On Tue, Feb 06, 2024 at 01:16:04PM +0800, Herbert Xu wrote:
> On Mon, Feb 05, 2024 at 02:29:26PM +0000, Cabiddu, Giovanni wrote:
> >
> > Thanks for the bug report.
> > I'm looking at it. It appears that even if I have
> > CONFIG_CRYPTO_DH_RFC7919_GROUPS=y, ffdhe is not getting registered.
> > I'm trying to understand what's going wrong.
> >
> > BTW, do you have more details, like platform and kernel version?
>
> This algorithm requires instantiation, so try:
>
> modprobe tcrypt alg="ffdhe6144(dh)" type=8 mode=0 mask=15
Thanks Herbert. I can reproduce the issue.
6144-bit DH is not supported by QAT. The error code -22 (-EINVAL) is
returned by qat_dh_check_params_length() when validating the modulus
size [1].
The same is applicable to 8192-DH.
I believe the only option I have is to fallback to SW.
BTW, since ffdhe requires instantiation, I think we should extend the dh
test vectors so that they can find these issues with unsupported key
sizes. We can make those tests optional to
CONFIG_CRYPTO_MANAGER_EXTRA_TESTS.
What do you think?
[1] https://elixir.bootlin.com/linux/v6.8-rc3/source/drivers/crypto/intel/qat/qat_common/qat_asym_algs.c#L384
Thanks,
--
Giovanni