On Mon, Apr 29, 2019 at 11:47:52PM +0200, Marek Behun wrote:
> Hi Greg and Tejun,
>
> is it acceptable for a driver to expose sysfs attr files for ECDSA
> signature generation?
What is "ECDSA signature generation"? Is it a crypto thing? If so, why
not use the crypto api? If not, what exactly is it?
> The thing is that
> 1. AFAIK there isn't another API for userspace to do this.
> There were attempts in 2015 to expose akcipher via netlink to
> userspace, but the patchseries were not accepted.
Pointers to that patchset? Why was it not accepted?
> 2. even if it was possible, that specific device for which I am
> writing this driver does not provide the ability to set the
> private key to sign with - the private key is just burned during
> manufacturing and cannot be read, only signed with.
Why does this matter?
> The current version of my driver exposes do_sign file in
> /sys/firmware/turris_mox directory.
>
> Userspace should write message to sign and then can read the signature
> from this do_sign file.
How big are messages and signatures? Why does this have to be a sysfs
api?
> According to the one attr = one file principle, it would be better to
> have two files: ecdsa_msg_to_sign (write-only) and ecdsa_signature
> (read-only).
> Would this be acceptable in the kernel for this driver?
Why not use the crypto api, and if that doesn't work, why not just a
char device to read/write?
> I have also another question, if you would not mind:
>
> This driver is dependant on a mailbox driver I have also written
> ("mailbox: Add support for Armada 37xx rWTM mailbox"), but I have not
> received any review for this driver from the mailbox subsystem
> maintainer, and I have already sent three versions (on 12/17/2018,
> 03/01/2019 and 03/15/2019).
> What should I do in this case?
Poke the maintainer again :)
thanks,
greg k-h
