From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Marek Behun <marek.behun@nic.cz>
Cc: Tejun Heo <tj@kernel.org>, linux-kernel@vger.kernel.org
Subject: Re: sysfs attrs for HW ECDSA signature
Date: Tue, 30 Apr 2019 10:27:28 +0200 [thread overview]
Message-ID: <20190430082728.GE8245@kroah.com> (raw)
In-Reply-To: <20190429234752.171b4f2b@nic.cz>
On Mon, Apr 29, 2019 at 11:47:52PM +0200, Marek Behun wrote:
> Hi Greg and Tejun,
>
> is it acceptable for a driver to expose sysfs attr files for ECDSA
> signature generation?
What is "ECDSA signature generation"? Is it a crypto thing? If so, why
not use the crypto api? If not, what exactly is it?
> The thing is that
> 1. AFAIK there isn't another API for userspace to do this.
> There were attempts in 2015 to expose akcipher via netlink to
> userspace, but the patchseries were not accepted.
Pointers to that patchset? Why was it not accepted?
> 2. even if it was possible, that specific device for which I am
> writing this driver does not provide the ability to set the
> private key to sign with - the private key is just burned during
> manufacturing and cannot be read, only signed with.
Why does this matter?
> The current version of my driver exposes do_sign file in
> /sys/firmware/turris_mox directory.
>
> Userspace should write message to sign and then can read the signature
> from this do_sign file.
How big are messages and signatures? Why does this have to be a sysfs
api?
> According to the one attr = one file principle, it would be better to
> have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
> (read-only).
> Would this be acceptable in the kernel for this driver?
Why not use the crypto api, and if that doesn't work, why not just a
char device to read/write?
> I have also another question, if you would not mind:
>
> This driver is dependant on a mailbox driver I have also written
> ("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
> received any review for this driver from the mailbox subsystem
> maintainer, and I have already sent three versions (on 12/17/2018,
> 03/01/2019 and 03/15/2019).
> What should I do in this case?
Poke the maintainer again :)
thanks,
greg k-h
next prev parent reply other threads:[~2019-04-30 8:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-29 21:47 sysfs attrs for HW ECDSA signature Marek Behun
2019-04-30 8:27 ` Greg Kroah-Hartman [this message]
2019-04-30 9:23 ` Marek Behun
2019-04-30 10:06 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190430082728.GE8245@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=marek.behun@nic.cz \
--cc=tj@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.