Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3744502imu; Mon, 7 Jan 2019 08:41:03 -0800 (PST) X-Google-Smtp-Source: ALg8bN6Xl+XNFfNfLgklwJGqQVcQfBo0MQTMN9ImiQ1xhvoEBHoa72YAho7pfv4xvkW4i6xA3RC3 X-Received: by 2002:a17:902:8641:: with SMTP id y1mr61760707plt.159.1546879263799; Mon, 07 Jan 2019 08:41:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546879263; cv=none; d=google.com; s=arc-20160816; b=GxBNka8YVWqZFw2NrEsGH9aAMbw5O+R2YvjbuetbrEuZgc9sdMM/DcV9s0z+mecnjw 5Jmh9BiTNZqFKtkhAX+mpJaEHPMB5LXPE63Eo5UZu497JuBIu6AtslNWAv3Fqd0TMxyB EM0gsTgy/VZzfegY0RZ/hM1PRyf4A/Cw1ekBAFYqoAkcZ9Ck7Sh3Evzv8dVPMZ58tV/C JxZ3tjzn85p6DfCWtxp05rxA9M3JqQ85tekd2enGwn4B1osOwKKn+OCEGz6jzMaTUpfE XtWn4u/iGH2yM5+RPq6smnGGBq1c4R81DmxYbSbN+p1YCVIaHDPafWAiTmGhfxnsPohU qgcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=FWgpn4Gs1XQXE55hR7MjDyXAwrGdQnmdLnAxI/A6CE0=; b=NwkdP6Mz3SAnmyprfJheq/MWlU0mSSOuSm5VVkCR90yU/OEblPEbjUUpFgGazvtZyz 7c/rx3LEUCUMvW4OEN/NRXWtlZnYlgP7bW09pNoQFyJjyNXn33sZcPfvMuIysiQmbIY2 DhWG9/bqlW6LKU7A97Fh6sb3QEv1dfW+CYnJbEZz2h+qEQe62uqHMcM+wKLEERXu3+U9 Na6QMC1hoKmiHcMo9rJxXeA/g27fZIR94Te7WbAdMDzTkhBJxVMN6nhOVTjSUblThLeO s/S6jIbZh4fKgdsA6736UC9oB3L8hlNx+hq8GilR9ySkpvTKbV1Ed9IuALSUIFpjyZ7Z 6z7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=bc0wctjv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si10036243pgi.547.2019.01.07.08.40.48; Mon, 07 Jan 2019 08:41:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=bc0wctjv; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727110AbfAGPxC (ORCPT + 99 others); Mon, 7 Jan 2019 10:53:02 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.50]:31130 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726873AbfAGPxC (ORCPT ); Mon, 7 Jan 2019 10:53:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1546876380; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=FWgpn4Gs1XQXE55hR7MjDyXAwrGdQnmdLnAxI/A6CE0=; b=bc0wctjvLab0SDb+PqUKsj4hZvMURIeTjmR73RuSPaN+9FCRM2WNdiCHC8dXNFslgG 5IKhSl6yuH+7zLn4GbcVR2KtjwyWO1thtKXpnLC6g+n5z/Z3aNNVtmuc9n6hzdZOz2Oq V/yfGJrzhRjpSNi1OMIvL/tceTrdwep/Kf6j9rS2yiOMv7myBRQ6xqaBAFvaqzRb/PCf 8vgA5m5DnOHA0cpPmoXThMVSOSswbQDs7v8J8LQko2/kAZuYKdik9zwIxaRAl6sSjRym zpBg8SFB+dL5SN/ad4l55roIeQXdd+Zqw5aK1pPQKxJY7Jb1VNWmc0zLJ11lhxTgFKH2 bqTA== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaJ/SfQIux" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.9 DYNA|AUTH) with ESMTPSA id 309bcfv07Fq1Evw (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Mon, 7 Jan 2019 16:52:01 +0100 (CET) From: Stephan Mueller To: herbert@gondor.apana.org.au Cc: "Lee, Chun-Yi" , "Rafael J . Wysocki" , Pavel Machek , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Date: Mon, 07 Jan 2019 16:52:00 +0100 Message-ID: <4499700.LRS4F2YjjC@tauon.chronox.de> In-Reply-To: <20190107153327.GB4210@linux-l9pv.suse> References: <20190103143227.9138-1-jlee@suse.com> <4539995.kc8yiMsNgQ@tauon.chronox.de> <20190107153327.GB4210@linux-l9pv.suse> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Montag, 7. Januar 2019, 16:33:27 CET schrieb joeyli: Hi Herbert, > > > use an official KDF type like SP800-108 or HKDF? > > > > You find the counter-KDF according to SP800-108 in security/keys/dh.c > > (search for functions *kdf*). > > > > Or we may start pulling in KDF support into the kernel crypto API via the > > patches along the line of [1]. > > > > [1] http://www.chronox.de/kdf.html > > Thanks for your suggestion. I didn't touch any key derivation standard > before. I will study it. > > But I still want to use my original function currently. Because the same > logic is also used in trusted key. I will happy to move to SP800-108 or > HKDF when it's available in kernel. Would it make sense to polish these mentioned KDF patches and add them to the kernel crypto API? The sprawl of key derivation logic here and there which seemingly does not comply to any standard and thus possibly have issues should be prevented and cleaned up. Ciao Stephan