Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API

[PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
Re: [PATCH v2 6/7] fs: use HKDF implementation from kernel crypto API · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
[PATCH v2 5/7] security: DH - use KDF implementation from crypto API · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 1/7] crypto: Add key derivation self-test support code · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 2/7] crypto: add SP800-108 counter key derivation function · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 3/7] crypto: add RFC5869 HKDF · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 3/7] crypto: add RFC5869 HKDF · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
[PATCH v2 4/7] security: DH - remove dead code for zero padding · Stephan Müller <hidden> · 2021-01-24
[PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 7/7] fs: HKDF - remove duplicate memory clearing · Eric Biggers <ebiggers@kernel.org> · 2021-01-28
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Ard Biesheuvel <ardb@kernel.org> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Ard Biesheuvel <ardb@kernel.org> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24
Re: [PATCH v2 0/7] Add KDF implementations to crypto API · Stephan Müller <hidden> · 2021-01-24

From: Eric Biggers <ebiggers@kernel.org>
Date: 2021-01-28 20:20:02
Also in: keyrings, linux-fscrypt, lkml

On Sun, Jan 24, 2021 at 03:04:31PM +0100, Stephan Müller wrote:

quoted hunk ↗ jump to hunk

@@ -74,16 +57,14 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
 		return PTR_ERR(hmac_tfm);
 	}
 
-	if (WARN_ON(crypto_shash_digestsize(hmac_tfm) != sizeof(prk))) {
+	if (WARN_ON(crypto_shash_digestsize(hmac_tfm) != HKDF_HASHLEN)) {
 		err = -EINVAL;
 		goto err_free_tfm;
 	}
 
-	err = hkdf_extract(hmac_tfm, master_key, master_key_size, prk);
-	if (err)
-		goto err_free_tfm;
-
-	err = crypto_shash_setkey(hmac_tfm, prk, sizeof(prk));
+	/* HKDF-Extract (RFC 5869 section 2.2), unsalted */
+	err = crypto_hkdf_extract(hmac_tfm, NULL, 0,
+				  master_key, master_key_size);
 	if (err)
 		goto err_free_tfm;
 
@@ -93,7 +74,6 @@ int fscrypt_init_hkdf(struct fscrypt_hkdf *hkdf, const u8 *master_key,
 err_free_tfm:
 	crypto_free_shash(hmac_tfm);
 out:
-	memzero_explicit(prk, sizeof(prk));
 	return err;
 }

The 'out' label isn't needed anymore.  'goto out' should be replaced with
'return 0'.

- Eric

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help