Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp472755lqo;
        Fri, 10 May 2024 05:52:41 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUcADsF5/DHOCl8B/OKCkgh1cXtQEnbe6QBWdd5Yo8XOa5tv5D9B7Rjc0JF+mwQaSl1v0lJ13fKQpBmulG7eFT4h8ztw1KjdU3kLmKxYQ==
X-Google-Smtp-Source: AGHT+IE66aXK5CH3dl38rcdLyPWwkzlt1hjU2B5fOxAzbDhoy4kSLnA4k/eunQ9Zshy8qg75A1Uo
X-Received: by 2002:a05:6830:d1:b0:6f0:3b11:aa26 with SMTP id 46e09a7af769-6f0e92b2c87mr2730145a34.24.1715345560900;
        Fri, 10 May 2024 05:52:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715345560; cv=pass;
        d=google.com; s=arc-20160816;
        b=El+8ANIva9CwEvB0JwK78Cqc1Cj12xrBS/bXMeFyQ8rrqdBRQVbePbQhGFTS8UReIW
         e9bm4WMAwO++AJEeCY1ObkQbA3CQtuB098YN5uADvCi1HTDbqo7EkxvZEJgZozUZ5OIK
         TAGRRd2CL6CQ7F+/JlywbqjTPl8AcgAF325ID5REpAP/eDO+6wTC29WJQAJ78wdg4iT9
         gANQxEdcU/E3uA9YOhGkJOEzJ2GJbjeKEK+ikt1aJWlL2L8+A7d348VyCdkLJIKR/UxV
         87qs7O+vltPTFOUCXiZxpYBs7ac+FikCzxwJePoRT87siq0Je5TkQ9GMTXoh424uHqTp
         cEfg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:content-transfer-encoding:content-disposition
         :mime-version:list-unsubscribe:list-subscribe:list-id:precedence
         :references:message-id:subject:cc:to:from:date:dkim-signature;
        bh=PaW/Q1W4u7W1T1cS9Eh/b5c5BypzSd7UfzOWuWPNG0o=;
        fh=nmsLau6kHJ6QNd8OnvSweM1o4xWeigvVbtAuutynPqc=;
        b=ZRCdSVt/YZO66tcuONeYIMYIAc1LeiZYVBahIXOeXJK9rWzO8HG32CCZQACB7lSS4F
         Uz40BD4n73LV0t7v/2sLSobIsljcYqXUzF/QMYZO2JIVUOcA+rXZkmoGAgxujHaVD8IP
         ACaTzaGQyXN608CmxYCDIxTnBnYzXEXJlCASLzoy6F5kejh3SXIwyVCgkIRulYl2V4Ow
         tZ11BSlLz/xV3fAILrItW5kcO4vZMPgsBzdQABsS0XYkdbspVAaBqsKowSNxj48iVnov
         NA2LpaJXCn/jE3d1RRnpxUo4dZYu6Ye5dv9He5/VOw8cGggmryGnww0eUZ/XqZOB0r+e
         cZBg==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=fail header.i=@linuxfoundation.org header.s=korg header.b=V3QxkSPo;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id af79cd13be357-792bf36620csi337555285a.652.2024.05.10.05.52.40
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 10 May 2024 05:52:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@linuxfoundation.org header.s=korg header.b=V3QxkSPo;
       arc=pass (i=1 dkim=pass dkdomain=linuxfoundation.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4108-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 622581C220E0
	for <linux.lists.archive@gmail.com>; Fri, 10 May 2024 12:52:16 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id F13B37BB17;
	Fri, 10 May 2024 12:52:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=fail reason="signature verification failed" (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="V3QxkSPo"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99F66376
	for <linux-crypto@vger.kernel.org>; Fri, 10 May 2024 12:52:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715345532; cv=none; b=jNgQUAIHkBSdYLMcoIazNCdHjtmJso/RFiJAjHDlVBCKtKMs3ga7oQ9wjvRpENCjZoeZXLREixi57YogdJnBfykFjcEq+74rKVr9RjttZlNV3+/z93FYuRbBzn2o13iY01xY0eA1qxfVd2RVLEGEjVG9sOLj3gaRRaNhQEBqDOE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715345532; c=relaxed/simple;
	bh=F4R3C19AZoLiQoZKLlM88oNqKAIwm0tvC1yAksYsh2o=;
	h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:
	 Content-Type:Content-Disposition:In-Reply-To; b=lM+tdahPDmPTciebJSVJAHv7Xp+oY1MRGkhokZXxE4+vupFmomlKvnA+mfm8l4ZmFwr2TbiWMkRmzYyfBH4uWDzllxTSx3NjS9/ASZgqtK2uSIk7fj9I3y878yF3j3tGE1Yz4O5gVQWcrcq0VwKK9oVee4QGUBxxgsLn7/OleWs=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=V3QxkSPo; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 952ADC113CC;
	Fri, 10 May 2024 12:52:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1715345532;
	bh=F4R3C19AZoLiQoZKLlM88oNqKAIwm0tvC1yAksYsh2o=;
	h=Date:From:To:List-Id:Cc:Subject:References:In-Reply-To:From;
	b=V3QxkSPoxBn2qgJJNrFqi/U7Ad5bYZhYMS+hBAldKeIy5SQx4nwhxy71tZ4+iOQQr
	 ZZ2t+oNUxO4Ah+sM0/5dMsTL8awo37dLbbFNDoOY+bapZqeXMQoRcjR4PgrSimEA/P
	 YFqiSf+pm4iwBd4Sqb20cvZoqpM7Bk4dY7BOQT6Y=
Date: Fri, 10 May 2024 13:52:08 +0100
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: Marek =?iso-8859-1?Q?Beh=FAn?= <kabel@kernel.org>
Cc: Gregory CLEMENT <gregory.clement@bootlin.com>,
	Arnd Bergmann <arnd@arndb.de>, soc@kernel.org, arm@kernel.org,
	Andy Shevchenko <andy@kernel.org>,
	Hans de Goede <hdegoede@redhat.com>,
	Ilpo =?iso-8859-1?Q?J=E4rvinen?= <ilpo.jarvinen@linux.intel.com>,
	linux-crypto@vger.kernel.org,
	Dan Carpenter <dan.carpenter@linaro.org>
Subject: Re: [PATCH v10 7/9] platform: cznic: turris-omnia-mcu: Add support
 for digital message signing via debugfs
Message-ID: <2024051042-unbuckled-barometer-1099@gregkh>
References: <20240510101819.13551-1-kabel@kernel.org>
 <20240510101819.13551-8-kabel@kernel.org>
 <2024051007-rendering-borrowing-ffc5@gregkh>
 <20240510133158.2f40ee55@dellmb>
 <2024051013-purse-harsh-d927@gregkh>
 <20240510135020.06aff350@dellmb>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20240510135020.06aff350@dellmb>

On Fri, May 10, 2024 at 01:50:20PM +0200, Marek Beh?n wrote:
> On Fri, 10 May 2024 12:37:04 +0100
> Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> 
> > On Fri, May 10, 2024 at 01:31:58PM +0200, Marek Beh?n wrote:
> > > On Fri, 10 May 2024 11:52:56 +0100
> > > Greg Kroah-Hartman <gregkh@linuxfoundation.org> wrote:
> > >   
> > > > On Fri, May 10, 2024 at 12:18:17PM +0200, Marek Beh?n wrote:  
> > > > > Add support for digital message signing with private key stored in the
> > > > > MCU. Boards with MKL MCUs have a NIST256p ECDSA private key created
> > > > > when manufactured. The private key is not readable from the MCU, but
> > > > > MCU allows for signing messages with it and retrieving the public key.
> > > > > 
> > > > > As described in a similar commit 50524d787de3 ("firmware:
> > > > > turris-mox-rwtm: support ECDSA signatures via debugfs"):
> > > > >   The optimal solution would be to register an akcipher provider via
> > > > >   kernel's crypto API, but crypto API does not yet support accessing
> > > > >   akcipher API from userspace (and probably won't for some time, see
> > > > >   https://www.spinics.net/lists/linux-crypto/msg38388.html).
> > > > > 
> > > > > Therefore we add support for accessing this signature generation
> > > > > mechanism via debugfs for now, so that userspace can access it.    
> > > > 
> > > > Having a "real" user/kernel api in debugfs feels wrong here, why would
> > > > you not do this properly?  On most, if not all, systems, debugfs is
> > > > locked down so you do not have access to it, as it is only there for
> > > > debugging.  So how is a user supposed to use this feature if they can't
> > > > get access to it?
> > > > 
> > > > And debugfs files can be changed at any time, so how can you ensure that
> > > > your new api will always be there?
> > > > 
> > > > In other words, please solve this properly, do not just add a hack into
> > > > debugfs that no one can use as that is not a good idea.  
> > > 
> > > Hi Greg,
> > > 
> > > this is the same thing we discussed 5 years ago, I wanted to implement
> > > it via crypto's akcipher, but was refused due to
> > >   https://www.spinics.net/lists/linux-crypto/msg38388.html
> > > 
> > > I've then exposed this via debugfs in the turris-mox-rwtm driver 4
> > > years ago, and we have supported this in our utility scripts, with the
> > > plan that to reimplement it in the kernel via the correct ABI once
> > > akcipher (or other ABI) is available to userspace, but AFAIK after 5
> > > years this is still not the case :-(
> > > 
> > > If not debugfs and not akcipher, another option is to expose this via
> > > sysfs, but that also doesn't seem right, and if I recall correctly you
> > > also disapproved of this 5 years ago.  
> > 
> > Yeah, sysfs is not ok for this either.
> > 
> > > The last option would be to create another device, something like
> > > /dev/turris-crypto for this. I wanted to avoid that and wait for
> > > akcipher to be exposed do crypto since another /dev device must be
> > > supported forever, while debugfs implementation can be removed once
> > > this is supported via standardized ABI.
> > > 
> > > Do you have any suggestions?  
> > 
> > Not really, I can't see the link above (no internet connection right
> > now) but this should just be fixed properly at the crypto subsystem
> > instead of these horrible debugfs hacks.
> > 
> > thanks,
> > 
> > greg k-h
> 
> The mail is from Herbert Xu and it says the following:
> 
>   The akcipher kernel API is still in a state of flux.  See the
>   recent work on ecrdsa for example which affected the RSA API.
>   
>   Until that settles down I will not allow akcipher to be exported
>   through af_alg as that would commit us to that API forever.

5 years is a long time for "in a state of flux", perhaps work on getting
that fixed up now that things are settled down?

thanks,

greg k-h