On Fri, Jul 14, 2017 at 09:24:40AM -0700, Michael Halcrow wrote:
> > +static int hkdf_expand(struct crypto_shash *hmac, u8 context,
> > + const u8 *info, unsigned int infolen,
> > + u8 *okm, unsigned int okmlen)
> > +{
> > + SHASH_DESC_ON_STACK(desc, hmac);
> > +
On Fri, Jul 14, 2017 at 09:24:40AM -0700, Michael Halcrow wrote:
> On Wed, Jul 12, 2017 at 02:00:32PM -0700, Eric Biggers wrote:
> > From: Eric Biggers
> >
> > By design, the keys which userspace provides in the keyring are not used
> > to encrypt data directly. Instead, a KDF (Key Derivation Fu
On Wed, Jul 12, 2017 at 02:00:32PM -0700, Eric Biggers wrote:
> From: Eric Biggers
>
> By design, the keys which userspace provides in the keyring are not used
> to encrypt data directly. Instead, a KDF (Key Derivation Function) is
> used to derive a unique encryption key for each inode, given a
Am Donnerstag, 13. Juli 2017, 20:10:57 CEST schrieb Eric Biggers:
Hi Eric,
> Hi Stephan,
>
> On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> > Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
> >
> > Hi Herbert,
> >
> > This patch adds a second KDF to the kerne
Hi Stephan,
On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
>
> Hi Herbert,
>
> This patch adds a second KDF to the kernel -- the first is found in the keys
> subsystem.
>
> The next KDF that may come in is in th
Am Donnerstag, 13. Juli 2017, 18:07:54 CEST schrieb Herbert Xu:
Hi Herbert,
> Sure. Though I'd like to see what it looks like before I commit :)
Naturally. :-)
The patches would create an RNG template support. KDFs are not more than
special-purpose RNGs.
Ciao
Stephan
On Thu, Jul 13, 2017 at 04:54:55PM +0200, Stephan Müller wrote:
> Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
>
> Hi Herbert,
>
> This patch adds a second KDF to the kernel -- the first is found in the keys
> subsystem.
>
> The next KDF that may come in is in the TLS scope.
Am Mittwoch, 12. Juli 2017, 23:00:32 CEST schrieb Eric Biggers:
Hi Herbert,
This patch adds a second KDF to the kernel -- the first is found in the keys
subsystem.
The next KDF that may come in is in the TLS scope.
Would it make sense to warm up the KDF patches adding generic KDF support to
t