lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <D2E6AF7C-D037-471A-B230-ABED4357DDB4@holtmann.org>
Date: Wed, 21 Jan 2026 20:19:00 +0100
From: Marcel Holtmann <marcel@...tmann.org>
To: Neeraj Sanjay Kale <neeraj.sanjaykale@....com>
Cc: luiz.dentz@...il.com,
 amitkumar.karwar@....com,
 sherry.sun@....com,
 dmitrii.lebed@....com,
 linux-bluetooth@...r.kernel.org,
 linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2 07/11] Bluetooth: btnxpuart: Add device authentication

Hi Neeraj,

> This implements secure device authentication during TLS 1.3-like
> handshake with ECDSA signature verification.
> 
> The authentication flow:
> - Derive handshake traffic secret from ECDH shared secret
> - Decrypt device hello encrypted section using AES-GCM with traffic secret
> - Extract ECDSA public key from firmware metadata for verification

where is the storage of the private key?

And where are the firmware files? When looking this up I saw that NXP has not updated linux-firmware for a long time. The current driver references firmware files that are not contributed to linux-firmware. That is not ok.

> - Verify device handshake signature to authenticate device identity
> - Validate device finished message using calculated verify data
> - Clear handshake traffic secret after successful authentication
> 
> This ensures only devices with valid private keys can complete the
> handshake.
> 
> Key components added:
> - AES-GCM encrypt/decrypt with traffic secret derived keys
> - ECDSA P-256 signature verification using kernel crypto API
> - X9.62 to P1363 signature format conversion
> - TLS 1.3 finished message verification
> - Secure memory cleanup of cryptographic material

Why not just use HPKE here? Seems a lot simpler than trying to emulate TLS 1.3.

Regards

Marcel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ