On Wed, May 08, 2024 at 12:31:16PM +0200, Marek Behún wrote:
> Add support for digital message signing with private key stored in the
> MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> when manufactured. The private key is not readable from the MCU, but
> MCU allows for signing messages with it and retrieving the public key.
>
> As described in a similar commit 50524d787de3 ("firmware:
> turris-mox-rwtm: support ECDSA signatures via debugfs"):
> The optimal solution would be to register an akcipher provider via
> kernel's crypto API, but crypto API does not yet support accessing
> akcipher API from userspace (and probably won't for some time, see
> https://www.spinics.net/lists/linux-crypto/msg38388.html).
>
> Therefore we add support for accessing this signature generation
> mechanism via debugfs for now, so that userspace can access it.
...
> +static irqreturn_t omnia_msg_signed_irq_handler(int irq, void *dev_id)
> +{
> + u8 reply[1 + OMNIA_MCU_CRYPTO_SIGNATURE_LEN];
> + struct omnia_mcu *mcu = dev_id;
> + int err;
> +
> + err = omnia_cmd_read(mcu->client, OMNIA_CMD_CRYPTO_COLLECT_SIGNATURE,
> + reply, sizeof(reply));
> + if (!err && reply[0] != OMNIA_MCU_CRYPTO_SIGNATURE_LEN)
> + err = -EIO;
> +
> + guard(mutex)(&mcu->sign_lock);
> +
> + if (mcu->sign_state == SIGN_STATE_REQUESTED) {
> + mcu->sign_err = err;
> + if (!err)
> + memcpy(mcu->signature, &reply[1],
> + OMNIA_MCU_CRYPTO_SIGNATURE_LEN);
> + mcu->sign_state = SIGN_STATE_COLLECTED;
Even for an error case?
> + complete(&mcu->msg_signed_completion);
> + }
> +
> + return IRQ_HANDLED;
> +}
...
> + scoped_guard(mutex, &mcu->sign_lock)
> + if (mcu->sign_state != SIGN_STATE_REQUESTED &&
> + mcu->sign_state != SIGN_STATE_COLLECTED)
> + return -ENODATA;
{}
Don't you want interruptible mutex? In such case you might need to return
-ERESTARTSYS. OTOH, this is debugfs, we don't much care.
...
> +#define OMNIA_MCU_CRYPTO_PUBLIC_KEY_LEN 33
33? Hmm... does it mean (32 + 1)?
--
With Best Regards,
Andy Shevchenko
