Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1145644imu; Wed, 9 Jan 2019 12:28:26 -0800 (PST) X-Google-Smtp-Source: ALg8bN7Si0VJpzfaZysLVPH7+54Jj3mXXVAD0u5rOzTijPTqvBSMymYd2ljBztDeDWy8axpzbi2o X-Received: by 2002:a63:6207:: with SMTP id w7mr6561455pgb.90.1547065706373; Wed, 09 Jan 2019 12:28:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547065706; cv=none; d=google.com; s=arc-20160816; b=PpDEAW8uJ8zQYGBIJ8KdiidvUQJGJmxHMLf8lL5kpXbFlqsk3YNwXMs4kXlLPc0ZHF dcSqlWfV5ketzIjkJ8/a9ldzc3X+cUpUfBjPaSTmzdT0IsjfmwpgJcHXFzxe+WNw6I2i grzru+pdp2b6YrT54ZTq2lItkQ5GV5QVl2grJdHtjIgL8ruaeykI88gWD9LSPav+PaOR /yFx1hLs4EsWQ6MmHNFfLwDRbC1VwCsSIyzzY5uL/Unl40I05EbFYHndjf4twmTiB1Z4 6XVbYAAf1yiLOYAZrdL9NVYNhLIrd7jq6TGZxdB4bkbEdR5MjwkPCPWvCJHnupidswwh EIiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=p/Xb2WrPLDUmNRmCJ6VKjd0OUIzYPuko8yOedvGeWIs=; b=ggSfMbH+Qcy5VMYzkstPNPRsMKY5tmX1FY57zxPNZmKNWNMOk96kbg9PIQjWryVDUa Z9SmvsRoAGlhkH5dkQ5YX2pg6JOeyGkX2S5G4wICC9OhKAv7r14h227OpnnV0RkQrwT0 h14WJ0dejurZ+WyU3n3cwFkCttbuOZb9aB3G0Z83/H9cfm37mKfoe/bBSvZpIx/R/c2n mufw9VnRoyM82FH1LTaheeD3Vk7CiI9U9HRlnhhfZeGSDgOHhUd2V2w6hgpRh9aBfmCP j30ITmw8NkidVul1ylZK/1Oibu4priOZFSPhP4CIPx3q0lY6gMeieOjrfcMDgqrE8Hkf 2d+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=aK9yeqbT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e188si8738524pfa.16.2019.01.09.12.28.10; Wed, 09 Jan 2019 12:28:26 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@chronox.de header.s=strato-dkim-0002 header.b=aK9yeqbT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726560AbfAISTC (ORCPT + 99 others); Wed, 9 Jan 2019 13:19:02 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.51]:31530 "EHLO mo4-p01-ob.smtp.rzone.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726515AbfAISTC (ORCPT ); Wed, 9 Jan 2019 13:19:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1547057939; s=strato-dkim-0002; d=chronox.de; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: X-RZG-CLASS-ID:X-RZG-AUTH:From:Subject:Sender; bh=p/Xb2WrPLDUmNRmCJ6VKjd0OUIzYPuko8yOedvGeWIs=; b=aK9yeqbTBVWcKgyDSQeCmnjpnHBKS4QFdRQ37WYZm6uDN6iM2OAHo0HqD5PshLSQEc gt8eA3Tn06SQXXJ+EfJbsRfbvypupT9UbpZpI4KikcvWrDNnFPybEgchjUMfWVsHewdk 8XvGgwgjhvRW/cjRm00Xp95iE7zXOyZWkJUFFI/QttbNP3iU5O/kZqp/39ZP15k18RSu BEgMAgzMwYdivtWOz5Cmbz/E7NCzz7pzA6L7Oqe/TzWO/9GFPBC4ITB+3qn3XLQzY5Mc HTrsGJQvA4ApFXAIhI97uL9WaEgJ+sbATBfb8E2HsZxbYibZKYJVGmLyAyXBKlD2ES6V piTg== X-RZG-AUTH: ":P2ERcEykfu11Y98lp/T7+hdri+uKZK8TKWEqNyiHySGSa9k9xmwdNnzGHXPaLvSbdkg=" X-RZG-CLASS-ID: mo00 Received: from tauon.chronox.de by smtp.strato.de (RZmta 44.9 DYNA|AUTH) with ESMTPSA id 309bcfv09IIDSNk (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve secp521r1 with 521 ECDH bits, eq. 15360 bits RSA)) (Client did not present a certificate); Wed, 9 Jan 2019 19:18:13 +0100 (CET) From: Stephan Mueller To: Eric Biggers Cc: James Bottomley , Andy Lutomirski , Herbert Xu , "Lee, Chun-Yi" , "Rafael J . Wysocki" , Pavel Machek , linux-kernel@vger.kernel.org, linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn , Andy Lutomirski Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Date: Wed, 09 Jan 2019 19:18:13 +0100 Message-ID: <2049180.FbvvROCS3Z@tauon.chronox.de> In-Reply-To: <20190109173454.GB249140@gmail.com> References: <20190103143227.9138-1-jlee@suse.com> <2344329.gmPllosFfp@tauon.chronox.de> <20190109173454.GB249140@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am Mittwoch, 9. Januar 2019, 18:34:55 CET schrieb Eric Biggers: Hi Eric, > That would not meet my performance requirements as I want to precompute > HKDF-Extract, and then do HKDF-Expand many times. Also the HKDF-Expand part > should be thread-safe and not require allocating memory, especially not a > whole crypto_shash tfm every time. > > So presumably with crypto_rng, crypto_rng_reset() would need to take the > input keyring material and salt and do HKDF-Extract (like my > fscrypt_init_hkdf()), and crypto_rng_generate() would need to take the > application-specific info string and do HKDF-Expand (like my > fscrypt_hkdf_expand()). Great, that was the idea I had in mind as well. Maybe the example was not right to convey that. Let me work on that. > > It is ugly though. Please also consider just having simple crypto_hkdf_*() > helper functions which wrap a HMAC tfm along the lines of my patch, rather > than shoehorning it into the crypto_rng API. > > - Eric Ciao Stephan