Hi everyone,
I thought it might be a good time to start / re-start / join the
conversation about authentication and encryption in Greybus, and in
particular, for using a transport (and lower layers) other than
UniPro. This is the logical next step after getting the TCP/IP
transport working with gbridge over BLE, 802.15.4, WiFi, ethernet,
UART, etc.
There is the Component Authentication Protocol that exists already,
but I'm not terribly familiar with it. Is anyone able to clarify if
there is some overlap between CAP and some of the work that follows?
If it's possible to re-use some of the CAP, that would be nice.
Just over a year ago I set up authentication and encryption over
Greybus for BeagleBoard.org. I was able to demonstrate it working over
a TCP/IP transport. Here is some code that is on the back-burner for
now.
https://github.com/friedtco/gbridge/blob/feature/tcpip-ble-ipsp/pkauth.hhttps://github.com/friedtco/gbridge/blob/feature/tcpip-ble-ipsp/pkauth.c
I have a PR open to anobli/gbridge on GitHub that pulls in the
non-authentication / encryption changes. So the change that deals with
auth and encryption is fairly small. On the Host side, it uses
OpenSSL.
We are using regular SSH keys for asymmetric authentication and the
initial secure channel, then generating and sharing an AES-128 session
key for symmetric encryption of the subsequent communications. The
wireless SoC we're using for testing is the CC1352R from TI, and it
has both AES and PK hardware accelerators. Most SoC's these days have
an AES accelerator, at least.
The handshake is described here, but I'll copy it into the email as well.
https://github.com/friedtco/gbridge/blob/feature/tcpip-ble-ipsp/pkauth.c#L1…
1. Device sends its public key
2. Host compares device public key with those in a collection of
trusted public keys. if not found connection closed.
3. Host sends its public key
4. Device compares host public key with those in a collection of
trusted public keys. if not found connection closed.
5. Device creates a randomly generated message, "PlainText A".
6. Device encrypts "PlainText A" using Host public key, creating "CipherText A".
7. Device transmits "CipherText A" to Host.
8. Host decrypts "CipherText A" with Host private key, resulting in
"PlainText B".
9. Host encrypts "PlainText B" using Device public key, creating "CipherText B".
10. Host transmits "CipherText B" to Device.
11. Device decrypts "CipherText B" with Device private key, resulting
in "PlainText C".
12. Device compares "PlainText A" and "PlainText C", and responds with
success or noauth.
13. Host creates a randomly generated message, "PlainText D".
14. Host encrypts "PlainText D" using Device public key, creating
"CipherText D".
15. Host transmits "CipherText D" to Device.
16. Device decrypts "CipherText D" with Device private key, resulting
in "PlainText E".
17. Device encrypts "PlainText E" using Host public key, creating
"CipherText E".
18. Device transmits "CipherText E" to Host.
19. Host decrypts "CipherText E" with Host private key, resulting in
"PlainText F".
20. Host compares "PlainText D" and "PlainText F", and responds with
success or noauth.
21. Host generates symmetric session key as "PlainText G", pairs
session key with socket.
22. Host encrypts "PlainText G" with Device public key, resulting in
"CipherText G".
23. Host transmits "CipherText G" to device.
24. Device decrypts "CipherText G" using Device private key, resulting
in "PlainText H".
25. Device pairs the session key ("PlainText H") with socket.
Currently, this handshake happens when a new connection is created on
any port / CPort (be it Control, GPIO, I2C, SPI, etc).
While I understand that this security mechanism is not nearly as
sophisticated as that of Thread, for example, it's fairly easy to
implement locally for developers.
However, we would ultimately like to support more than one method of
authentication and encryption in Greybus. For the very basic method we
implemented above, 5 additional message primitives were required:
https://github.com/friedtco/gbridge/blob/feature/tcpip-ble-ipsp/pkauth.h#L32
#define GB_PKAUTH_TYPE_VERSION 0x7a
#define GB_PKAUTH_TYPE_PUBKEY 0x7b
#define GB_PKAUTH_TYPE_CHALLENGE 0x7c
#define GB_PKAUTH_TYPE_CHALLENGE_RESP 0x7d
#define GB_PKAUTH_TYPE_SESSION_KEY 0x7e
For full negotiation of the auth mechanism and encryption algorithm
(e.g. OAuth2 authentication + 3DES encryption) we'll probably need a
few more message primitives, and likely a new minor version (at least)
for each CPort protocol.
It should be possible (although discouraged) to opt for everything in
plaintext, but that would also be the default case for the CPort
protocols as they exist today.
I would love to hear some ideas about this from whoever is interested.
Cheers,
C
In gbaudio_dapm_free_controls(), if one of the widgets is not found, an error
will be returned directly, which will cause the rest to be unable to be freed,
resulting in leak.
This patch fixes the bug. If if one of them is not found, just skip and free the others.
Fixes: 510e340efe0c ("staging: greybus: audio: Add helper APIs for dynamic audio module")
Reported-by: Hulk Robot <hulkci(a)huawei.com>
Signed-off-by: Wang Hai <wanghai38(a)huawei.com>
---
drivers/staging/greybus/audio_helper.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/greybus/audio_helper.c b/drivers/staging/greybus/audio_helper.c
index 237531ba60f3..3011b8abce38 100644
--- a/drivers/staging/greybus/audio_helper.c
+++ b/drivers/staging/greybus/audio_helper.c
@@ -135,7 +135,8 @@ int gbaudio_dapm_free_controls(struct snd_soc_dapm_context *dapm,
if (!w) {
dev_err(dapm->dev, "%s: widget not found\n",
widget->name);
- return -EINVAL;
+ widget++;
+ continue;
}
widget++;
#ifdef CONFIG_DEBUG_FS
--
2.17.1
drivers/staging/greybus/pwm.c uses the old style PWM callbacks, new drivers
should stick to the atomic API instead.
Signed-off-by: Uwe Kleine-König <uwe(a)kleine-koenig.org>
---
On 12/8/20 10:39 AM, Johan Hovold wrote:
> No sign off?
>
> Please also add a staging prefix since this part of greybus still lives
> there.
That after all these years I still fail occasionally to add a sign-off
... /me shakes his head about himself.
Anyhow, here comes a v2, also with the requested prefix.
drivers/staging/greybus/TODO | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/greybus/TODO b/drivers/staging/greybus/TODO
index 31f1f2cb401c..6461e0132fe3 100644
--- a/drivers/staging/greybus/TODO
+++ b/drivers/staging/greybus/TODO
@@ -1,3 +1,5 @@
* Convert all uses of the old GPIO API from <linux/gpio.h> to the
GPIO descriptor API in <linux/gpio/consumer.h> and look up GPIO
lines from device tree or ACPI.
+* Make pwm.c use the struct pwm_ops::apply instead of ::config, ::set_polarity,
+ ::enable and ::disable.
--
2.29.2
drivers/staging/greybus/pwm.c uses the old style PWM callbacks, new drivers
should stick to the atomic API instead.
---
drivers/staging/greybus/TODO | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/staging/greybus/TODO b/drivers/staging/greybus/TODO
index 31f1f2cb401c..6461e0132fe3 100644
--- a/drivers/staging/greybus/TODO
+++ b/drivers/staging/greybus/TODO
@@ -1,3 +1,5 @@
* Convert all uses of the old GPIO API from <linux/gpio.h> to the
GPIO descriptor API in <linux/gpio/consumer.h> and look up GPIO
lines from device tree or ACPI.
+* Make pwm.c use the struct pwm_ops::apply instead of ::config, ::set_polarity,
+ ::enable and ::disable.
--
2.29.2
On 11/15/20 9:17 AM, Greg Kroah-Hartman wrote:
> On Sun, Nov 15, 2020 at 03:53:16PM +0100, Emmanouil Perselis wrote:
>> This patch fixes the warning "static const char * array should
>> probably be static const char * const" in
>> drivers/staging/greybus/audio_manager_module.c
>> I think Greg's patch bot is telling you that you need
>> to carbon-copy the mailing list on your patch submission,
>> not just address it to the maintainers.
Added addresses to carbon copy.
>> -Alex
>>
>> Signed-off-by: Emmanouil Perselis <perselis.e(a)gmail.com>
>> ---
>> drivers/staging/greybus/audio_manager_module.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/staging/greybus/audio_manager_module.c b/drivers/staging/greybus/audio_manager_module.c
>> index 2bfd804183c4..6ef7381f4e85 100644
>> --- a/drivers/staging/greybus/audio_manager_module.c
>> +++ b/drivers/staging/greybus/audio_manager_module.c
>> @@ -158,7 +158,7 @@ static void send_add_uevent(struct gb_audio_manager_module *module)
>> char ip_devices_string[64];
>> char op_devices_string[64];
>>
>> - char *envp[] = {
>> + static const char * const envp[] = {
>> name_string,
>> vid_string,
>> pid_string,
>> --
>> 2.20.1
>>
>
> Hi,
>
> This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him
> a patch that has triggered this response. He used to manually respond
> to these common problems, but in order to save his sanity (he kept
> writing the same thing over and over, yet to different people), I was
> created. Hopefully you will not take offence and will fix the problem
> in your patch and resubmit it so that it can be accepted into the Linux
> kernel tree.
>
> You are receiving this message because of the following common error(s)
> as indicated below:
>
> - Your patch was sent privately to Greg. Kernel development is done in
> public, please always cc: a public mailing list with a patch
> submission. Using the tool, scripts/get_maintainer.pl on the patch
> will tell you what mailing list to cc.
>
> - You did not specify a description of why the patch is needed, or
> possibly, any description at all, in the email body. Please read the
> section entitled "The canonical patch format" in the kernel file,
> Documentation/SubmittingPatches for what is needed in order to
> properly describe the change.
>
> - You did not write a descriptive Subject: for the patch, allowing Greg,
> and everyone else, to know what this patch is all about. Please read
> the section entitled "The canonical patch format" in the kernel file,
> Documentation/SubmittingPatches for what a proper Subject: line should
> look like.
>
> If you wish to discuss this problem further, or you have questions about
> how to resolve this issue, please feel free to respond to this email and
> Greg will reply once he has dug out from the pending patches received
> from other developers.
>
> thanks,
>
> greg k-h's patch email bot
>
Signed-off-by: Emmanouil Perselis <perselis.e(a)gmail.com>
---
drivers/staging/greybus/audio_manager_module.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/greybus/audio_manager_module.c b/drivers/staging/greybus/audio_manager_module.c
index 2bfd804183c4..6ef7381f4e85 100644
--- a/drivers/staging/greybus/audio_manager_module.c
+++ b/drivers/staging/greybus/audio_manager_module.c
@@ -158,7 +158,7 @@ static void send_add_uevent(struct gb_audio_manager_module *module)
char ip_devices_string[64];
char op_devices_string[64];
- char *envp[] = {
+ static const char * const envp[] = {
name_string,
vid_string,
pid_string,
--
2.20.1