From: Eric Biggers <ebiggers@kernel.org>
To: Hannes Reinecke <hare@suse.de>
Cc: Hannes Reinecke <hare@kernel.org>, Christoph Hellwig <hch@lst.de>,
Keith Busch <kbusch@kernel.org>, Sagi Grimberg <sagi@grimberg.me>,
linux-nvme@lists.infradead.org, linux-crypto@vger.kernel.org
Subject: Re: [PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand()
Date: Tue, 15 Oct 2024 15:41:10 +0000 [thread overview]
Message-ID: <20241015154110.GA2444622@google.com> (raw)
In-Reply-To: <e9ea2690-b3ac-47f0-a148-9e355841b6d0@suse.de>
On Tue, Oct 15, 2024 at 05:05:40PM +0200, Hannes Reinecke wrote:
> On 10/14/24 21:38, Eric Biggers wrote:
> > On Fri, Oct 11, 2024 at 05:54:22PM +0200, Hannes Reinecke wrote:
> > > Separate out the HKDF functions into a separate module to
> > > to make them available to other callers.
> > > And add a testsuite to the module with test vectors
> > > from RFC 5869 to ensure the integrity of the algorithm.
> >
> > integrity => correctness
> >
> Okay.
>
> > > +config CRYPTO_HKDF
> > > + tristate
> > > + select CRYPTO_SHA1 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
> > > + select CRYPTO_SHA256 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
> > > + select CRYPTO_HASH2
> >
> > Any thoughts on including SHA512 tests instead of SHA1, given that SHA1 is
> > obsolete and should not be used?
> >
> Hmm. The original implementation did use SHA1, so I used that.
> But sure I can look into changing that.
If you're talking about fs/crypto/hkdf.c which is where you're borrowing the
code from, that uses SHA512.
- Eric
next prev parent reply other threads:[~2024-10-15 15:41 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-11 15:54 [PATCHv10 0/9] nvme: implement secure concatenation Hannes Reinecke
2024-10-11 15:54 ` [PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-10-14 19:38 ` Eric Biggers
2024-10-15 15:05 ` Hannes Reinecke
2024-10-15 15:41 ` Eric Biggers [this message]
2024-10-16 6:40 ` Hannes Reinecke
2024-10-16 16:27 ` Eric Biggers
2024-10-11 15:54 ` [PATCH 2/9] nvme: add nvme_auth_generate_psk() Hannes Reinecke
2024-10-11 15:54 ` [PATCH 3/9] nvme: add nvme_auth_generate_digest() Hannes Reinecke
2024-10-11 15:54 ` [PATCH 4/9] nvme: add nvme_auth_derive_tls_psk() Hannes Reinecke
2024-10-11 15:54 ` [PATCH 5/9] nvme-keyring: add nvme_tls_psk_refresh() Hannes Reinecke
2024-10-11 15:54 ` [PATCH 6/9] nvme-tcp: request secure channel concatenation Hannes Reinecke
2024-10-11 15:54 ` [PATCH 7/9] nvme-fabrics: reset admin connection for secure concatenation Hannes Reinecke
2024-10-11 15:54 ` [PATCH 8/9] nvmet-tcp: support secure channel concatenation Hannes Reinecke
2024-10-11 15:54 ` [PATCH 9/9] nvmet: add tls_concat and tls_key debugfs entries Hannes Reinecke
-- strict thread matches above, loose matches on Subject: below --
2024-10-18 6:33 [PATCHv11 0/9] nvme: implement secure concatenaion Hannes Reinecke
2024-10-18 6:33 ` [PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-08-13 11:15 [PATCHv9 0/9] nvme: implement secure concatenation Hannes Reinecke
2024-08-13 11:15 ` [PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-08-27 17:52 ` Eric Biggers
2024-08-29 10:39 ` Hannes Reinecke
2024-08-29 21:54 ` Eric Biggers
2024-08-30 6:13 ` Hannes Reinecke
2024-07-22 14:21 [PATCHv8 0/9] nvme: implement secure concatenation Hannes Reinecke
2024-07-22 14:21 ` [PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand() Hannes Reinecke
2024-07-23 1:36 ` Eric Biggers
2024-07-23 6:24 ` Hannes Reinecke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241015154110.GA2444622@google.com \
--to=ebiggers@kernel.org \
--cc=hare@kernel.org \
--cc=hare@suse.de \
--cc=hch@lst.de \
--cc=kbusch@kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=sagi@grimberg.me \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).