From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Maxim Levitsky <mlevitsk@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>,
qemu-block@nongnu.org, qemu-devel@nongnu.org,
Markus Armbruster <armbru@redhat.com>,
Max Reitz <mreitz@redhat.com>, John Snow <jsnow@redhat.com>
Subject: Re: [PATCH v2 02/14] qcrypto/luks: implement encryption key management
Date: Tue, 28 Apr 2020 14:16:52 +0100 [thread overview]
Message-ID: <20200428131652.GA1467943@redhat.com> (raw)
In-Reply-To: <20200308151903.25941-3-mlevitsk@redhat.com>
On Sun, Mar 08, 2020 at 05:18:51PM +0200, Maxim Levitsky wrote:
> Next few patches will expose that functionality
> to the user.
>
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> crypto/block-luks.c | 398 +++++++++++++++++++++++++++++++++++++++++++-
> qapi/crypto.json | 61 ++++++-
> 2 files changed, 455 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index 4861db810c..b11ee08c6d 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> +/*
> + * Erases an keyslot given its index
> + * Returns:
> + * 0 if the keyslot was erased successfully
> + * -1 if a error occurred while erasing the keyslot
> + *
> + */
> +static int
> +qcrypto_block_luks_erase_key(QCryptoBlock *block,
> + unsigned int slot_idx,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
> + g_autofree uint8_t *garbagesplitkey = NULL;
> + size_t splitkeylen = luks->header.master_key_len * slot->stripes;
> + size_t i;
> +
> + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + assert(splitkeylen > 0);
> + garbagesplitkey = g_new0(uint8_t, splitkeylen);
> +
> + /* Reset the key slot header */
> + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
> + slot->iterations = 0;
> + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> +
> + qcrypto_block_luks_store_header(block, writefunc, opaque, errp);
This may set errp and we don't return immediately, so....
> + /*
> + * Now try to erase the key material, even if the header
> + * update failed
> + */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) {
> + if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) {
...this may then set errp a second time, which is not permitted.
This call needs to use a "local_err", and error_propagate(errp, local_err).
The latter is a no-op if errp is already set.
> + /*
> + * If we failed to get the random data, still write
> + * at least zeros to the key slot at least once
> + */
> + if (i > 0) {
> + return -1;
> + }
> + }
> + if (writefunc(block,
> + slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
> + garbagesplitkey,
> + splitkeylen,
> + opaque,
> + errp) != splitkeylen) {
same issue with errp here too.
> + return -1;
> + }
> + }
> + return 0;
> +}
> +/*
> + * Given LUKSKeyslotUpdate command, set @slots_bitmap with all slots
> + * that will be updated with new password (or erased)
> + * returns 0 on success, and -1 on failure
> + */
> +static int
> +qcrypto_block_luks_get_update_bitmap(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + void *opaque,
> + const QCryptoBlockAmendOptionsLUKS *opts,
> + unsigned long *slots_bitmap,
> + Error **errp)
> +{
> + const QCryptoBlockLUKS *luks = block->opaque;
> + size_t i;
> +
> + bitmap_zero(slots_bitmap, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> +
> + if (opts->has_keyslot) {
> + /* keyslot set, select only this keyslot */
> + int keyslot = opts->keyslot;
> +
> + if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
> + error_setg(errp,
> + "Invalid slot %u specified, must be between 0 and %u",
> + keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
> + return -1;
> + }
> + bitmap_set(slots_bitmap, keyslot, 1);
> +
> + } else if (opts->has_old_secret) {
> + /* initially select all active keyslots */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (qcrypto_block_luks_slot_active(luks, i)) {
> + bitmap_set(slots_bitmap, i, 1);
> + }
> + }
> + } else {
> + /* find a free keyslot */
> + int slot = qcrypto_block_luks_find_free_keyslot(luks);
> +
> + if (slot == -1) {
> + error_setg(errp,
> + "Can't add a keyslot - all key slots are in use");
> + return -1;
> + }
> + bitmap_set(slots_bitmap, slot, 1);
> + }
> +
> + if (opts->has_old_secret) {
> + /* now deselect all keyslots that don't contain the password */
> + g_autofree uint8_t *tmpkey = g_new0(uint8_t,
> + luks->header.master_key_len);
> +
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + g_autofree char *old_password = NULL;
> + int rv;
> +
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> +
> + old_password = qcrypto_secret_lookup_as_utf8(opts->old_secret,
> + errp);
> + if (!old_password) {
> + return -1;
> + }
> +
> + rv = qcrypto_block_luks_load_key(block,
> + i,
> + old_password,
> + tmpkey,
> + readfunc,
> + opaque,
> + errp);
> + if (rv == -1) {
> + return -1;
> + } else if (rv == 0) {
> + bitmap_clear(slots_bitmap, i, 1);
> + }
> + }
> + }
> + return 0;
> +}
I'm not really liking this function as a concept. Some of the code
only applies to the "add key" code path, while some of it only
applies to the "erase key" code path.
I'd prefer it if qcrypto_block_luks_erase_keys directly had the
required logic, likewise qcrypto_block_luks_set_keys, and thus
get rid of the bitmap concept entirely. I thin kit'd make the
logic easier to understand.
> +
> +/*
> + * Erase a set of keyslots given in @slots_bitmap
> + */
> +static int qcrypto_block_luks_erase_keys(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + unsigned long *slots_bitmap,
> + bool force,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + long slot_count = bitmap_count_one(slots_bitmap,
> + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + size_t i;
> +
> + /* safety checks */
> + if (!force && slot_count == qcrypto_block_luks_count_active_slots(luks)) {
> + error_setg(errp,
> + "Requested operation will erase all active keyslots"
> + " which will erase all the data in the image"
> + " irreversibly - refusing operation");
> + return -EINVAL;
> + }
> +
> + /* new apply the update */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> + if (qcrypto_block_luks_erase_key(block, i, writefunc, opaque, errp)) {
> + error_append_hint(errp, "Failed to erase keyslot %zu", i);
> + return -EINVAL;
> + }
> + }
> + return 0;
> +}
> +
> +/*
> + * Set a set of keyslots to @master_key encrypted by @new_secret
> + */
> +static int qcrypto_block_luks_set_keys(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + unsigned long *slots_bitmap,
> + uint8_t *master_key,
> + uint64_t iter_time,
> + char *new_secret,
> + bool force,
> + Error **errp)
I'd call this "add_key" instead of "set_keys". I'm also unclear why
we need to support setting a range of keyslots. AFAIK, adding a key
should only ever affect a single keyslot.
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + g_autofree char *new_password = NULL;
> + size_t i;
> +
> + /* safety checks */
> + if (!force) {
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> + if (qcrypto_block_luks_slot_active(luks, i)) {
> + error_setg(errp,
> + "Refusing to overwrite active slot %zu - "
> + "please erase it first", i);
> + return -EINVAL;
> + }
> + }
> + }
> +
> + /* Load the new password */
> + new_password = qcrypto_secret_lookup_as_utf8(new_secret, errp);
> + if (!new_password) {
> + return -EINVAL;
> + }
> +
> + /* Apply the update */
> + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
> + if (!test_bit(i, slots_bitmap)) {
> + continue;
> + }
> + if (qcrypto_block_luks_store_key(block, i, new_password, master_key,
> + iter_time, writefunc, opaque, errp)) {
> + error_append_hint(errp, "Failed to write to keyslot %zu", i);
> + return -EINVAL;
> + }
> + }
> + return 0;
> +}
> +
> +static int
> +qcrypto_block_luks_amend_options(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + QCryptoBlockAmendOptions *options,
> + bool force,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockAmendOptionsLUKS *opts_luks = &options->u.luks;
> + g_autofree uint8_t *master_key = NULL;
> + g_autofree unsigned long *update_bitmap = NULL;
> + char *unlock_secret = NULL;
> + long slot_count;
> +
> + unlock_secret = opts_luks->has_unlock_secret ? opts_luks->unlock_secret :
> + luks->secret;
> +
> + /* Retrieve set of slots that we need to update */
> + update_bitmap = bitmap_new(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + if (qcrypto_block_luks_get_update_bitmap(block, readfunc, opaque, opts_luks,
> + update_bitmap, errp) != 0) {
> + return -1;
> + }
> +
> + slot_count = bitmap_count_one(update_bitmap,
> + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> +
> + /* no matching slots, so nothing to do */
> + if (slot_count == 0) {
> + error_setg(errp, "Requested operation didn't match any slots");
> + return -1;
> + }
> +
> + if (opts_luks->state == LUKS_KEYSLOT_STATE_ACTIVE) {
> +
> + uint64_t iter_time = opts_luks->has_iter_time ?
> + opts_luks->iter_time :
> + QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
> +
> + if (!opts_luks->has_new_secret) {
> + error_setg(errp, "'new-secret' is required to activate a keyslot");
> + return -EINVAL;
return -1, we shouldn't return errno values in luks code in general
as we use Error **errp.
> + }
> + if (opts_luks->has_old_secret) {
> + error_setg(errp,
> + "'old-secret' must not be given when activating keyslots");
> + return -EINVAL;
> + }
> +
> + /* Locate the password that will be used to retrieve the master key */
> + g_autofree char *old_password;
> + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
> + if (!old_password) {
> + return -EINVAL;
> + }
> +
> + /* Try to retrieve the master key */
> + master_key = g_new0(uint8_t, luks->header.master_key_len);
> + if (qcrypto_block_luks_find_key(block, old_password, master_key,
> + readfunc, opaque, errp) < 0) {
> + error_append_hint(errp, "Failed to retrieve the master key");
> + return -EINVAL;
> + }
> +
> + /* Now set the new keyslots */
> + if (qcrypto_block_luks_set_keys(block, readfunc, writefunc,
> + opaque, update_bitmap, master_key,
> + iter_time,
> + opts_luks->new_secret,
> + force, errp) != 0) {
> + return -1;
> + }
> + } else {
> + if (opts_luks->has_new_secret) {
> + error_setg(errp,
> + "'new-secret' must not be given when erasing keyslots");
> + return -EINVAL;
> + }
> + if (opts_luks->has_iter_time) {
> + error_setg(errp,
> + "'iter-time' must not be given when erasing keyslots");
> + return -EINVAL;
> + }
> + if (opts_luks->has_unlock_secret) {
> + error_setg(errp,
> + "'unlock_secret' must not be given when erasing keyslots");
> + return -EINVAL;
> + }
> +
> + if (qcrypto_block_luks_erase_keys(block, readfunc, writefunc,
> + opaque, update_bitmap, force,
> + errp) != 0) {
> + return -1;
> + }
> + }
> + return 0;
> +}
>
> static int qcrypto_block_luks_get_info(QCryptoBlock *block,
> QCryptoBlockInfo *info,
> @@ -1523,7 +1912,11 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
>
> static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
> {
> - g_free(block->opaque);
> + QCryptoBlockLUKS *luks = block->opaque;
> + if (luks) {
> + g_free(luks->secret);
> + g_free(luks);
> + }
> }
>
>
> @@ -1560,6 +1953,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
> const QCryptoBlockDriver qcrypto_block_driver_luks = {
> .open = qcrypto_block_luks_open,
> .create = qcrypto_block_luks_create,
> + .amend = qcrypto_block_luks_amend_options,
> .get_info = qcrypto_block_luks_get_info,
> .cleanup = qcrypto_block_luks_cleanup,
> .decrypt = qcrypto_block_luks_decrypt,
> diff --git a/qapi/crypto.json b/qapi/crypto.json
> index 3fd0ce177e..fe600fc608 100644
> --- a/qapi/crypto.json
> +++ b/qapi/crypto.json
> @@ -1,6 +1,8 @@
> # -*- Mode: Python -*-
> #
>
> +{ 'include': 'common.json' }
> +
> ##
> # = Cryptography
> ##
> @@ -297,7 +299,6 @@
> 'uuid': 'str',
> 'slots': [ 'QCryptoBlockInfoLUKSSlot' ] }}
>
> -
> ##
> # @QCryptoBlockInfo:
> #
> @@ -310,7 +311,63 @@
> 'discriminator': 'format',
> 'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
>
> +##
> +# @LUKSKeyslotState:
> +#
> +# Defines state of keyslots that are affected by the update
> +#
> +# @active: The slots contain the given password and marked as active
> +# @inactive: The slots are erased (contain garbage) and marked as inactive
> +#
> +# Since: 5.0
> +##
> +{ 'enum': 'LUKSKeyslotState',
> + 'data': [ 'active', 'inactive' ] }
This should be called QCryptoBLockLUKSKeyslotState
> +##
> +# @QCryptoBlockAmendOptionsLUKS:
> +#
> +# This struct defines the update parameters that activate/de-activate set
> +# of keyslots
> +#
> +# @state: the desired state of the keyslots
> +#
> +# @new-secret: The ID of a QCryptoSecret object providing the password to be
> +# written into added active keyslots
> +#
> +# @old-secret: Optional (for deactivation only)
> +# If given will deactive all keyslots that
> +# match password located in QCryptoSecret with this ID
> +#
> +# @iter-time: Optional (for activation only)
> +# Number of milliseconds to spend in
> +# PBKDF passphrase processing for the newly activated keyslot.
> +# Currently defaults to 2000.
> +#
> +# @keyslot: Optional. ID of the keyslot to activate/deactivate.
> +# For keyslot activation, keyslot should not be active already
> +# (this is unsafe to update an active keyslot),
> +# but possible if 'force' parameter is given.
> +# If keyslot is not given, first free keyslot will be written.
> +#
> +# For keyslot deactivation, this parameter specifies the exact
> +# keyslot to deactivate
> +#
> +# @unlock-secret: Optional. The ID of a QCryptoSecret object providing the
> +# password to use to retrive current master key.
> +# Defaults to the same secret that was used to open the image
My inclination would be to just call this "@secret", as it serves the
same purpose as the "@secret" parameter used when opening the image.
> +{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
> + 'data': { 'state': 'LUKSKeyslotState',
> + '*new-secret': 'str',
> + '*old-secret': 'str',
> + '*keyslot': 'int',
> + '*iter-time': 'int',
> + '*unlock-secret': 'str' } }
>
> ##
> # @QCryptoBlockAmendOptions:
> @@ -324,4 +381,4 @@
> 'base': 'QCryptoBlockOptionsBase',
> 'discriminator': 'format',
> 'data': {
> - } }
> + 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2020-04-28 13:21 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-08 15:18 [PATCH v2 00/14] LUKS: encryption slot management using amend interface Maxim Levitsky
2020-03-08 15:18 ` [PATCH v2 01/14] qcrypto/core: add generic infrastructure for crypto options amendment Maxim Levitsky
2020-03-08 15:18 ` [PATCH v2 02/14] qcrypto/luks: implement encryption key management Maxim Levitsky
2020-03-10 10:58 ` Max Reitz
2020-03-10 11:05 ` Maxim Levitsky
2020-03-10 11:59 ` Kevin Wolf
2020-03-10 12:02 ` Maxim Levitsky
2020-03-11 12:55 ` Maxim Levitsky
2020-04-28 13:16 ` Daniel P. Berrangé [this message]
2020-05-03 8:55 ` Maxim Levitsky
2020-05-04 9:18 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 03/14] block/amend: add 'force' option Maxim Levitsky
2020-03-08 15:18 ` [PATCH v2 04/14] block/amend: separate amend and create options for qemu-img Maxim Levitsky
2020-04-28 15:03 ` Daniel P. Berrangé
2020-04-28 15:49 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 05/14] block/amend: refactor qcow2 amend options Maxim Levitsky
2020-04-28 15:51 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 06/14] block/crypto: rename two functions Maxim Levitsky
2020-03-08 15:18 ` [PATCH v2 07/14] block/crypto: implement the encryption key management Maxim Levitsky
2020-04-28 16:15 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 08/14] block/qcow2: extend qemu-img amend interface with crypto options Maxim Levitsky
2020-04-28 16:17 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 09/14] iotests: filter few more luks specific create options Maxim Levitsky
2020-04-28 16:19 ` Daniel P. Berrangé
2020-03-08 15:18 ` [PATCH v2 10/14] iotests: qemu-img tests for luks key management Maxim Levitsky
2020-04-28 16:21 ` Daniel P. Berrangé
2020-03-08 15:19 ` [PATCH v2 11/14] block/core: add generic infrastructure for x-blockdev-amend qmp command Maxim Levitsky
2020-04-28 16:25 ` Daniel P. Berrangé
2020-03-08 15:19 ` [PATCH v2 12/14] block/crypto: implement blockdev-amend Maxim Levitsky
2020-03-08 15:19 ` [PATCH v2 13/14] block/qcow2: " Maxim Levitsky
2020-03-08 15:19 ` [PATCH v2 14/14] iotests: add tests for blockdev-amend Maxim Levitsky
2020-04-28 16:23 ` Daniel P. Berrangé
2020-03-12 11:56 ` [PATCH v2 00/14] LUKS: encryption slot management using amend interface Eric Blake
2020-03-12 14:33 ` Maxim Levitsky
-- strict thread matches above, loose matches on Subject: below --
2020-01-30 17:29 Maxim Levitsky
2020-01-30 17:29 ` [PATCH v2 02/14] qcrypto/luks: implement encryption key management Maxim Levitsky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200428131652.GA1467943@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=jsnow@redhat.com \
--cc=kwolf@redhat.com \
--cc=mlevitsk@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).