> 2. The OCS ECC HW does not support the NIST P-192 curve. We were planning to > add SW fallback for P-192 in the driver, but the Intel Crypto team > (which, internally, has to approve any code involving cryptography) > advised against it, because they consider P-192 weak. As a result, the > driver is not passing crypto self-tests. Is there any possible solution > to this? Is it reasonable to change the self-tests to only test the > curves actually supported by the tested driver? (not fully sure how to do > that).
An additional reason against the P-192 SW fallback is the fact that it can potentially trigger unsafe behavior which is not even "visible" to the end user of the ECC functionality. If I request (by my developer mistake) a P-192 weaker curve from ECC Keem Bay HW driver, it is much safer to return a "not supported" error that proceed behind my back with a SW code implementation making me believe that I am actually getting a HW-backed up functionality (since I don't think there is a way for me to check that I am using SW fallback). Best Regards, Elena