forked from Minki/linux
026a733e66
SP800-108 defines three KDFs - this patch provides the counter KDF implementation. The KDF is implemented as a service function where the caller has to maintain the hash / HMAC state. Apart from this hash/HMAC state, no additional state is required to be maintained by either the caller or the KDF implementation. The key for the KDF is set with the crypto_kdf108_setkey function which is intended to be invoked before the caller requests a key derivation operation via crypto_kdf108_ctr_generate. SP800-108 allows the use of either a HMAC or a hash as crypto primitive for the KDF. When a HMAC primtive is intended to be used, crypto_kdf108_setkey must be used to set the HMAC key. Otherwise, for a hash crypto primitve crypto_kdf108_ctr_generate can be used immediately after allocating the hash handle. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
62 lines
2.1 KiB
C
62 lines
2.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
/*
|
|
* Copyright (C) 2021, Stephan Mueller <smueller@chronox.de>
|
|
*/
|
|
|
|
#ifndef _CRYPTO_KDF108_H
|
|
#define _CRYPTO_KDF108_H
|
|
|
|
#include <crypto/hash.h>
|
|
#include <linux/uio.h>
|
|
|
|
/**
|
|
* Counter KDF generate operation according to SP800-108 section 5.1
|
|
* as well as SP800-56A section 5.8.1 (Single-step KDF).
|
|
*
|
|
* @kmd Keyed message digest whose key was set with crypto_kdf108_setkey or
|
|
* unkeyed message digest
|
|
* @info optional context and application specific information - this may be
|
|
* NULL
|
|
* @info_vec number of optional context/application specific information entries
|
|
* @dst destination buffer that the caller already allocated
|
|
* @dlen length of the destination buffer - the KDF derives that amount of
|
|
* bytes.
|
|
*
|
|
* To comply with SP800-108, the caller must provide Label || 0x00 || Context
|
|
* in the info parameter.
|
|
*
|
|
* @return 0 on success, < 0 on error
|
|
*/
|
|
int crypto_kdf108_ctr_generate(struct crypto_shash *kmd,
|
|
const struct kvec *info, unsigned int info_nvec,
|
|
u8 *dst, unsigned int dlen);
|
|
|
|
/**
|
|
* Counter KDF setkey operation
|
|
*
|
|
* @kmd Keyed message digest allocated by the caller. The key should not have
|
|
* been set.
|
|
* @key Seed key to be used to initialize the keyed message digest context.
|
|
* @keylen This length of the key buffer.
|
|
* @ikm The SP800-108 KDF does not support IKM - this parameter must be NULL
|
|
* @ikmlen This parameter must be 0.
|
|
*
|
|
* According to SP800-108 section 7.2, the seed key must be at least as large as
|
|
* the message digest size of the used keyed message digest. This limitation
|
|
* is enforced by the implementation.
|
|
*
|
|
* SP800-108 allows the use of either a HMAC or a hash primitive. When
|
|
* the caller intends to use a hash primitive, the call to
|
|
* crypto_kdf108_setkey is not required and the key derivation operation can
|
|
* immediately performed using crypto_kdf108_ctr_generate after allocating
|
|
* a handle.
|
|
*
|
|
* @return 0 on success, < 0 on error
|
|
*/
|
|
int crypto_kdf108_setkey(struct crypto_shash *kmd,
|
|
const u8 *key, size_t keylen,
|
|
const u8 *ikm, size_t ikmlen);
|
|
|
|
#endif /* _CRYPTO_KDF108_H */
|