1*026a733eSStephan Müller /* SPDX-License-Identifier: GPL-2.0 */ 2*026a733eSStephan Müller 3*026a733eSStephan Müller /* 4*026a733eSStephan Müller * Copyright (C) 2021, Stephan Mueller <smueller@chronox.de> 5*026a733eSStephan Müller */ 6*026a733eSStephan Müller 7*026a733eSStephan Müller #ifndef _CRYPTO_KDF108_H 8*026a733eSStephan Müller #define _CRYPTO_KDF108_H 9*026a733eSStephan Müller 10*026a733eSStephan Müller #include <crypto/hash.h> 11*026a733eSStephan Müller #include <linux/uio.h> 12*026a733eSStephan Müller 13*026a733eSStephan Müller /** 14*026a733eSStephan Müller * Counter KDF generate operation according to SP800-108 section 5.1 15*026a733eSStephan Müller * as well as SP800-56A section 5.8.1 (Single-step KDF). 16*026a733eSStephan Müller * 17*026a733eSStephan Müller * @kmd Keyed message digest whose key was set with crypto_kdf108_setkey or 18*026a733eSStephan Müller * unkeyed message digest 19*026a733eSStephan Müller * @info optional context and application specific information - this may be 20*026a733eSStephan Müller * NULL 21*026a733eSStephan Müller * @info_vec number of optional context/application specific information entries 22*026a733eSStephan Müller * @dst destination buffer that the caller already allocated 23*026a733eSStephan Müller * @dlen length of the destination buffer - the KDF derives that amount of 24*026a733eSStephan Müller * bytes. 25*026a733eSStephan Müller * 26*026a733eSStephan Müller * To comply with SP800-108, the caller must provide Label || 0x00 || Context 27*026a733eSStephan Müller * in the info parameter. 28*026a733eSStephan Müller * 29*026a733eSStephan Müller * @return 0 on success, < 0 on error 30*026a733eSStephan Müller */ 31*026a733eSStephan Müller int crypto_kdf108_ctr_generate(struct crypto_shash *kmd, 32*026a733eSStephan Müller const struct kvec *info, unsigned int info_nvec, 33*026a733eSStephan Müller u8 *dst, unsigned int dlen); 34*026a733eSStephan Müller 35*026a733eSStephan Müller /** 36*026a733eSStephan Müller * Counter KDF setkey operation 37*026a733eSStephan Müller * 38*026a733eSStephan Müller * @kmd Keyed message digest allocated by the caller. The key should not have 39*026a733eSStephan Müller * been set. 40*026a733eSStephan Müller * @key Seed key to be used to initialize the keyed message digest context. 41*026a733eSStephan Müller * @keylen This length of the key buffer. 42*026a733eSStephan Müller * @ikm The SP800-108 KDF does not support IKM - this parameter must be NULL 43*026a733eSStephan Müller * @ikmlen This parameter must be 0. 44*026a733eSStephan Müller * 45*026a733eSStephan Müller * According to SP800-108 section 7.2, the seed key must be at least as large as 46*026a733eSStephan Müller * the message digest size of the used keyed message digest. This limitation 47*026a733eSStephan Müller * is enforced by the implementation. 48*026a733eSStephan Müller * 49*026a733eSStephan Müller * SP800-108 allows the use of either a HMAC or a hash primitive. When 50*026a733eSStephan Müller * the caller intends to use a hash primitive, the call to 51*026a733eSStephan Müller * crypto_kdf108_setkey is not required and the key derivation operation can 52*026a733eSStephan Müller * immediately performed using crypto_kdf108_ctr_generate after allocating 53*026a733eSStephan Müller * a handle. 54*026a733eSStephan Müller * 55*026a733eSStephan Müller * @return 0 on success, < 0 on error 56*026a733eSStephan Müller */ 57*026a733eSStephan Müller int crypto_kdf108_setkey(struct crypto_shash *kmd, 58*026a733eSStephan Müller const u8 *key, size_t keylen, 59*026a733eSStephan Müller const u8 *ikm, size_t ikmlen); 60*026a733eSStephan Müller 61*026a733eSStephan Müller #endif /* _CRYPTO_KDF108_H */ 62