From: Maxim Levitsky <mlevitsk@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Kevin Wolf" <kwolf@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
qemu-block@nongnu.org, "Markus Armbruster" <armbru@redhat.com>,
"Max Reitz" <mreitz@redhat.com>,
"Maxim Levitsky" <mlevitsk@redhat.com>,
"John Snow" <jsnow@redhat.com>
Subject: [PATCH v3 02/14] qcrypto/luks: implement encryption key management
Date: Sun, 3 May 2020 21:43:12 +0300 [thread overview]
Message-ID: <20200503184324.12506-3-mlevitsk@redhat.com> (raw)
In-Reply-To: <20200503184324.12506-1-mlevitsk@redhat.com>
Next few patches will expose that functionality
to the user.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
crypto/block-luks.c | 406 +++++++++++++++++++++++++++++++++++++++++++-
qapi/crypto.json | 61 ++++++-
2 files changed, 463 insertions(+), 4 deletions(-)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 4861db810c..26a05d30d4 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -32,6 +32,7 @@
#include "qemu/uuid.h"
#include "qemu/coroutine.h"
+#include "qemu/bitmap.h"
/*
* Reference for the LUKS format implemented here is
@@ -70,6 +71,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
#define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
+#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000
+#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
+
static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
'L', 'U', 'K', 'S', 0xBA, 0xBE
};
@@ -219,6 +223,9 @@ struct QCryptoBlockLUKS {
/* Hash algorithm used in pbkdf2 function */
QCryptoHashAlgorithm hash_alg;
+
+ /* Name of the secret that was used to open the image */
+ char *secret;
};
@@ -1069,6 +1076,119 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
return -1;
}
+/*
+ * Returns true if a slot i is marked as active
+ * (contains encrypted copy of the master key)
+ */
+static bool
+qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
+ unsigned int slot_idx)
+{
+ uint32_t val = luks->header.key_slots[slot_idx].active;
+ return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
+}
+
+/*
+ * Returns the number of slots that are marked as active
+ * (slots that contain encrypted copy of the master key)
+ */
+static unsigned int
+qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks)
+{
+ size_t i = 0;
+ unsigned int ret = 0;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ ret++;
+ }
+ }
+ return ret;
+}
+
+/*
+ * Finds first key slot which is not active
+ * Returns the key slot index, or -1 if it doesn't exist
+ */
+static int
+qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks)
+{
+ size_t i;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!qcrypto_block_luks_slot_active(luks, i)) {
+ return i;
+ }
+ }
+ return -1;
+}
+
+/*
+ * Erases an keyslot given its index
+ * Returns:
+ * 0 if the keyslot was erased successfully
+ * -1 if a error occurred while erasing the keyslot
+ *
+ */
+static int
+qcrypto_block_luks_erase_key(QCryptoBlock *block,
+ unsigned int slot_idx,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
+ g_autofree uint8_t *garbagesplitkey = NULL;
+ size_t splitkeylen = luks->header.master_key_len * slot->stripes;
+ size_t i;
+ Error *local_err = NULL;
+ int ret;
+
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ assert(splitkeylen > 0);
+ garbagesplitkey = g_new0(uint8_t, splitkeylen);
+
+ /* Reset the key slot header */
+ memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
+ slot->iterations = 0;
+ slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
+
+ ret = qcrypto_block_luks_store_header(block, writefunc,
+ opaque, &local_err);
+
+ if (ret) {
+ error_propagate(errp, local_err);
+ }
+ /*
+ * Now try to erase the key material, even if the header
+ * update failed
+ */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) {
+ if (qcrypto_random_bytes(garbagesplitkey,
+ splitkeylen, &local_err) < 0) {
+ /*
+ * If we failed to get the random data, still write
+ * at least zeros to the key slot at least once
+ */
+ error_propagate(errp, local_err);
+
+ if (i > 0) {
+ return -1;
+ }
+ }
+ if (writefunc(block,
+ slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
+ garbagesplitkey,
+ splitkeylen,
+ opaque,
+ &local_err) != splitkeylen) {
+ error_propagate(errp, local_err);
+ return -1;
+ }
+ }
+ return 0;
+}
static int
qcrypto_block_luks_open(QCryptoBlock *block,
@@ -1099,6 +1219,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
luks = g_new0(QCryptoBlockLUKS, 1);
block->opaque = luks;
+ luks->secret = g_strdup(options->u.luks.key_secret);
if (qcrypto_block_luks_load_header(block, readfunc, opaque, errp) < 0) {
goto fail;
@@ -1164,6 +1285,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
fail:
qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen);
+ g_free(luks->secret);
g_free(luks);
return -1;
}
@@ -1204,7 +1326,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
- luks_opts.iter_time = 2000;
+ luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
}
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
@@ -1244,6 +1366,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
optprefix ? optprefix : "");
goto error;
}
+ luks->secret = g_strdup(options->u.luks.key_secret);
+
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
if (!password) {
goto error;
@@ -1471,10 +1595,283 @@ qcrypto_block_luks_create(QCryptoBlock *block,
qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen);
+ g_free(luks->secret);
g_free(luks);
return -1;
}
+/*
+ * Given LUKSKeyslotUpdate command, set @slots_bitmap with all slots
+ * that will be updated with new password (or erased)
+ * returns 0 on success, and -1 on failure
+ */
+static int
+qcrypto_block_luks_get_update_bitmap(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ void *opaque,
+ const QCryptoBlockAmendOptionsLUKS *opts,
+ unsigned long *slots_bitmap,
+ Error **errp)
+{
+ const QCryptoBlockLUKS *luks = block->opaque;
+ size_t i;
+
+ bitmap_zero(slots_bitmap, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+
+ if (opts->has_keyslot) {
+ /* keyslot set, select only this keyslot */
+ int keyslot = opts->keyslot;
+
+ if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
+ error_setg(errp,
+ "Invalid slot %u specified, must be between 0 and %u",
+ keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
+ return -1;
+ }
+ bitmap_set(slots_bitmap, keyslot, 1);
+
+ } else if (opts->has_old_secret) {
+ /* initially select all active keyslots */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ bitmap_set(slots_bitmap, i, 1);
+ }
+ }
+ } else {
+ /* find a free keyslot */
+ int slot = qcrypto_block_luks_find_free_keyslot(luks);
+
+ if (slot == -1) {
+ error_setg(errp,
+ "Can't add a keyslot - all key slots are in use");
+ return -1;
+ }
+ bitmap_set(slots_bitmap, slot, 1);
+ }
+
+ if (opts->has_old_secret) {
+ /* now deselect all keyslots that don't contain the password */
+ g_autofree uint8_t *tmpkey = g_new0(uint8_t,
+ luks->header.master_key_len);
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ g_autofree char *old_password = NULL;
+ int rv;
+
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+
+ old_password = qcrypto_secret_lookup_as_utf8(opts->old_secret,
+ errp);
+ if (!old_password) {
+ return -1;
+ }
+
+ rv = qcrypto_block_luks_load_key(block,
+ i,
+ old_password,
+ tmpkey,
+ readfunc,
+ opaque,
+ errp);
+ if (rv == -1) {
+ return -1;
+ } else if (rv == 0) {
+ bitmap_clear(slots_bitmap, i, 1);
+ }
+ }
+ }
+ return 0;
+}
+
+/*
+ * Erase a set of keyslots given in @slots_bitmap
+ */
+static int qcrypto_block_luks_erase_keys(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ unsigned long *slots_bitmap,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ long slot_count = bitmap_count_one(slots_bitmap,
+ QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ size_t i;
+
+ /* safety checks */
+ if (!force && slot_count == qcrypto_block_luks_count_active_slots(luks)) {
+ error_setg(errp,
+ "Requested operation will erase all active keyslots"
+ " which will erase all the data in the image"
+ " irreversibly - refusing operation");
+ return -EINVAL;
+ }
+
+ /* new apply the update */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_erase_key(block, i, writefunc, opaque, errp)) {
+ error_append_hint(errp, "Failed to erase keyslot %zu", i);
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
+/*
+ * Set a set of keyslots to @master_key encrypted by @new_secret
+ */
+static int qcrypto_block_luks_set_keys(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ unsigned long *slots_bitmap,
+ uint8_t *master_key,
+ uint64_t iter_time,
+ char *new_secret,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ g_autofree char *new_password = NULL;
+ size_t i;
+
+ /* safety checks */
+ if (!force) {
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ error_setg(errp,
+ "Refusing to overwrite active slot %zu - "
+ "please erase it first", i);
+ return -EINVAL;
+ }
+ }
+ }
+
+ /* Load the new password */
+ new_password = qcrypto_secret_lookup_as_utf8(new_secret, errp);
+ if (!new_password) {
+ return -EINVAL;
+ }
+
+ /* Apply the update */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_store_key(block, i, new_password, master_key,
+ iter_time, writefunc, opaque, errp)) {
+ error_append_hint(errp, "Failed to write to keyslot %zu", i);
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
+static int
+qcrypto_block_luks_amend_options(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ QCryptoBlockAmendOptions *options,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockAmendOptionsLUKS *opts_luks = &options->u.luks;
+ g_autofree uint8_t *master_key = NULL;
+ g_autofree unsigned long *update_bitmap = NULL;
+ char *secret = opts_luks->has_secret ? opts_luks->secret : luks->secret;
+ long slot_count;
+
+ /* Retrieve set of slots that we need to update */
+ update_bitmap = bitmap_new(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ if (qcrypto_block_luks_get_update_bitmap(block, readfunc, opaque, opts_luks,
+ update_bitmap, errp) != 0) {
+ return -1;
+ }
+
+ slot_count = bitmap_count_one(update_bitmap,
+ QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+
+ /* no matching slots, so nothing to do */
+ if (slot_count == 0) {
+ error_setg(errp, "Requested operation didn't match any slots");
+ return -1;
+ }
+
+ if (opts_luks->state == Q_CRYPTO_BLOCKLUKS_KEYSLOT_STATE_ACTIVE) {
+
+ uint64_t iter_time = opts_luks->has_iter_time ?
+ opts_luks->iter_time :
+ QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
+
+ if (!opts_luks->has_new_secret) {
+ error_setg(errp, "'new-secret' is required to activate a keyslot");
+ return -1;
+ }
+ if (opts_luks->has_old_secret) {
+ error_setg(errp,
+ "'old-secret' must not be given when activating keyslots");
+ return -1;
+ }
+
+ /* Locate the password that will be used to retrieve the master key */
+ g_autofree char *old_password;
+ old_password = qcrypto_secret_lookup_as_utf8(secret, errp);
+ if (!old_password) {
+ return -1;
+ }
+
+ /* Try to retrieve the master key */
+ master_key = g_new0(uint8_t, luks->header.master_key_len);
+ if (qcrypto_block_luks_find_key(block, old_password, master_key,
+ readfunc, opaque, errp) < 0) {
+ error_append_hint(errp, "Failed to retrieve the master key");
+ return -1;
+ }
+
+ /* Now set the new keyslots */
+ if (qcrypto_block_luks_set_keys(block, readfunc, writefunc,
+ opaque, update_bitmap, master_key,
+ iter_time,
+ opts_luks->new_secret,
+ force, errp) != 0) {
+ return -1;
+ }
+ } else {
+ if (opts_luks->has_new_secret) {
+ error_setg(errp,
+ "'new-secret' must not be given when erasing keyslots");
+ return -1;
+ }
+ if (opts_luks->has_iter_time) {
+ error_setg(errp,
+ "'iter-time' must not be given when erasing keyslots");
+ return -1;
+ }
+ if (opts_luks->has_secret) {
+ error_setg(errp,
+ "'secret' must not be given when erasing keyslots");
+ return -1;
+ }
+
+ if (qcrypto_block_luks_erase_keys(block, readfunc, writefunc,
+ opaque, update_bitmap, force,
+ errp) != 0) {
+ return -1;
+ }
+ }
+ return 0;
+}
static int qcrypto_block_luks_get_info(QCryptoBlock *block,
QCryptoBlockInfo *info,
@@ -1523,7 +1920,11 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
{
- g_free(block->opaque);
+ QCryptoBlockLUKS *luks = block->opaque;
+ if (luks) {
+ g_free(luks->secret);
+ g_free(luks);
+ }
}
@@ -1560,6 +1961,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
const QCryptoBlockDriver qcrypto_block_driver_luks = {
.open = qcrypto_block_luks_open,
.create = qcrypto_block_luks_create,
+ .amend = qcrypto_block_luks_amend_options,
.get_info = qcrypto_block_luks_get_info,
.cleanup = qcrypto_block_luks_cleanup,
.decrypt = qcrypto_block_luks_decrypt,
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 3fd0ce177e..a076b3b938 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -1,6 +1,8 @@
# -*- Mode: Python -*-
#
+{ 'include': 'common.json' }
+
##
# = Cryptography
##
@@ -297,7 +299,6 @@
'uuid': 'str',
'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
-
##
# @QCryptoBlockInfo:
#
@@ -310,7 +311,63 @@
'discriminator': 'format',
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
+##
+# @QCryptoBlockLUKSKeyslotState:
+#
+# Defines state of keyslots that are affected by the update
+#
+# @active: The slots contain the given password and marked as active
+# @inactive: The slots are erased (contain garbage) and marked as inactive
+#
+# Since: 5.0
+##
+{ 'enum': 'QCryptoBlockLUKSKeyslotState',
+ 'data': [ 'active', 'inactive' ] }
+
+##
+# @QCryptoBlockAmendOptionsLUKS:
+#
+# This struct defines the update parameters that activate/de-activate set
+# of keyslots
+#
+# @state: the desired state of the keyslots
+#
+# @new-secret: The ID of a QCryptoSecret object providing the password to be
+# written into added active keyslots
+#
+# @old-secret: Optional (for deactivation only)
+# If given will deactive all keyslots that
+# match password located in QCryptoSecret with this ID
+#
+# @iter-time: Optional (for activation only)
+# Number of milliseconds to spend in
+# PBKDF passphrase processing for the newly activated keyslot.
+# Currently defaults to 2000.
+#
+# @keyslot: Optional. ID of the keyslot to activate/deactivate.
+# For keyslot activation, keyslot should not be active already
+# (this is unsafe to update an active keyslot),
+# but possible if 'force' parameter is given.
+# If keyslot is not given, first free keyslot will be written.
+#
+# For keyslot deactivation, this parameter specifies the exact
+# keyslot to deactivate
+#
+# @secret: Optional. The ID of a QCryptoSecret object providing the
+# password to use to retrive current master key.
+# Defaults to the same secret that was used to open the image
+#
+#
+# Since 5.0
+##
+{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
+ 'data': { 'state': 'QCryptoBlockLUKSKeyslotState',
+ '*new-secret': 'str',
+ '*old-secret': 'str',
+ '*keyslot': 'int',
+ '*iter-time': 'int',
+ '*secret': 'str' } }
##
# @QCryptoBlockAmendOptions:
@@ -324,4 +381,4 @@
'base': 'QCryptoBlockOptionsBase',
'discriminator': 'format',
'data': {
- } }
+ 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
--
2.17.2
next prev parent reply other threads:[~2020-05-03 18:48 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-03 18:43 [PATCH v3 00/14] LUKS: encryption slot management using amend interface Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 01/14] qcrypto/core: add generic infrastructure for crypto options amendment Maxim Levitsky
2020-05-03 18:43 ` Maxim Levitsky [this message]
2020-05-03 18:43 ` [PATCH v3 03/14] block/amend: add 'force' option Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 04/14] block/amend: separate amend and create options for qemu-img Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 05/14] block/amend: refactor qcow2 amend options Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 06/14] block/crypto: rename two functions Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 07/14] block/crypto: implement the encryption key management Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 08/14] block/qcow2: extend qemu-img amend interface with crypto options Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 09/14] iotests: filter few more luks specific create options Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 10/14] iotests: qemu-img tests for luks key management Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 11/14] block/core: add generic infrastructure for x-blockdev-amend qmp command Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 12/14] block/crypto: implement blockdev-amend Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 13/14] block/qcow2: " Maxim Levitsky
2020-05-03 18:43 ` [PATCH v3 14/14] iotests: add tests for blockdev-amend Maxim Levitsky
2020-05-03 19:43 ` [PATCH v3 00/14] LUKS: encryption slot management using amend interface no-reply
2020-05-04 10:19 ` Daniel P. Berrangé
2020-05-04 10:26 ` Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200503184324.12506-3-mlevitsk@redhat.com \
--to=mlevitsk@redhat.com \
--cc=armbru@redhat.com \
--cc=berrange@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.