Linux Kernel CryptoAPI key exchange and key derivation

Ham

6/19/24, 6:37 PM

I have a custom network and I want to implement a symmetric key exchange and key derivation mechanism with ECDH.

I know that I need to use KPP API and ECDH helper functions, but I can't find any code examples in Github or elsewhere (kernel documentation is a bit confusing for me, I'm new to this), so I started to think that it's not practical to use ECDH.

If it's not practical, what other algorithms should I research and use?

And if I'm wrong, and using ECDH is practical, where can I find some code examples (it would be great if you provide some links)?

0 + 4

key-derivation

key-exchange

symmetric

DannyNiu

6/20/24, 8:47 AM

Does what you want boils down to "a set of C code for performing ECDH and KDF in Linux kernel"?

Ham

6/20/24, 9:56 AM

@DannyNiu My first question was if it's practical to use ECDH in kernel programming or it's not, because as I said I didn't find any usage example in github. And if it's practical, I'll be glad if you share with me some examples (if you have some)

DannyNiu

6/20/24, 11:59 AM

It's definitely practical, the only problem is its over-complicated generalization of key-agreement API. You can of course depend on external dependency for cryptography - in fact, I've made an entirely [free-standing C library](https://github.com/dannyniu/MySuiteA) that can be used in the kernel. Using 3rd party libraries like mine have the advantage of avoiding relying kernel APIs that can change from version to version, but again, a disadvantage would be relying on mine that could also change.

DannyNiu

6/20/24, 12:08 PM

I think VPN softwares needs to use those KPIs, you can check out OpenVPN, StrongSWAN, and alike.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Linux Kernel CryptoAPI key exchange and key derivation

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.