linux/include/crypto/kdf_sp800108.h
Stephan Müller 026a733e66 crypto: kdf - add SP800-108 counter key derivation function
SP800-108 defines three KDFs - this patch provides the counter KDF
implementation.

The KDF is implemented as a service function where the caller has to
maintain the hash / HMAC state. Apart from this hash/HMAC state, no
additional state is required to be maintained by either the caller or
the KDF implementation.

The key for the KDF is set with the crypto_kdf108_setkey function which
is intended to be invoked before the caller requests a key derivation
operation via crypto_kdf108_ctr_generate.

SP800-108 allows the use of either a HMAC or a hash as crypto primitive
for the KDF. When a HMAC primtive is intended to be used,
crypto_kdf108_setkey must be used to set the HMAC key. Otherwise, for a
hash crypto primitve crypto_kdf108_ctr_generate can be used immediately
after allocating the hash handle.

Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2021-11-26 16:25:17 +11:00

62 lines
2.1 KiB
C

/* SPDX-License-Identifier: GPL-2.0 */
/*
* Copyright (C) 2021, Stephan Mueller <smueller@chronox.de>
*/
#ifndef _CRYPTO_KDF108_H
#define _CRYPTO_KDF108_H
#include <crypto/hash.h>
#include <linux/uio.h>
/**
* Counter KDF generate operation according to SP800-108 section 5.1
* as well as SP800-56A section 5.8.1 (Single-step KDF).
*
* @kmd Keyed message digest whose key was set with crypto_kdf108_setkey or
* unkeyed message digest
* @info optional context and application specific information - this may be
* NULL
* @info_vec number of optional context/application specific information entries
* @dst destination buffer that the caller already allocated
* @dlen length of the destination buffer - the KDF derives that amount of
* bytes.
*
* To comply with SP800-108, the caller must provide Label || 0x00 || Context
* in the info parameter.
*
* @return 0 on success, < 0 on error
*/
int crypto_kdf108_ctr_generate(struct crypto_shash *kmd,
const struct kvec *info, unsigned int info_nvec,
u8 *dst, unsigned int dlen);
/**
* Counter KDF setkey operation
*
* @kmd Keyed message digest allocated by the caller. The key should not have
* been set.
* @key Seed key to be used to initialize the keyed message digest context.
* @keylen This length of the key buffer.
* @ikm The SP800-108 KDF does not support IKM - this parameter must be NULL
* @ikmlen This parameter must be 0.
*
* According to SP800-108 section 7.2, the seed key must be at least as large as
* the message digest size of the used keyed message digest. This limitation
* is enforced by the implementation.
*
* SP800-108 allows the use of either a HMAC or a hash primitive. When
* the caller intends to use a hash primitive, the call to
* crypto_kdf108_setkey is not required and the key derivation operation can
* immediately performed using crypto_kdf108_ctr_generate after allocating
* a handle.
*
* @return 0 on success, < 0 on error
*/
int crypto_kdf108_setkey(struct crypto_shash *kmd,
const u8 *key, size_t keylen,
const u8 *ikm, size_t ikmlen);
#endif /* _CRYPTO_KDF108_H */