017, 20:10:57 CEST schrieb Eric Biggers:
Hi Eric,
> Hi Stephan,
>
> On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> > Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
> >
> > Hi Herbert,
> >
> > This patch adds a second KDF to the
Hi Stephan,
On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
>
> Hi Herbert,
>
> This patch adds a second KDF to the kernel -- the first is found in the keys
> subsystem.
>
> The next KDF that may come in is in
Am Donnerstag, 13. Juli 2017, 18:07:54 CEST schrieb Herbert Xu:
Hi Herbert,
> Sure. Though I'd like to see what it looks like before I commit :)
Naturally. :-)
The patches would create an RNG template support. KDFs are not more than
special-purpose RNGs.
Ciao
Stephan
On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
>
> Hi Herbert,
>
> This patch adds a second KDF to the kernel -- the first is found in the keys
> subsystem.
>
> The next KDF that may come in is in the TLS scope.
Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
Hi Herbert,
This patch adds a second KDF to the kernel -- the first is found in the keys
subsystem.
The next KDF that may come in is in the TLS scope.
Would it make sense to warm up the KDF patches adding generic KDF support to
From: Eric Biggers
By design, the keys which userspace provides in the keyring are not used
to encrypt data directly. Instead, a KDF (Key Derivation Function) is
used to derive a unique encryption key for each inode, given a "master"
key and a nonce. The current KDF