lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 8 Feb 2021 09:35:41 +0300
From:   Vitaly Chikunov <>
To:     Herbert Xu <>
Cc:     Stefan Berger <>,
        Ard Biesheuvel <>,
        Meng Yu <>,
        "David S. Miller" <>,
        Linux Crypto Mailing List <>,
        Zaibo Xu <>,,
        Linux Kernel Mailing List <>,
        Daniele Alessandrelli <>,
        Mark Gross <>,
        "Khurana, Prabhjot" <>,
        "Reshetova, Elena" <>,
        Patrick Uiterwijk <>
Subject: Re: [PATCH v7 4/7] crypto: add ecc curve and expose them


On Fri, Jan 29, 2021 at 02:00:04PM +1100, Herbert Xu wrote:
> On Thu, Jan 28, 2021 at 09:49:41PM -0500, Stefan Berger wrote:
> >
> > In my patch series I initially had registered the akciphers under the names
> > ecc-nist-p192 and ecc-nist-p256 but now, in V4, joined them together as
> > 'ecdsa'. This may be too generic for a name. Maybe it should be called
> > ecsda-nist for the NIST family.
> What I'm proposing is specifying the curve in the name as well, i.e.,
> ecdsa-nist-p192 instead of just ecdsa or ecdsa-nist.
> This simplifies the task of handling hardware that only supports a
> subset of curves.

So, if some implementation supports multiple curves (like EC-RDSA
currently supports 5 curves), it should add 5 ecrdsa-{a,b,c,..}
algorithms with actually the same top level implementation?

> There is a parallel discussion of exactly what curves we should
> support in the kernel.  Personally if there is a user in the kernel
> for it then I'm happy to see it added.  In your specific case, as
> long as your use of the algorithm in x509 is accepted then I don't
> have any problems with adding support in the Crypto API.
> Cheers,
> -- 
> Email: Herbert Xu <>
> Home Page:
> PGP Key:

Powered by blists - more mailing lists