On Thu, 2021-01-28 at 21:39 +1100, Herbert Xu wrote: > Once they're distinct algorithms, we can then make sure that only > the ones that are used in the kernel is added, even if some hardware > may support more curves.
I like the idea of having different algorithms names (ecdh-nist- pXXX) for different curves, but I'm not fully convinced by the above statement. What's the downside of letting device drivers enable all the curves supported by the HW (with the exception of obsolete curves / algorithms), even if there is (currently) no user of such curves in the kernel? Code size and maintainability? I think that once there is support for certain curves, it's more likely that drivers / modules using them will appear. Also, even if there are no in-tree users, there might be a few out-of- tree ones.