Am Dienstag, 8. Januar 2019, 06:03:58 CET schrieb Herbert Xu: Hi Herbert,
> Are we going to have multiple implementations for the same KDF? > If not then the crypto API is not a good fit. To consolidate > multiple implementations of the same KDF, simply provide helpers > for them. It is unlikely to have multiple implementations of a KDF. However, KDFs relate to hashes like block chaining modes to raw block ciphers. Thus a KDF can be applied with different hashes. My idea was to add template support to RNGs (because KDFs are effectively a type of RNG since they produce an arbitrary output from a fixed input). The KDFs would be a template wrapping hashes. For example, the CTR-KDF from SP800-108 could be instantiated like kdf-ctr(sha256). Ciao Stephan
