[PATCH 1/9] crypto,fs: Separate out hkdf_extract() and hkdf_expand()
Hannes Reinecke
hare at suse.de
Tue Oct 15 23:40:54 PDT 2024
On 10/15/24 17:41, Eric Biggers wrote:
> On Tue, Oct 15, 2024 at 05:05:40PM +0200, Hannes Reinecke wrote:
>> On 10/14/24 21:38, Eric Biggers wrote:
>>> On Fri, Oct 11, 2024 at 05:54:22PM +0200, Hannes Reinecke wrote:
>>>> Separate out the HKDF functions into a separate module to
>>>> to make them available to other callers.
>>>> And add a testsuite to the module with test vectors
>>>> from RFC 5869 to ensure the integrity of the algorithm.
>>>
>>> integrity => correctness
>>>
>> Okay.
>>
>>>> +config CRYPTO_HKDF
>>>> + tristate
>>>> + select CRYPTO_SHA1 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
>>>> + select CRYPTO_SHA256 if !CONFIG_CRYPTO_MANAGER_DISABLE_TESTS
>>>> + select CRYPTO_HASH2
>>>
>>> Any thoughts on including SHA512 tests instead of SHA1, given that SHA1 is
>>> obsolete and should not be used?
>>>
>> Hmm. The original implementation did use SHA1, so I used that.
>> But sure I can look into changing that.
>
> If you're talking about fs/crypto/hkdf.c which is where you're borrowing the
> code from, that uses SHA512.
>
Actually, I was talking about the test vectors themselves. RFC 5869 only
gives test vectors for SHA1 and SHA256, so that's what I've used.
I've found additional test vectors for the other functions at
https://github.com/brycx/Test-Vector-Generation/blob/master/HKDF/hkdf-hmac-sha2-test-vectors.md
so I'll be using them for adding tests for SHA384 and SHA512 (TLS on
NVMe-over-TCP is using SHA384, too) and delete the SHA1 ones.
Cheers,
Hannes
--
Dr. Hannes Reinecke Kernel Storage Architect
hare at suse.de +49 911 74053 688
SUSE Software Solutions GmbH, Frankenstr. 146, 90461 Nürnberg
HRB 36809 (AG Nürnberg), GF: I. Totev, A. McDonald, W. Knoblich
More information about the Linux-nvme
mailing list