Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp392918imu; Tue, 8 Jan 2019 22:48:54 -0800 (PST) X-Google-Smtp-Source: ALg8bN6gG/feBcG3cOvgqm1/Ff8QDGice7WohbXCefh4vPe42ivHr6skwrB3Mg09yV3lzDPumUoO X-Received: by 2002:a63:4e15:: with SMTP id c21mr2129754pgb.50.1547016534054; Tue, 08 Jan 2019 22:48:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547016534; cv=none; d=google.com; s=arc-20160816; b=ZbFc/TcLXIXYoB5baEobQB69I7c6A89POumlmvIBBRe+sTJOWJevD2qx8uOFlFUTlz fpj5GpUeiOobVFXgkvsXHqYKP8rns9aBX1VF8/cY22v4gUyM9MnaFCK7jD8pTKXuNzwp db2N2KFD/3qQ41Zbf5QsAYVkwxqeahsXgMmgCeFEJrnW4rjeaD1WSPGgPBR0qmSfKaYz 4KpU0NHFI2Em8fJwuOtRxKH20M6kWssmW9LrHNmaR6iDZMGJF7mL8MYsZ6eu8ecgGk/e gOXZtQT3A9YLkfKb2U+zREv89h1RnmNVk5KJk5scPxpvmvwzqmL6uIvVrBtYuvEOJg/X 6R/A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=B1zNwFmFiIapFdpP8iyrcrMTZuXmB8nc0JU8vXd1krs=; b=Zb4UdjycmBq4QZACC14f0K4pRxe7fIo1MMpLtRCS0XoAtE0dtGFbks1bc5+cWfL5mr bwoFwReuLmXcJEKikgxINFNviSBdoRLsYvEBZeRY7ju7F84E3p0VQKEVKOIt8Om4y+90 w/QwSQvcJkkgT0c/BY6Pu2cto9OHy+Ab6WduoNB2BvDz3NxA51cgu+rTfkoz7zHFNtfX EuPOercHZgwlKDVl94Vx3rpdcUY13Iina3mT9CEsZvHbM53g+o2l6S/Yw4fd6NFNOt0f 1QOCCOPyLj1YzXHhnK4AcbENDSn3fDjZraFMseWNE0lR8MDu5wh5llgaV7wp989YWxAq JkiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=tDYGI+El; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k62si9350824pfc.208.2019.01.08.22.48.38; Tue, 08 Jan 2019 22:48:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=tDYGI+El; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729797AbfAIGpu (ORCPT + 99 others); Wed, 9 Jan 2019 01:45:50 -0500 Received: from mo4-p02-ob.smtp.rzone.de ([85.215.255.80]:19603 "EHLO mo4-p02-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728661AbfAIGpu (ORCPT ); Wed, 9 Jan 2019 01:45:50 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1547016345; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=B1zNwFmFiIapFdpP8iyrcrMTZuXmB8nc0JU8vXd1krs=; b=tDYGI+ElFN1fidFf9flPNGZfVfjH58A0ajIE21VT/TfGeFFhtwdsx13P09Y+OL2qMM 6GXGmmwQvj+8M3e3fVXQKJFvfOUGEytkLlLI6yAKvlhmZeT8XWqNvIMCPUx2Jpg4Bqnv speQielcDoPPitDspAXO9e5iTBJh4F40smvCZ/J7qVYh5qiyfGjm9mAmuwi1iybgVtsq gXH2JPI5LJXbcZtX/qg85ueXmmIUXZuhh9O3OpWMeUey1CoxnYfKHkBo508VXPMjuqVs thoUCl7wOVS8/lGfVPlOZ6kvYgElujAnJK2sQ0lgS3lxS7x6xoWapBO/utbrYD2jWG7W bl6w== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaLvSbdkg=" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.9 DYNA|AUTH) with ESMTPSA id 309bcfv096jLNs3 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Wed, 9 Jan 2019 07:45:21 +0100 (CET) From: Stephan Mueller To: James Bottomley Cc: Andy Lutomirski , Herbert Xu , "Lee, Chun-Yi" , "Rafael J . Wysocki" , Pavel Machek , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Date: Wed, 09 Jan 2019 07:45:21 +0100 Message-ID: <309406107.k3W2fMQUza@tauon.chronox.de> In-Reply-To: <1546994671.6077.10.camel@HansenPartnership.com> References: <20190103143227.9138-1-jlee@suse.com> <1546994671.6077.10.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Mittwoch, 9. Januar 2019, 01:44:31 CET schrieb James Bottomley: Hi James, > Actually, it would be enormously helpful if we could reuse these pieces > for the TPM as well. Could you please help me understand whether the KDFs in TPM are directly usable as a standalone cipher primitive or does it go together with additional key generation operations? > It has two KDFs: KDFa, which is the CTR-KDF from > SP800-108 and KDFe which is the SP800-56A KDF for elliptic curve one > pass Diffie Hellman, so if we're going to do the former, I'd really > like the latter as well. > > The way the TPM parametrises input to both KDFs is > > (hashAlg, key, label, contextU, contextV, bits) > > Where > > hashAlg = the hash algorithm used as the PRF > key = the input parameter of variable bit size or > the x co-ordinate of the shared point > label = An ASCII string representing the use > contextU = public input U > contextV = public input V > bits = number of output bits When implementing KDFs as an extension of the kernel crypto API's RNG facility we currently have to handle the limitiation of the existing API. The label/ context data (and when considering RFC 5869 HKDF requring IKM, salt and additional information as input) currently cannot directly be communicated through the API. The issue is that the RNG facility currently has the following prototype defined: int (*generate)(struct crypto_rng *tfm, const u8 *src, unsigned int slen, u8 *dst, unsigned int dlen); The src pointer would need to take the label/context data. Would it be appropriate, to implement a type cast to a structure from the u8 pointer? E.g. for the aforementioned label/context data, we could define something like struct crypto_kdf_ctr { char *label; size_t label_len; u8 *contextU; size_t contextU_len; u8 *contextV; size_t contextV_len; }; And the implementation of the generate function for CTR KDF would then have a type cast along the following lines: if (slen != sizeof(struct crypto_kdf_ctr)) return -EINVAL; const struct crypto_kdf_ctr *kdf_ctr_input = (struct crypto_kdf_ctr *)src; For different KDFs, different structs would be needed. Ciao Stephan