From: Stephan Mueller <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: mathew.j.martineau@linux.intel.com, dhowells@redhat.com,
linux-crypto@vger.kernel.org, keyrings@vger.kernel.org
Subject: Re: [PATCH v5 3/4] crypto: kdf - SP800-108 Key Derivation Function
Date: Tue, 16 Aug 2016 11:25:33 +0200 [thread overview]
Message-ID: <1605606.kqFagSqufY@tauon.atsec.com> (raw)
In-Reply-To: <20160816091347.GA26733@gondor.apana.org.au>
Am Dienstag, 16. August 2016, 17:13:47 CEST schrieb Herbert Xu:
Hi Herbert,
> On Tue, Aug 16, 2016 at 11:11:47AM +0200, Stephan Mueller wrote:
> > Conceptually, a KDF is a random number generator by generating arbitrarily
> > sized strings from a fixed "seed". This lead me to add the RNG template
> > handling. Even the existing DRBG is more or less a "block chaining mode"
> > that is very similar to a KDF. Hence, the current plethora of 22
> > registered DRBGs could be elegantly eliminated if the DRBG is turned into
> > template using the proposed RNG framework.
>
> The point is that there is no alternative implementation for kdf,
> nor is there likely to be one.
I was thinking of the DRBG implementation: decouple it from the underlying
ciphers. Though, I am not fully sure that will work as there are several
specific settings that depend on the underlying ciphers (e.g. the state of a
Hash DRBG with SHA-256 is 444 bits whereas a Hash DRBG with SHA-512 has 888
bits).
>
> > If you think that a KDF should not be a generic mechanism, then the KDF
> > logic would need to move directly into the keys subsystem. But since TLS
> > is something folks speak about, a TLS KDF would need to be considered
> > eventually too which is yet again some form of RNG.
>
> If a TLS KDF comes with a hardware implementation then we could
> include it. Otherwise the answer would be the same.
It is certainly not an issue to move the KDF logic into the keys subsystem.
However, as it (may) resemble SP800-56A which is in line with FIPS 140-2,
folks may ask for a FIPS stamp on it. If a FIPS stamp is asked for, the KDF
itself must be subject to a self test (like what we have in testmgr.c). If we
move the KDF to the keys subsystem, the self test would then need to be
implemented there.
Ciao
Stephan
next prev parent reply other threads:[~2016-08-16 9:26 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-09 12:27 [PATCH v5 0/4] crypto: Key Derivation Function (SP800-108) Stephan Mueller
2016-08-09 12:27 ` [PATCH v5 1/4] crypto: add template handling for RNGs Stephan Mueller
2016-08-09 12:28 ` [PATCH v5 2/4] crypto: kdf - add known answer tests Stephan Mueller
2016-08-09 12:28 ` [PATCH v5 3/4] crypto: kdf - SP800-108 Key Derivation Function Stephan Mueller
2016-08-16 8:57 ` Herbert Xu
2016-08-16 9:11 ` Stephan Mueller
2016-08-16 9:13 ` Herbert Xu
2016-08-16 9:25 ` Stephan Mueller [this message]
2016-08-16 9:26 ` Herbert Xu
2016-08-09 12:28 ` [PATCH v5 4/4] crypto: kdf - enable compilation Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1605606.kqFagSqufY@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=mathew.j.martineau@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox