From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephan Mueller <smueller@chronox.de>
Date: Wed, 09 Jan 2019 10:17:45 +0000
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
Message-Id: <2344329.gmPllosFfp@tauon.chronox.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1250"
Content-Transfer-Encoding: base64
List-Id: <keyrings.vger.kernel.org>
References: <20190103143227.9138-1-jlee@suse.com> <1894062.aDvIuj92vB@tauon.chronox.de> <20190109082103.GA8586@sol.localdomain>
In-Reply-To: <20190109082103.GA8586@sol.localdomain>
To: Eric Biggers <ebiggers@kernel.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>, Andy Lutomirski <luto@amacapital.net>, Herbert Xu <herbert@gondor.apana.org.au>, "Lee, Chun-Yi" <joeyli.kernel@gmail.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz>, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>, Ryan Chen <yu.chen.surf@gmail.com>, David Howells <dhowells@redhat.com>, Giovanni Gherdovich <ggherdovich@suse.cz>, Randy Dunlap <rdunlap@infradead.org>, Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>

QW0gTWl0dHdvY2gsIDkuIEphbnVhciAyMDE5LCAwOToyMTowNCBDRVQgc2NocmllYiBFcmljIEJp
Z2dlcnM6CgpIaSBFcmljLAo+IAo+IEZXSVcsIGl0J3MgYmVlbiB2ZXJ5IHNsb3cgZ29pbmcgc2lu
Y2UgSSd2ZSBiZWVuIHdvcmtpbmcgb24gb3RoZXIgcHJvamVjdHMKPiBhbmQgSSBhbHNvIG5lZWQg
dG8gYmUgdmVyeSBzdXJlIHRvIGdldCB0aGUgQVBJIGNoYW5nZXMgcmlnaHQsIGJ1dCBJIHN0aWxs
Cj4gcGxhbiB0byBjaGFuZ2UgdGhlIEtERiBpbiBmc2NyeXB0IChhLmsuYS4gZXh0NC9mMmZzL3Vi
aWZzIGVuY3J5cHRpb24pIHRvCj4gSEtERi1TSEE1MTIgYXMgcGFydCBvZiBhIGxhcmdlciBzZXQg
b2YgaW1wcm92ZW1lbnRzIHRvIGhvdyBmc2NyeXB0Cj4gZW5jcnlwdGlvbiBrZXlzIGFyZSBtYW5h
Z2VkLiBJIHNlbnQgdGhlIGxhc3QgcGF0Y2hzZXQgYSB5ZWFyIGFnbwo+IChodHRwczovL21hcmMu
aW5mby8/bD1saW51eC1mc2RldmVsJm0VMDg3OTQ5MzIwNjI1NykgYnV0IEknbSB3b3JraW5nIHRv
Cj4gcmV2aXZlIGl0LiAgSW4gdGhlIHdvcmstaW4tcHJvZ3Jlc3MgdmVyc2lvbiBpbiBteSBnaXQg
dHJlZSwgdGhpcyBpcyB0aGUKPiBjb21taXQgdGhhdCBhZGRzIGEgSEtERiBpbXBsZW1lbnRhdGlv
biBhcyBmcy9jcnlwdG8vaGtkZi5jOgo+IGh0dHBzOi8vZ2l0Lmtlcm5lbC5vcmcvcHViL3NjbS9s
aW51eC9rZXJuZWwvZ2l0L2ViaWdnZXJzL2xpbnV4LmdpdC9jb21taXQvP2kKPiBk6GE3ODc2NzEz
MWM5NzE3ZWU4MzhmMGM0ZTMwNzk0OGQ2NWE0NDI3IEl0IGJhc2ljYWxseSBqdXN0IHdyYXBzIGEK
PiBjcnlwdG9fc2hhc2ggZm9yICJobWFjKHNoYTUxMikiLgo+IAo+IEknZCBiZSBmaW5lIHdpdGgg
dXNpbmcgYSBjb21tb24gaW1wbGVtZW50YXRpb24gaW5zdGVhZCwgcHJvdmlkZWQgdGhhdCBpdAo+
IGdpdmVzIHRoZSBzYW1lIGZ1bmN0aW9uYWxpdHksIGluY2x1ZGluZyBzdXBwb3J0aW5nIHVzZXIt
c3BlY2lmaWVkIHNhbHQgYW5kCj4gYXBwbGljYXRpb24tc3BlY2lmaWMgaW5mbyBzdHJpbmdzLCBh
bmQgaXNuJ3Qgc2xvd2VyIG9yIG1vcmUgY29tcGxleCB0byB1c2UuCj4gCj4gKFRoaXMgY29tbWVu
dCBpcyBzb2xlbHkgb24gdGhlIHRhbmdlbnRpYWwgZGlzY3Vzc2lvbiBhYm91dCBLREYKPiBpbXBs
ZW1lbnRhdGlvbnM7IEkndmUgbm90IGxvb2tlZCBhdCB0aGUgaGliZXJuYXRpb24gaW1hZ2UgZW5j
cnlwdGlvbiBzdHVmZgo+IHlldC4pCgpUaGFua3MgZm9yIHRoZSBjbGFyaWZpY2F0aW9uLiBJIGhh
dmUgc3RhcnRlZCBhIGdlbmVyaWMgSEtERiBpbXBsZW1lbnRhdGlvbiBmb3IgCnRoZSBrZXJuZWwg
Y3J5cHRvIEFQSSB3aGljaCBsZWFkIHRvIHRoZSBxdWVzdGlvbnMgYWJvdmUuIEkgd291bGQgdGhl
biBhbHNvIHRyeSAKdG8gcHJvdmlkZSBhIEhLREYgcHJvcG9zYWwuCgpUbyB1c2UgdGhlIChIKUtE
RiwgSSBjdXJyZW50bHkgZW52aXNpb24gMiBjYWxscyBhcGFydCBmcm9tIGFsbG9jL2ZyZWUuIFRo
ZSAKZm9sbG93aW5nIGNvZGUgd291bGQgc2VydmUgYXMgYW4gZXhhbXBsZS4KCiAqIEV4YW1wbGUg
d2l0aG91dCBwcm9wZXIgZXJyb3IgaGFuZGxpbmc6CiAqICAgICAgY2hhciAqa2V5aW5nX21hdGVy
aWFsID0gIlx4MDBceDExXHgyMlx4MzNceDQ0XHg1NVx4NjZceDc3IjsKICogICAgICBjaGFyICps
YWJlbF9jb250ZXh0ID0gIlx4ZGVceGFkXHhiZVx4ZWZceDAwXHhkZVx4YWRceGJlXHhlZiI7CiAq
ICAgICAga2RmID0gY3J5cHRvX2FsbG9jX3JuZyhuYW1lLCAwLCAwKTsKICogICAgICBjcnlwdG9f
cm5nX3Jlc2V0KGtkZiwga2V5aW5nX21hdGVyaWFsLCA4KTsKICogICAgICBjcnlwdG9fcm5nX2dl
bmVyYXRlKGtkZiwgbGFiZWxfY29udGV4dCwgOSwgb3V0YnVmLCBvdXRidWZsZW4pOwoKVGhhdCBo
b3BlZnVsbHkgc2hvdWxkIGJlIHNpbXBsZSBlbm91Z2guCgpGb3IgSEtERiwgYXMgbWVudGlvbmVk
LCBJIHdvdWxkIGVudmlzaW9uIHRvIHVzZSBhIHN0cnVjdCBpbnN0ZWFkIG9mIGEgY2hhciAqIApm
b3IgdGhlIGxhYmVsX2NvbnRleHQgdG8gY29tbXVuaWNhdGUgSUtNLCBTYWx0LCBhbmQgdGhlIGxh
YmVsL2luZm8gCmluZm9ybWF0aW9uLgoKQ2lhbwpTdGVwaGFuCgo=

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Stephan Mueller <smueller@chronox.de>
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
Date: Wed, 09 Jan 2019 11:17:45 +0100
Message-ID: <2344329.gmPllosFfp@tauon.chronox.de>
References: <20190103143227.9138-1-jlee@suse.com> <1894062.aDvIuj92vB@tauon.chronox.de> <20190109082103.GA8586@sol.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7Bit
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20190109082103.GA8586@sol.localdomain>
Sender: linux-kernel-owner@vger.kernel.org
To: Eric Biggers <ebiggers@kernel.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>, Andy Lutomirski <luto@amacapital.net>, Herbert Xu <herbert@gondor.apana.org.au>, "Lee, Chun-Yi" <joeyli.kernel@gmail.com>, "Rafael J . Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz>, linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>, Chen Yu <yu.c.chen@intel.com>, Oliver Neukum <oneukum@suse.com>, Ryan Chen <yu.chen.surf@gmail.com>, David Howells <dhowells@redhat.com>, Giovanni Gherdovich <ggherdovich@suse.cz>, Randy Dunlap <rdunlap@infradead.org>, Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>
List-Id: linux-pm@vger.kernel.org

Am Mittwoch, 9. Januar 2019, 09:21:04 CET schrieb Eric Biggers:

Hi Eric,
> 
> FWIW, it's been very slow going since I've been working on other projects
> and I also need to be very sure to get the API changes right, but I still
> plan to change the KDF in fscrypt (a.k.a. ext4/f2fs/ubifs encryption) to
> HKDF-SHA512 as part of a larger set of improvements to how fscrypt
> encryption keys are managed. I sent the last patchset a year ago
> (https://marc.info/?l=linux-fsdevel&m=150879493206257) but I'm working to
> revive it.  In the work-in-progress version in my git tree, this is the
> commit that adds a HKDF implementation as fs/crypto/hkdf.c:
> https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/linux.git/commit/?i
> d=e8a78767131c9717ee838f0c4e307948d65a4427 It basically just wraps a
> crypto_shash for "hmac(sha512)".
> 
> I'd be fine with using a common implementation instead, provided that it
> gives the same functionality, including supporting user-specified salt and
> application-specific info strings, and isn't slower or more complex to use.
> 
> (This comment is solely on the tangential discussion about KDF
> implementations; I've not looked at the hibernation image encryption stuff
> yet.)

Thanks for the clarification. I have started a generic HKDF implementation for 
the kernel crypto API which lead to the questions above. I would then also try 
to provide a HKDF proposal.

To use the (H)KDF, I currently envision 2 calls apart from alloc/free. The 
following code would serve as an example.

 * Example without proper error handling:
 *      char *keying_material = "\x00\x11\x22\x33\x44\x55\x66\x77";
 *      char *label_context = "\xde\xad\xbe\xef\x00\xde\xad\xbe\xef";
 *      kdf = crypto_alloc_rng(name, 0, 0);
 *      crypto_rng_reset(kdf, keying_material, 8);
 *      crypto_rng_generate(kdf, label_context, 9, outbuf, outbuflen);

That hopefully should be simple enough.

For HKDF, as mentioned, I would envision to use a struct instead of a char * 
for the label_context to communicate IKM, Salt, and the label/info 
information.

Ciao
Stephan