Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1124423imu;
        Wed, 9 Jan 2019 12:05:52 -0800 (PST)
X-Google-Smtp-Source: ALg8bN4s6yKZx/UenqhYg3oyMn0DxZwLErSpRfc7s/fkGRhYcn9JLHdIoHfej5LnF46XeMfXpvj4
X-Received: by 2002:a62:5444:: with SMTP id i65mr7544345pfb.193.1547064351990;
        Wed, 09 Jan 2019 12:05:51 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547064351; cv=none;
        d=google.com; s=arc-20160816;
        b=nv7vnCp/vKRlFkaCJFAO52vOQmP/9bJEi3Tm9HM7Hi5gqL5Z95UosFQ9s3IXCtNxYl
         Ylym/bwCVGpoQPqx7m9jSTYy6r5bQKpGVUJWHahNXzmVH3MROdUPp7ih7TtCs3QQGLSV
         Q78pGGzdCzYvxLCHKpwOuWRhWpR8qmB+0d4L/Z8FCNzwuE8V/4vjqmL5OMMtq4MohqYH
         PssByrjkwgoRf5a41VjtGfVlgp84wpHoXiOp5KvJoBLyKpSgXwUw5mFR+Ln+MhvmkDrh
         UF+gu1EN90l7Ffoxy9wsIlc/RnMK2OQVPHPf230u/AFwySowq3w++4ykw/oVwmr+ZuPu
         HLGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature;
        bh=V1oJIsLZXXu57/j7/vxPPuVVIxm2m7gHzG85TMCfHn8=;
        b=r1xogI/z/vX2T6whU+mdY8ztPPBT6cV8FBJW67S6xpg3Zw5wEriXOZ4wP/CsmOfcPM
         UXjrjfben7sMEhbzvfklpnQNWFl/cWmMq7bprzvqvivZFDgzgAmKxgo3tqWrcnOW9V1d
         gmfnd/TRS5E0dTTovMxQVnynmON8qObYx6cxQ1IpT1/37nc4P2yrc/l/w/XAhbOO1Yuh
         yZzeuw5fb54Q+0KWvX4gUEz0+SQLiqh1Z3EadMbfSbhE0IDDfCTzbnpVgnznVky3UXMc
         r7XOFD6/t4W7ZI5bVMyq19IgEpCAq2ME98UhEwF8jD0a5h2akm2+3w1DuVz9dOj15PE5
         Gmag==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=h4KOuosZ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e89si11457974plb.401.2019.01.09.12.05.32;
        Wed, 09 Jan 2019 12:05:51 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=h4KOuosZ;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732357AbfAIPex (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Wed, 9 Jan 2019 10:34:53 -0500
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:34170 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1730652AbfAIPex (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 9 Jan 2019 10:34:53 -0500
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 5DF3A8EE440;
        Wed,  9 Jan 2019 07:34:51 -0800 (PST)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id DUuIWG3ekyVq; Wed,  9 Jan 2019 07:34:51 -0800 (PST)
Received: from [153.66.254.194] (unknown [50.35.68.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5DE4F8EE092;
        Wed,  9 Jan 2019 07:34:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1547048091;
        bh=76j4m/rQEHqv8vtM5RnAkEGh1JBxdhkcc6WuiDbWSBY=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=h4KOuosZsIRCTxjjhBSXtfE3NaAEI8hQ23ehr8iD659I63nXMwI1VvQM0T9r4JhO+
         GaJC6MWOrYS1OeBDGHvSKlRwFq741t5T21M63H2Ru8yNQ+UL/nDx1wWJu4IcuYQn6w
         WZpF5PaEiTawkq+T7tbh0EJKoHxyZ0DIhlPq3dsU=
Message-ID: <1547048088.2879.6.camel@HansenPartnership.com>
Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Stephan Mueller <smueller@chronox.de>
Cc:     Andy Lutomirski <luto@amacapital.net>,
        Herbert Xu <herbert@gondor.apana.org.au>,
        "Lee, Chun-Yi" <joeyli.kernel@gmail.com>,
        "Rafael J . Wysocki" <rjw@rjwysocki.net>,
        Pavel Machek <pavel@ucw.cz>, linux-kernel@vger.kernel.org,
        linux-pm@vger.kernel.org, keyrings@vger.kernel.org,
        "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>,
        Chen Yu <yu.c.chen@intel.com>,
        Oliver Neukum <oneukum@suse.com>,
        Ryan Chen <yu.chen.surf@gmail.com>,
        David Howells <dhowells@redhat.com>,
        Giovanni Gherdovich <ggherdovich@suse.cz>,
        Randy Dunlap <rdunlap@infradead.org>,
        Jann Horn <jannh@google.com>, Andy Lutomirski <luto@kernel.org>
Date:   Wed, 09 Jan 2019 07:34:48 -0800
In-Reply-To: <1894062.aDvIuj92vB@tauon.chronox.de>
References: <20190103143227.9138-1-jlee@suse.com>
         <309406107.k3W2fMQUza@tauon.chronox.de>
         <1547017108.2789.24.camel@HansenPartnership.com>
         <1894062.aDvIuj92vB@tauon.chronox.de>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 2019-01-09 at 08:05 +0100, Stephan Mueller wrote:
> Am Mittwoch, 9. Januar 2019, 07:58:28 CET schrieb James Bottomley:
> 
> Hi James,
> 
> > On Wed, 2019-01-09 at 07:45 +0100, Stephan Mueller wrote:
> > > Am Mittwoch, 9. Januar 2019, 01:44:31 CET schrieb James
> > > Bottomley:
> > > 
> > > Hi James,
> > > 
> > > > Actually, it would be enormously helpful if we could reuse
> > > > these pieces for the TPM as well.
> > > 
> > > Could you please help me understand whether the KDFs in TPM are
> > > directly usable as a standalone cipher primitive or does it go
> > > together with additional  key generation operations?
> > 
> > They're used as generators ... which means they deterministically
> > produce keys from what the TPM calls seeds so we can get crypto
> > agility of TPM 2.0 ... well KDFa does.  KDFe is simply what NIST
> > recommends you do when using EC for a shared key agreement ... and
> > really we shouldn't be using ECDH in the kernel without it.
> > 
> 
> Thanks for clarifying. That would mean that indeed we would have
> hardware-provided KDF implementations that may be usable with the
> kernel crypto API.

Just on this point, the TPM doesn't actually provide any KDFa or e API,
so it can't be used for hardware acceleration (and even if it did, the
TPM is a pretty slow engine, so software would be faster anyway).  We
need these algorithms in software because the TPM uses key agreements
derived from shared secrets to produce session encryption keys to
ensure confidentiality and integrity (HMAC key), so we establish the
shared secret then have to derive our key in software and the TPM
derives the same key internally and we use the shared derived key to
symmetrically encrypt and/or HMAC secret communications.

James