Am Freitag, 19. August 2016, 20:39:09 CEST schrieb Stephan Mueller:

Hi David,

> SP800-56A defines the use of DH with key derivation function based on a
> counter. The input to the KDF is defined as (DH shared secret || other
> information). The value for the "other information" is to be provided by
> the caller.
> The KDF is implemented using the hash support from the kernel crypto API.
> The implementation uses the symmetric hash support as the input to the
> hash operation is usually very small. The caller is allowed to specify
> the hash name that he wants to use to derive the key material allowing
> the use of all supported hashes provided with the kernel crypto API.
> As the KDF implements the proper truncation of the DH shared secret to
> the requested size, this patch fills the caller buffer up to its size.
> The patch is tested with a new test added to the keyutils user space
> code which uses a CAVS test vector testing the compliance with
> SP800-56A.

Is there a decision about this patch set?

To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to
More majordomo info at

Reply via email to