lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6dce47fd-01fb-4401-88a3-d9e85ee5529a@oss.cyber.gouv.fr>
Date: Mon, 30 Jun 2025 14:34:12 +0200
From: Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>
To: Oliver Neukum <oneukum@...e.com>,
 Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Alan Stern <stern@...land.harvard.edu>,
 Kannappan R <r.kannappan@...el.com>,
 Sabyrzhan Tasbolatov <snovitoll@...il.com>,
 Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>,
 Stefan Eichenberger <stefan.eichenberger@...adex.com>,
 Thomas Gleixner <tglx@...utronix.de>, Pawel Laszczak <pawell@...ence.com>,
 Ma Ke <make_ruc2021@....com>, Jeff Johnson <jeff.johnson@....qualcomm.com>,
 Luc Bonnafoux <luc.bonnafoux@....gouv.fr>,
 Luc Bonnafoux <luc.bonnafoux@....cyber.gouv.fr>,
 Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>,
 linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: [RFC PATCH 3/4] usb: core: Plug the usb authentication capability

Hi Olivier,

Thank you for your review.

Indeed our current implementation of the usb authentication is still a bit
crude.
Currently, most, if not all of usb devices can't handle authentication. 
If we
want to have an integration that doesn't break on current hosts, we need to
have a fail safe. We are still working on the best way to handle the
combination of authentication and authorization.
See the reply to Alan [1].

[1]: 
https://lore.kernel.org/linux-usb/8cc10112-23a7-41af-b81f-7fc0c097d34d@oss.cyber.gouv.fr/

On 6/23/25 20:15, Oliver Neukum wrote:
> Hi,
>
> I am afraid someone has to address this.
>
> On 20.06.25 16:27, nicolas.bouchinet@....cyber.gouv.fr wrote:
>
>> +    // Set a default value for authenticated at true in order not to 
>> block devices
>> +    // that do not support the authentication
>> +    dev->authenticated = 1;
>
> So the default is authenticated. OK.
>
>> +    if (le16_to_cpu(dev->descriptor.bcdUSB) >= 0x0201) {
>> +        pr_notice("bcdUSB >= 0x0201\n");
>> +        retval = usb_get_bos_descriptor(dev);
>> +        if (!retval) {
>> +            pr_notice("found BOS\n");
>> +#ifdef CONFIG_USB_AUTHENTICATION
>> +            if (dev->bos->authent_cap) {
>
> If the device claims not to support authentication ...
>
>> +                /* If authentication cap is present, start device 
>> authent */
>> +                pr_notice("found Authent BOS\n");
>> +                retval = usb_authenticate_device(dev);
>> +                if (retval != 0) {
>> +                    pr_err("failed to authenticate the device: %d\n",
>> +                           retval);
>> +                } else if (!dev->authenticated) {
>> +                    pr_notice("device has been rejected\n");
>> +                    // return early from the configuration process
>> +                    return 0;
>> +                } else {
>> +                    pr_notice("device has been authorized\n");
>> +                }
>> +            } else {
>> +                // USB authentication unsupported
>> +                // Apply security policy on failed devices
>> +                pr_notice("no authentication capability\n");
>
> ... we do nothing about it. We enumerate.
>
> The purpose of authentication is guarding against unknown or malicious 
> devices,
> isn't it? This behavior seems to be kind of incompatible with the goal.
>
>     Regards
>         Oliver
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ