Re: [PATCH v9 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 08, 2024 at 12:31:16PM +0200, Marek Behún wrote:
> Add support for digital message signing with private key stored in the
> MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> when manufactured. The private key is not readable from the MCU, but
> MCU allows for signing messages with it and retrieving the public key.
> 
> As described in a similar commit 50524d787de3 ("firmware:
> turris-mox-rwtm: support ECDSA signatures via debugfs"):
>   The optimal solution would be to register an akcipher provider via
>   kernel's crypto API, but crypto API does not yet support accessing
>   akcipher API from userspace (and probably won't for some time, see
>   https://www.spinics.net/lists/linux-crypto/msg38388.html).
> 
> Therefore we add support for accessing this signature generation
> mechanism via debugfs for now, so that userspace can access it.

...

> +static irqreturn_t omnia_msg_signed_irq_handler(int irq, void *dev_id)
> +{
> +	u8 reply[1 + OMNIA_MCU_CRYPTO_SIGNATURE_LEN];
> +	struct omnia_mcu *mcu = dev_id;
> +	int err;
> +
> +	err = omnia_cmd_read(mcu->client, OMNIA_CMD_CRYPTO_COLLECT_SIGNATURE,
> +			     reply, sizeof(reply));
> +	if (!err && reply[0] != OMNIA_MCU_CRYPTO_SIGNATURE_LEN)
> +		err = -EIO;
> +
> +	guard(mutex)(&mcu->sign_lock);
> +
> +	if (mcu->sign_state == SIGN_STATE_REQUESTED) {
> +		mcu->sign_err = err;
> +		if (!err)
> +			memcpy(mcu->signature, &reply[1],
> +			       OMNIA_MCU_CRYPTO_SIGNATURE_LEN);

> +		mcu->sign_state = SIGN_STATE_COLLECTED;

Even for an error case?

> +		complete(&mcu->msg_signed_completion);
> +	}
> +
> +	return IRQ_HANDLED;
> +}

...

> +	scoped_guard(mutex, &mcu->sign_lock)
> +		if (mcu->sign_state != SIGN_STATE_REQUESTED &&
> +		    mcu->sign_state != SIGN_STATE_COLLECTED)
> +			return -ENODATA;

{}

Don't you want interruptible mutex? In such case you might need to return
-ERESTARTSYS. OTOH, this is debugfs, we don't much care.

...

> +#define OMNIA_MCU_CRYPTO_PUBLIC_KEY_LEN	33

33? Hmm... does it mean (32 + 1)?

-- 
With Best Regards,
Andy Shevchenko






[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux