lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190429234752.171b4f2b@nic.cz>
Date:   Mon, 29 Apr 2019 23:47:52 +0200
From:   Marek Behun <marek.behun@....cz>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org
Subject: sysfs attrs for HW ECDSA signature

Hi Greg and Tejun,

is it acceptable for a driver to expose sysfs attr files for ECDSA
signature generation?

The thing is that
  1. AFAIK there isn't another API for userspace to do this.
     There were attempts in 2015 to expose akcipher via netlink to
     userspace, but the patchseries were not accepted.
  2. even if it was possible, that specific device for which I am
     writing this driver does not provide the ability to set the
     private key to sign with - the private key is just burned during
     manufacturing and cannot be read, only signed with.

The current version of my driver exposes do_sign file in
/sys/firmware/turris_mox directory.

Userspace should write message to sign and then can read the signature
from this do_sign file.

According to the one attr = one file principle, it would be better to
have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
(read-only).
Would this be acceptable in the kernel for this driver?

I have also another question, if you would not mind:

This driver is dependant on a mailbox driver I have also written
("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
received any review for this driver from the mailbox subsystem
maintainer, and I have already sent three versions (on 12/17/2018,
03/01/2019 and 03/15/2019).
What should I do in this case?

Thank you.

Marek

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ