- HKDF is fine, but I believe that the approach taken in this patch is also fine. This approach has the benefit of being easier to implement / understand.
- This patch uses AES-128-CBC already. It uses SHA-384 per NIST's recommendation on key derivation. This is needed to produce 3 128 bit keys.
- I'm a little confused on your concerns about returning the cache key. Reusing the IV for a different purpose seems like a bad idea.
Some responses to Simo:
- HKDF is fine, but I believe that the approach taken in this patch is also fine. This approach has the benefit of being easier to implement / understand.
- This patch uses AES-128-CBC already. It uses SHA-384 per NIST's recommendation on key derivation. This is needed to produce 3 128 bit keys.
- I'm a little confused on your concerns about returning the cache key. Reusing the IV for a different purpose seems like a bad idea.