Re: sysfs attrs for HW ECDSA signature

[Greg Kroah-Hartman]

On Mon, Apr 29, 2019 at 11:47:52PM +0200, Marek Behun wrote:
> Hi Greg and Tejun,
> 
> is it acceptable for a driver to expose sysfs attr files for ECDSA
> signature generation?

What is "ECDSA signature generation"?  Is it a crypto thing?  If so, why
not use the crypto api?  If not, what exactly is it?

> The thing is that
>   1. AFAIK there isn't another API for userspace to do this.
>      There were attempts in 2015 to expose akcipher via netlink to
>      userspace, but the patchseries were not accepted.

Pointers to that patchset?  Why was it not accepted?

>   2. even if it was possible, that specific device for which I am
>      writing this driver does not provide the ability to set the
>      private key to sign with - the private key is just burned during
>      manufacturing and cannot be read, only signed with.

Why does this matter?

> The current version of my driver exposes do_sign file in
> /sys/firmware/turris_mox directory.
> 
> Userspace should write message to sign and then can read the signature
> from this do_sign file.

How big are messages and signatures?  Why does this have to be a sysfs
api?

> According to the one attr = one file principle, it would be better to
> have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
> (read-only).
> Would this be acceptable in the kernel for this driver?

Why not use the crypto api, and if that doesn't work, why not just a
char device to read/write?

> I have also another question, if you would not mind:
> 
> This driver is dependant on a mailbox driver I have also written
> ("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
> received any review for this driver from the mailbox subsystem
> maintainer, and I have already sent three versions (on 12/17/2018,
> 03/01/2019 and 03/15/2019).
> What should I do in this case?

Poke the maintainer again :)

thanks,

greg k-h