Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
Am Donnerstag, 17. Dezember 2020, 04:07:30 CET schrieb yumeng: Hi yumeng, > > I see in "SEC 2: Recommended Elliptic Curve Domain ParametersVersion2.0" > that 'Recommend Elliptic Curve Domain Parameters over Fp' are secp192, > secp224, secp256, secp384, and secp521, secp128 and secp320 are not > recommended. > So you mean it's better not to include secp128 and secp320, right? Precisely because I do not see the use case in the kernel. > > Thanks, Ciao Stephan
Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
在 2020/12/17 4:10, Stephan Mueller 写道: Am Mittwoch, dem 16.12.2020 um 10:39 +0800 schrieb yumeng: Am Freitag, den 11.12.2020, 14:30 +0800 schrieb Meng Yu: +/* size in bytes of the n prime */ +#define HPRE_ECC_NIST_P128_N_SIZE 16 Do we truly need P-128? Besides, I do not see that curve being defined in contemporary cipher specs. +#define HPRE_ECC_NIST_P192_N_SIZE 24 +#define HPRE_ECC_NIST_P224_N_SIZE 28 +#define HPRE_ECC_NIST_P256_N_SIZE 32 +#define HPRE_ECC_NIST_P320_N_SIZE 40 Do we truly need P-320? Besides, I do not see that curve being defined in contemporary cipher specs. Yes, in rfc 5903, only P-256, P-384 and P-521 is defined, but in 'rfc5639' and "SEC 2: Recommended Elliptic Curve Domain Parameters", other curves like P-128, P-192, P-224, and P-320 curve parameters are found, and they are used in 'openssl'; How about your idea? Who is going to use that curve considering that common protocols that are implemented in the kernel do not use it? Thanks Stephan I see in "SEC 2: Recommended Elliptic Curve Domain ParametersVersion2.0" that 'Recommend Elliptic Curve Domain Parameters over Fp' are secp192, secp224, secp256, secp384, and secp521, secp128 and secp320 are not recommended. So you mean it's better not to include secp128 and secp320, right? Thanks,
Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
Am Mittwoch, dem 16.12.2020 um 10:39 +0800 schrieb yumeng: > > > > > Am Freitag, den 11.12.2020, 14:30 +0800 schrieb Meng Yu: > > > > > > +/* size in bytes of the n prime */ > > > +#define HPRE_ECC_NIST_P128_N_SIZE 16 > > > > Do we truly need P-128? Besides, I do not see that curve being defined in > > contemporary cipher specs. > > > > > +#define HPRE_ECC_NIST_P192_N_SIZE 24 > > > +#define HPRE_ECC_NIST_P224_N_SIZE 28 > > > +#define HPRE_ECC_NIST_P256_N_SIZE 32 > > > +#define HPRE_ECC_NIST_P320_N_SIZE 40 > > > > Do we truly need P-320? Besides, I do not see that curve being defined in > > contemporary cipher specs. > > Yes, in rfc 5903, only P-256, P-384 and P-521 is defined, but in > 'rfc5639' and "SEC 2: Recommended Elliptic Curve Domain Parameters", > other curves like P-128, P-192, P-224, and P-320 curve parameters are > found, and they are used in 'openssl'; > How about your idea? Who is going to use that curve considering that common protocols that are implemented in the kernel do not use it? Thanks Stephan
Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
Am Freitag, den 11.12.2020, 14:30 +0800 schrieb Meng Yu: +/* size in bytes of the n prime */ +#define HPRE_ECC_NIST_P128_N_SIZE 16 Do we truly need P-128? Besides, I do not see that curve being defined in contemporary cipher specs. +#define HPRE_ECC_NIST_P192_N_SIZE 24 +#define HPRE_ECC_NIST_P224_N_SIZE 28 +#define HPRE_ECC_NIST_P256_N_SIZE 32 +#define HPRE_ECC_NIST_P320_N_SIZE 40 Do we truly need P-320? Besides, I do not see that curve being defined in contemporary cipher specs. Yes, in rfc 5903, only P-256, P-384 and P-521 is defined, but in 'rfc5639' and "SEC 2: Recommended Elliptic Curve Domain Parameters", other curves like P-128, P-192, P-224, and P-320 curve parameters are found, and they are used in 'openssl'; How about your idea? Thanks, +#define HPRE_ECC_NIST_P384_N_SIZE 48 +#define HPRE_ECC_NIST_P521_N_SIZE 66 + +/* size in bytes */ +#define HPRE_ECC_HW256_KSZ_B 32 +#define HPRE_ECC_HW384_KSZ_B 48 +#define HPRE_ECC_HW576_KSZ_B 72 + +#define HPRE_ECDH_MAX_SZ HPRE_ECC_HW576_KSZ_B] Ciao Stephan .
Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
Am Freitag, den 11.12.2020, 14:30 +0800 schrieb Meng Yu: > > +/* size in bytes of the n prime */ > +#define HPRE_ECC_NIST_P128_N_SIZE 16 Do we truly need P-128? Besides, I do not see that curve being defined in contemporary cipher specs. > +#define HPRE_ECC_NIST_P192_N_SIZE 24 > +#define HPRE_ECC_NIST_P224_N_SIZE 28 > +#define HPRE_ECC_NIST_P256_N_SIZE 32 > +#define HPRE_ECC_NIST_P320_N_SIZE 40 Do we truly need P-320? Besides, I do not see that curve being defined in contemporary cipher specs. > +#define HPRE_ECC_NIST_P384_N_SIZE 48 > +#define HPRE_ECC_NIST_P521_N_SIZE 66 > + > +/* size in bytes */ > +#define HPRE_ECC_HW256_KSZ_B 32 > +#define HPRE_ECC_HW384_KSZ_B 48 > +#define HPRE_ECC_HW576_KSZ_B 72 > + > +#define HPRE_ECDH_MAX_SZ HPRE_ECC_HW576_KSZ_B] Ciao Stephan
[PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm
1. Add some new 'ECDH' curve parameter definitions to 'include/crypto/ecc_curve_defs.h', and reorder ECC 'Curves IDs' in 'include/crypto/ecdh.h'; 2. Enable 'ECDH' algorithm in Kunpeng 930. Signed-off-by: Meng Yu Reviewed-by: Zaibo Xu --- crypto/ecc.c| 4 +- crypto/testmgr.h| 12 +- drivers/crypto/hisilicon/hpre/hpre.h| 2 +- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 510 +++- drivers/crypto/hisilicon/hpre/hpre_main.c | 1 + include/crypto/ecc_curve_defs.h | 198 +-- include/crypto/ecdh.h | 9 +- 7 files changed, 698 insertions(+), 38 deletions(-) diff --git a/crypto/ecc.c b/crypto/ecc.c index f23efdd..6adcae2 100644 --- a/crypto/ecc.c +++ b/crypto/ecc.c @@ -46,9 +46,9 @@ static inline const struct ecc_curve *ecc_get_curve(unsigned int curve_id) switch (curve_id) { /* In FIPS mode only allow P256 and higher */ case ECC_CURVE_NIST_P192: - return fips_enabled ? NULL : _p192; + return fips_enabled ? NULL : _curve_list[ECC_CURVE_NIST_P192 - 1]; case ECC_CURVE_NIST_P256: - return _p256; + return _curve_list[ECC_CURVE_NIST_P256 - 1]; default: return NULL; } diff --git a/crypto/testmgr.h b/crypto/testmgr.h index 8c83811..371692e 100644 --- a/crypto/testmgr.h +++ b/crypto/testmgr.h @@ -2268,12 +2268,12 @@ static const struct kpp_testvec ecdh_tv_template[] = { #ifdef __LITTLE_ENDIAN "\x02\x00" /* type */ "\x20\x00" /* len */ - "\x01\x00" /* curve_id */ + "\x02\x00" /* curve_id */ "\x18\x00" /* key_size */ #else "\x00\x02" /* type */ "\x00\x20" /* len */ - "\x00\x01" /* curve_id */ + "\x00\x02" /* curve_id */ "\x00\x18" /* key_size */ #endif "\xb5\x05\xb1\x71\x1e\xbf\x8c\xda" @@ -2307,12 +2307,12 @@ static const struct kpp_testvec ecdh_tv_template[] = { #ifdef __LITTLE_ENDIAN "\x02\x00" /* type */ "\x28\x00" /* len */ - "\x02\x00" /* curve_id */ + "\x04\x00" /* curve_id */ "\x20\x00" /* key_size */ #else "\x00\x02" /* type */ "\x00\x28" /* len */ - "\x00\x02" /* curve_id */ + "\x00\x04" /* curve_id */ "\x00\x20" /* key_size */ #endif "\x24\xd1\x21\xeb\xe5\xcf\x2d\x83" @@ -2351,12 +2351,12 @@ static const struct kpp_testvec ecdh_tv_template[] = { #ifdef __LITTLE_ENDIAN "\x02\x00" /* type */ "\x08\x00" /* len */ - "\x02\x00" /* curve_id */ + "\x04\x00" /* curve_id */ "\x00\x00", /* key_size */ #else "\x00\x02" /* type */ "\x00\x08" /* len */ - "\x00\x02" /* curve_id */ + "\x00\x04" /* curve_id */ "\x00\x00", /* key_size */ #endif .b_secret = diff --git a/drivers/crypto/hisilicon/hpre/hpre.h b/drivers/crypto/hisilicon/hpre/hpre.h index 02193e1..50e6b2e 100644 --- a/drivers/crypto/hisilicon/hpre/hpre.h +++ b/drivers/crypto/hisilicon/hpre/hpre.h @@ -83,6 +83,7 @@ enum hpre_alg_type { HPRE_ALG_KG_CRT = 0x3, HPRE_ALG_DH_G2 = 0x4, HPRE_ALG_DH = 0x5, + HPRE_ALG_ECC_MUL = 0xD, }; struct hpre_sqe { @@ -104,5 +105,4 @@ struct hisi_qp *hpre_create_qp(u8 type); int hpre_algs_register(struct hisi_qm *qm); void hpre_algs_unregister(struct hisi_qm *qm); - #endif diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c index 712bea9..58f847b 100644 --- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c +++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c @@ -2,6 +2,8 @@ /* Copyright (c) 2019 HiSilicon Limited. */ #include #include +#include +#include #include #include #include @@ -36,6 +38,22 @@ struct hpre_ctx; #define HPRE_DFX_SEC_TO_US 100 #define HPRE_DFX_US_TO_NS 1000 +/* size in bytes of the n prime */ +#define HPRE_ECC_NIST_P128_N_SIZE 16 +#define HPRE_ECC_NIST_P192_N_SIZE 24 +#define HPRE_ECC_NIST_P224_N_SIZE 28 +#define HPRE_ECC_NIST_P256_N_SIZE 32 +#define HPRE_ECC_NIST_P320_N_SIZE 40 +#define HPRE_ECC_NIST_P384_N_SIZE 48 +#define HPRE_ECC_NIST_P521_N_SIZE 66 + +/* size in bytes */ +#define HPRE_ECC_HW256_KSZ_B 32 +#define HPRE_ECC_HW384_KSZ_B 48 +#define HPRE_ECC_HW576_KSZ_B 72 + +#define HPRE_ECDH_MAX_SZ HPRE_ECC_HW576_KSZ_B + typedef void (*hpre_cb)(struct hpre_ctx *ctx, void *sqe); struct hpre_rsa_ctx { @@ -61,14 +79,25 @@ struct hpre_dh_ctx { * else if base if the counterpart public key we * compute the shared secret * ZZ = yb^xa mod p; [RFC2631 sec 2.1.1] +* low address: d--->n, please refer to Hisilicon HPRE UM */ - char *xa_p; /* low address: d--->n, please refer to Hisilicon HPRE UM */ + char *xa_p; dma_addr_t dma_xa_p; char *g; /* m */ dma_addr_t