lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190430082728.GE8245@kroah.com>
Date:   Tue, 30 Apr 2019 10:27:28 +0200
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Marek Behun <marek.behun@....cz>
Cc:     Tejun Heo <tj@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: sysfs attrs for HW ECDSA signature

On Mon, Apr 29, 2019 at 11:47:52PM +0200, Marek Behun wrote:
> Hi Greg and Tejun,
> 
> is it acceptable for a driver to expose sysfs attr files for ECDSA
> signature generation?

What is "ECDSA signature generation"?  Is it a crypto thing?  If so, why
not use the crypto api?  If not, what exactly is it?

> The thing is that
>   1. AFAIK there isn't another API for userspace to do this.
>      There were attempts in 2015 to expose akcipher via netlink to
>      userspace, but the patchseries were not accepted.

Pointers to that patchset?  Why was it not accepted?

>   2. even if it was possible, that specific device for which I am
>      writing this driver does not provide the ability to set the
>      private key to sign with - the private key is just burned during
>      manufacturing and cannot be read, only signed with.

Why does this matter?

> The current version of my driver exposes do_sign file in
> /sys/firmware/turris_mox directory.
> 
> Userspace should write message to sign and then can read the signature
> from this do_sign file.

How big are messages and signatures?  Why does this have to be a sysfs
api?

> According to the one attr = one file principle, it would be better to
> have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
> (read-only).
> Would this be acceptable in the kernel for this driver?

Why not use the crypto api, and if that doesn't work, why not just a
char device to read/write?

> I have also another question, if you would not mind:
> 
> This driver is dependant on a mailbox driver I have also written
> ("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
> received any review for this driver from the mailbox subsystem
> maintainer, and I have already sent three versions (on 12/17/2018,
> 03/01/2019 and 03/15/2019).
> What should I do in this case?

Poke the maintainer again :)

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ