Hi,
I'm posting this patch series as RFC since there are a few open points on
which I'd like to have the opinion of the crypto maintainers and the rest of
kernel community.
The patch series adds the Intel Keem Bay OCS ECC crypto driver, which
enables hardware-accelerated ECDH on the Intel Keem Bay SoC.
The open points are the followings:
1. The OCS ECC HW supports the NIST P-384 curve, which, however, is not
supported by Linux ECDH software implementation ('crypto/ecdh.c').
Support for P-384 is added to the driver anyway by reserving a curve id
for P-384 in 'include/crypto/ecdh.h' and defining the cure parameters in
'drivers/crypto/keembay/ocs-ecc-curve-defs.h'. Is this reasonable?
2. The OCS ECC HW does not support the NIST P-192 curve. We were planning to
add SW fallback for P-192 in the driver, but the Intel Crypto team
(which, internally, has to approve any code involving cryptography)
advised against it, because they consider P-192 weak. As a result, the
driver is not passing crypto self-tests. Is there any possible solution
to this? Is it reasonable to change the self-tests to only test the
curves actually supported by the tested driver? (not fully sure how to do
that).
3. Another request from our crypto team was to make private key generation
optional in the driver, since they advice against automatic key
generation. As a result, the driver passes the P-256 self test only when
CONFIG_CRYPTO_DEV_KEEMBAY_OCS_ECDH_GEN_PRIV_KEY_SUPPORT=y. Is that
acceptable?
Daniele Alessandrelli (2):
crypto: ecc - Move ecc.h to include/crypto/internal
crypto: ecc - Export additional helper functions
Prabhjot Khurana (4):
crypto: engine - Add KPP Support to Crypto Engine
crypto: ecdh - Add Curve ID for NIST P-384
dt-bindings: crypto: Add Keem Bay ECC bindings
crypto: keembay-ocs-ecc - Add Keem Bay OCS ECC Driver
Documentation/crypto/crypto_engine.rst | 4 +
.../crypto/intel,keembay-ocs-ecc.yaml | 47 +
MAINTAINERS | 11 +
crypto/crypto_engine.c | 27 +
crypto/ecc.c | 18 +-
crypto/ecdh.c | 2 +-
crypto/ecrdsa.c | 2 +-
crypto/ecrdsa_defs.h | 2 +-
drivers/crypto/keembay/Kconfig | 31 +
drivers/crypto/keembay/Makefile | 2 +
drivers/crypto/keembay/keembay-ocs-ecc.c | 1003 +++++++++++++++++
drivers/crypto/keembay/ocs-ecc-curve-defs.h | 68 ++
include/crypto/ecdh.h | 1 +
include/crypto/engine.h | 5 +
{crypto => include/crypto/internal}/ecc.h | 44 +
15 files changed, 1257 insertions(+), 10 deletions(-)
create mode 100644
Documentation/devicetree/bindings/crypto/intel,keembay-ocs-ecc.yaml
create mode 100644 drivers/crypto/keembay/keembay-ocs-ecc.c
create mode 100644 drivers/crypto/keembay/ocs-ecc-curve-defs.h
rename {crypto => include/crypto/internal}/ecc.h (87%)
base-commit: 90cc8cf2d1ab87d708ebc311ac104ccbbefad9fc
--
2.26.2
