| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 29 Apr 2019 23:47:52 +0200
From: Marek Behun <marek.behun@....cz>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org
Subject: sysfs attrs for HW ECDSA signature
Hi Greg and Tejun,
is it acceptable for a driver to expose sysfs attr files for ECDSA
signature generation?
The thing is that
1. AFAIK there isn't another API for userspace to do this.
There were attempts in 2015 to expose akcipher via netlink to
userspace, but the patchseries were not accepted.
2. even if it was possible, that specific device for which I am
writing this driver does not provide the ability to set the
private key to sign with - the private key is just burned during
manufacturing and cannot be read, only signed with.
The current version of my driver exposes do_sign file in
/sys/firmware/turris_mox directory.
Userspace should write message to sign and then can read the signature
from this do_sign file.
According to the one attr = one file principle, it would be better to
have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
(read-only).
Would this be acceptable in the kernel for this driver?
I have also another question, if you would not mind:
This driver is dependant on a mailbox driver I have also written
("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
received any review for this driver from the mailbox subsystem
maintainer, and I have already sent three versions (on 12/17/2018,
03/01/2019 and 03/15/2019).
What should I do in this case?
Thank you.
Marek
Powered by blists - more mailing lists