summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorStephan Mueller <smueller@chronox.de>2016-05-26 23:38:12 +0200
committerJames Morris <james.l.morris@oracle.com>2016-06-03 16:14:34 +1000
commit4693fc734d675c5518ea9bd4c9623db45bc37402 (patch)
tree54dcf2388f5868c5d5a8ab4faf3b64a8e2fa4f79 /Documentation
parent4340fa55298d17049e71c7a34e04647379c269f3 (diff)
downloadlinux-4693fc734d675c5518ea9bd4c9623db45bc37402.tar.bz2
KEYS: Add placeholder for KDF usage with DH
The values computed during Diffie-Hellman key exchange are often used in combination with key derivation functions to create cryptographic keys. Add a placeholder for a later implementation to configure a key derivation function that will transform the Diffie-Hellman result returned by the KEYCTL_DH_COMPUTE command. [This patch was stripped down from a patch produced by Mat Martineau that had a bug in the compat code - so for the moment Stephan's patch simply requires that the placeholder argument must be NULL] Original-signed-off-by: Mat Martineau <mathew.j.martineau@linux.intel.com> Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/security/keys.txt5
1 files changed, 4 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index 20d05719bceb..3849814bfe6d 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -826,7 +826,8 @@ The keyctl syscall functions are:
(*) Compute a Diffie-Hellman shared secret or public key
long keyctl(KEYCTL_DH_COMPUTE, struct keyctl_dh_params *params,
- char *buffer, size_t buflen);
+ char *buffer, size_t buflen,
+ void *reserved);
The params struct contains serial numbers for three keys:
@@ -843,6 +844,8 @@ The keyctl syscall functions are:
public key. If the base is the remote public key, the result is
the shared secret.
+ The reserved argument must be set to NULL.
+
The buffer length must be at least the length of the prime, or zero.
If the buffer length is nonzero, the length of the result is