From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Marek Behun <marek.behun@nic.cz>
Cc: Tejun Heo <tj@kernel.org>, linux-kernel@vger.kernel.org
Subject: Re: sysfs attrs for HW ECDSA signature
Date: Tue, 30 Apr 2019 10:27:28 +0200 [thread overview]
Message-ID: <20190430082728.GE8245@kroah.com> (raw)
In-Reply-To: <20190429234752.171b4f2b@nic.cz>
On Mon, Apr 29, 2019 at 11:47:52PM +0200, Marek Behun wrote:
> Hi Greg and Tejun,
>
> is it acceptable for a driver to expose sysfs attr files for ECDSA
> signature generation?
What is "ECDSA signature generation"? Is it a crypto thing? If so, why
not use the crypto api? If not, what exactly is it?
> The thing is that
> 1. AFAIK there isn't another API for userspace to do this.
> There were attempts in 2015 to expose akcipher via netlink to
> userspace, but the patchseries were not accepted.
Pointers to that patchset? Why was it not accepted?
> 2. even if it was possible, that specific device for which I am
> writing this driver does not provide the ability to set the
> private key to sign with - the private key is just burned during
> manufacturing and cannot be read, only signed with.
Why does this matter?
> The current version of my driver exposes do_sign file in
> /sys/firmware/turris_mox directory.
>
> Userspace should write message to sign and then can read the signature
> from this do_sign file.
How big are messages and signatures? Why does this have to be a sysfs
api?
> According to the one attr = one file principle, it would be better to
> have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
> (read-only).
> Would this be acceptable in the kernel for this driver?
Why not use the crypto api, and if that doesn't work, why not just a
char device to read/write?
> I have also another question, if you would not mind:
>
> This driver is dependant on a mailbox driver I have also written
> ("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
> received any review for this driver from the mailbox subsystem
> maintainer, and I have already sent three versions (on 12/17/2018,
> 03/01/2019 and 03/15/2019).
> What should I do in this case?
Poke the maintainer again :)
thanks,
greg k-h
next prev parent reply other threads:[~2019-04-30 8:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-29 21:47 sysfs attrs for HW ECDSA signature Marek Behun
2019-04-30 8:27 ` Greg Kroah-Hartman [this message]
2019-04-30 9:23 ` Marek Behun
2019-04-30 10:06 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190430082728.GE8245@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marek.behun@nic.cz \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).