Re: [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support for digital message signing via debugfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 10 May 2024 12:37:04 +0100
Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:

> On Fri, May 10, 2024 at 01:31:58PM +0200, Marek Behún wrote:
> > On Fri, 10 May 2024 11:52:56 +0100
> > Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> >   
> > > On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Behún wrote:  
> > > > Add support for digital message signing with private key stored in the
> > > > MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> > > > when manufactured. The private key is not readable from the MCU, but
> > > > MCU allows for signing messages with it and retrieving the public key.
> > > > 
> > > > As described in a similar commit 50524d787de3 ("firmware:
> > > > turris-mox-rwtm: support ECDSA signatures via debugfs"):
> > > >   The optimal solution would be to register an akcipher provider via
> > > >   kernel's crypto API, but crypto API does not yet support accessing
> > > >   akcipher API from userspace (and probably won't for some time, see
> > > >   https://www.spinics.net/lists/linux-crypto/msg38388.html).
> > > > 
> > > > Therefore we add support for accessing this signature generation
> > > > mechanism via debugfs for now, so that userspace can access it.    
> > > 
> > > Having a "real" user/kernel api in debugfs feels wrong here, why would
> > > you not do this properly?  On most, if not all, systems, debugfs is
> > > locked down so you do not have access to it, as it is only there for
> > > debugging.  So how is a user supposed to use this feature if they can't
> > > get access to it?
> > > 
> > > And debugfs files can be changed at any time, so how can you ensure that
> > > your new api will always be there?
> > > 
> > > In other words, please solve this properly, do not just add a hack into
> > > debugfs that no one can use as that is not a good idea.  
> > 
> > Hi Greg,
> > 
> > this is the same thing we discussed 5 years ago, I wanted to implement
> > it via crypto's akcipher, but was refused due to
> >   https://www.spinics.net/lists/linux-crypto/msg38388.html
> > 
> > I've then exposed this via debugfs in the turris-mox-rwtm driver 4
> > years ago, and we have supported this in our utility scripts, with the
> > plan that to reimplement it in the kernel via the correct ABI once
> > akcipher (or other ABI) is available to userspace, but AFAIK after 5
> > years this is still not the case :-(
> > 
> > If not debugfs and not akcipher, another option is to expose this via
> > sysfs, but that also doesn't seem right, and if I recall correctly you
> > also disapproved of this 5 years ago.  
> 
> Yeah, sysfs is not ok for this either.
> 
> > The last option would be to create another device, something like
> > /dev/turris-crypto for this. I wanted to avoid that and wait for
> > akcipher to be exposed do crypto since another /dev device must be
> > supported forever, while debugfs implementation can be removed once
> > this is supported via standardized ABI.
> > 
> > Do you have any suggestions?  
> 
> Not really, I can't see the link above (no internet connection right
> now) but this should just be fixed properly at the crypto subsystem
> instead of these horrible debugfs hacks.
> 
> thanks,
> 
> greg k-h

The mail is from Herbert Xu and it says the following:

  The akcipher kernel API is still in a state of flux.  See the
  recent work on ecrdsa for example which affected the RSA API.
  
  Until that settles down I will not allow akcipher to be exported
  through af_alg as that would commit us to that API forever.

Marek





[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux