f1c316a3ab
SP800-56A defines the use of DH with key derivation function based on a counter. The input to the KDF is defined as (DH shared secret || other information). The value for the "other information" is to be provided by the caller. The KDF is implemented using the hash support from the kernel crypto API. The implementation uses the symmetric hash support as the input to the hash operation is usually very small. The caller is allowed to specify the hash name that he wants to use to derive the key material allowing the use of all supported hashes provided with the kernel crypto API. As the KDF implements the proper truncation of the DH shared secret to the requested size, this patch fills the caller buffer up to its size. The patch is tested with a new test added to the keyutils user space code which uses a CAVS test vector testing the compliance with SP800-56A. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com> |
||
---|---|---|
.. | ||
tpm | ||
00-INDEX | ||
apparmor.txt | ||
conf.py | ||
credentials.txt | ||
IMA-templates.txt | ||
index.rst | ||
keys-ecryptfs.txt | ||
keys-request-key.txt | ||
keys-trusted-encrypted.txt | ||
keys.txt | ||
LoadPin.txt | ||
LSM.txt | ||
self-protection.txt | ||
SELinux.txt | ||
Smack.txt | ||
tomoyo.txt | ||
Yama.txt |