linux-crypto.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Reshetova, Elena" <elena.reshetova@intel.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Daniele Alessandrelli <daniele.alessandrelli@linux.intel.com>,
	"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
	"David S. Miller" <davem@davemloft.net>,
	"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
	Rob Herring <robh+dt@kernel.org>,
	"Alessandrelli, Daniele" <daniele.alessandrelli@intel.com>,
	Mark Gross <mgross@linux.intel.com>,
	"Khurana, Prabhjot" <prabhjot.khurana@intel.com>
Subject: RE: [RFC PATCH 0/6] Keem Bay OCS ECC crypto driver
Date: Mon, 4 Jan 2021 14:40:43 +0000	[thread overview]
Message-ID: <CY4PR1101MB23260DF5A317CA05BBA3C2F9E7D20@CY4PR1101MB2326.namprd11.prod.outlook.com> (raw)
In-Reply-To: <20210104113148.GA20575@gondor.apana.org.au>

> On Mon, Jan 04, 2021 at 08:04:15AM +0000, Reshetova, Elena wrote:
> > > 2. The OCS ECC HW does not support the NIST P-192 curve. We were planning to
> > >    add SW fallback for P-192 in the driver, but the Intel Crypto team
> > >    (which, internally, has to approve any code involving cryptography)
> > >    advised against it, because they consider P-192 weak. As a result, the
> > >    driver is not passing crypto self-tests. Is there any possible solution
> > >    to this? Is it reasonable to change the self-tests to only test the
> > >    curves actually supported by the tested driver? (not fully sure how to do
> > >    that).
> >
> > An additional reason against the P-192 SW fallback is the fact that it can
> > potentially trigger unsafe behavior which is not even "visible" to the end user
> > of the ECC functionality. If I request (by my developer mistake) a P-192
> > weaker curve from ECC Keem Bay HW driver, it is much safer to return a
> > "not supported" error that proceed behind my back with a SW code
> > implementation making me believe that I am actually getting a HW-backed up
> > functionality (since I don't think there is a way for me to check that I am using
> > SW fallback).
> 
> Sorry, but if you break the Crypto API requirement then your driver
> isn't getting merged.

But should not we think what behavior would make sense for good crypto drivers in future?
As cryptography moves forward (especially for the post quantum era), we will have
lengths for all existing algorithms increased (in addition to having a bunch of new ones), 
and we surely should not expect the new generation of HW drivers to implement
the old/weaker lengths, so why there the requirement to support them? It is not a
part of crypto API definition on what bit lengths should be supported, because it
cannot be part of API to begin with since it is always changing parameter (algorithms and attacks
develop all the time). 

Best Regards,
Elena.

  reply	other threads:[~2021-01-04 14:41 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-17 17:20 [RFC PATCH 0/6] Keem Bay OCS ECC crypto driver Daniele Alessandrelli
2020-12-17 17:20 ` [RFC PATCH 1/6] crypto: engine - Add KPP Support to Crypto Engine Daniele Alessandrelli
2020-12-17 17:20 ` [RFC PATCH 2/6] crypto: ecc - Move ecc.h to include/crypto/internal Daniele Alessandrelli
2020-12-17 17:20 ` [RFC PATCH 3/6] crypto: ecc - Export additional helper functions Daniele Alessandrelli
2020-12-17 17:20 ` [RFC PATCH 4/6] crypto: ecdh - Add Curve ID for NIST P-384 Daniele Alessandrelli
2020-12-17 17:21 ` [RFC PATCH 5/6] dt-bindings: crypto: Add Keem Bay ECC bindings Daniele Alessandrelli
2020-12-21 22:52   ` Rob Herring
2020-12-17 17:21 ` [RFC PATCH 6/6] crypto: keembay-ocs-ecc - Add Keem Bay OCS ECC Driver Daniele Alessandrelli
2021-01-04  8:04 ` [RFC PATCH 0/6] Keem Bay OCS ECC crypto driver Reshetova, Elena
2021-01-04 11:31   ` Herbert Xu
2021-01-04 14:40     ` Reshetova, Elena [this message]
2021-01-14 10:25       ` Reshetova, Elena
2021-01-14 18:26         ` Ard Biesheuvel
2021-01-18 11:55           ` Reshetova, Elena
2021-01-18 12:09             ` Ard Biesheuvel
2021-01-19 10:47               ` Reshetova, Elena
2021-01-20 19:00               ` Alessandrelli, Daniele
2021-01-21  9:52                 ` Ard Biesheuvel
2021-01-21 16:13                   ` Alessandrelli, Daniele
2021-01-21 20:02                     ` Herbert Xu
2021-01-22 12:07                       ` Alessandrelli, Daniele

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CY4PR1101MB23260DF5A317CA05BBA3C2F9E7D20@CY4PR1101MB2326.namprd11.prod.outlook.com \
    --to=elena.reshetova@intel.com \
    --cc=daniele.alessandrelli@intel.com \
    --cc=daniele.alessandrelli@linux.intel.com \
    --cc=davem@davemloft.net \
    --cc=devicetree@vger.kernel.org \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-crypto@vger.kernel.org \
    --cc=mgross@linux.intel.com \
    --cc=prabhjot.khurana@intel.com \
    --cc=robh+dt@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).