Hi,
this patch series extends our previous set of patches (see [1]). We extended
the crypto support so all of the usbip network traffic can now be completely
encrypted and authenticated.
We now use GnuTLS not only for password verification, but extend the lifetime
of the TLS connection to cover all of the userland communications. Before
handing over the connection to the kernel, two randomly generated 128 bit
session keys are exchanged between client and server and stored in sysfs
together with the sockfd. The kernel uses these keys to encrypt and
authenticate all of the traffic using AES-GCM and the linux crypto API.
Separate keys are used for both directions of the data channel.
To the best of our knowledge, the implemented encryption should provide decent
security. However, it still lacks complete review; we also note that in the
documentation.
As mentioned in the project README, the network protocol needs more discussion.
This series increments the protocol version, because the improved crypto
support breaks compatibility with the previous patch series[1]. In the long
term, the protocol should be extended to support proper feature negotiation. If
both patch series are merged as one, the protocol version increment can be
omitted - both patch series are compatible with unauthenticated transport, but
are incompatible with each other.
Regards,
Tobias Polzer and Dominik Paulus
[1] <1379066161-8278-1-git-send-email-dominik.paulus@xxxxxx>,
https://lkml.org/lkml/2013/9/13/104
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
