[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v2 02/14] qcrypto/luks: implement encryption key management
|
From: |
Maxim Levitsky |
|
Subject: |
[PATCH v2 02/14] qcrypto/luks: implement encryption key management |
|
Date: |
Thu, 30 Jan 2020 19:29:07 +0200 |
Next few patches will expose that functionality
to the user.
Signed-off-by: Maxim Levitsky <address@hidden>
---
crypto/block-luks.c | 391 +++++++++++++++++++++++++++++++++++++++++++-
qapi/crypto.json | 50 +++++-
2 files changed, 438 insertions(+), 3 deletions(-)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 4861db810c..3a233e5fab 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -32,6 +32,7 @@
#include "qemu/uuid.h"
#include "qemu/coroutine.h"
+#include "qemu/bitmap.h"
/*
* Reference for the LUKS format implemented here is
@@ -70,6 +71,9 @@ typedef struct QCryptoBlockLUKSKeySlot
QCryptoBlockLUKSKeySlot;
#define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
+#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000
+#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
+
static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
'L', 'U', 'K', 'S', 0xBA, 0xBE
};
@@ -219,6 +223,9 @@ struct QCryptoBlockLUKS {
/* Hash algorithm used in pbkdf2 function */
QCryptoHashAlgorithm hash_alg;
+
+ /* Name of the secret that was used to open the image */
+ char *secret;
};
@@ -1069,6 +1076,112 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
return -1;
}
+/*
+ * Returns true if a slot i is marked as active
+ * (contains encrypted copy of the master key)
+ */
+static bool
+qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
+ unsigned int slot_idx)
+{
+ uint32_t val = luks->header.key_slots[slot_idx].active;
+ return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
+}
+
+/*
+ * Returns the number of slots that are marked as active
+ * (slots that contain encrypted copy of the master key)
+ */
+static unsigned int
+qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks)
+{
+ size_t i = 0;
+ unsigned int ret = 0;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ ret++;
+ }
+ }
+ return ret;
+}
+
+/*
+ * Finds first key slot which is not active
+ * Returns the key slot index, or -1 if it doesn't exist
+ */
+static int
+qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks)
+{
+ size_t i;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!qcrypto_block_luks_slot_active(luks, i)) {
+ return i;
+ }
+ }
+ return -1;
+
+}
+
+/*
+ * Erases an keyslot given its index
+ * Returns:
+ * 0 if the keyslot was erased successfully
+ * -1 if a error occurred while erasing the keyslot
+ *
+ */
+static int
+qcrypto_block_luks_erase_key(QCryptoBlock *block,
+ unsigned int slot_idx,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
+ g_autofree uint8_t *garbagesplitkey = NULL;
+ size_t splitkeylen = luks->header.master_key_len * slot->stripes;
+ size_t i;
+
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ assert(splitkeylen > 0);
+
+ garbagesplitkey = g_new0(uint8_t, splitkeylen);
+
+ /* Reset the key slot header */
+ memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
+ slot->iterations = 0;
+ slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
+
+ qcrypto_block_luks_store_header(block, writefunc, opaque, errp);
+
+ /*
+ * Now try to erase the key material, even if the header
+ * update failed
+ */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) {
+ if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) {
+ /*
+ * If we failed to get the random data, still write
+ * at least zeros to the key slot at least once
+ */
+ if (i > 0) {
+ return -1;
+ }
+ }
+
+ if (writefunc(block,
+ slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
+ garbagesplitkey,
+ splitkeylen,
+ opaque,
+ errp) != splitkeylen) {
+ return -1;
+ }
+ }
+ return 0;
+}
static int
qcrypto_block_luks_open(QCryptoBlock *block,
@@ -1099,6 +1212,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
luks = g_new0(QCryptoBlockLUKS, 1);
block->opaque = luks;
+ luks->secret = g_strdup(options->u.luks.key_secret);
if (qcrypto_block_luks_load_header(block, readfunc, opaque, errp) < 0) {
goto fail;
@@ -1164,6 +1278,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
fail:
qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen);
+ g_free(luks->secret);
g_free(luks);
return -1;
}
@@ -1204,7 +1319,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
- luks_opts.iter_time = 2000;
+ luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
}
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
@@ -1244,6 +1359,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
optprefix ? optprefix : "");
goto error;
}
+ luks->secret = g_strdup(options->u.luks.key_secret);
+
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
if (!password) {
goto error;
@@ -1471,10 +1588,275 @@ qcrypto_block_luks_create(QCryptoBlock *block,
qcrypto_block_free_cipher(block);
qcrypto_ivgen_free(block->ivgen);
+ g_free(luks->secret);
g_free(luks);
return -1;
}
+/*
+ * Given LUKSKeyslotUpdate command, set @slots_bitmap with all slots
+ * that will be updated with new password (or erased)
+ * returns 0 on success, and -1 on failure
+ */
+static int qcrypto_block_luks_get_slots_bitmap(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ void *opaque,
+ const LUKSKeyslotUpdate
*command,
+ unsigned long *slots_bitmap,
+ Error **errp)
+{
+ const QCryptoBlockLUKS *luks = block->opaque;
+ size_t i;
+
+ bitmap_zero(slots_bitmap, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+
+ if (command->has_keyslot) {
+ /* keyslot set, select only this keyslot */
+ int keyslot = command->keyslot;
+
+ if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
+ error_setg(errp,
+ "Invalid slot %u specified, must be between 0 and %u",
+ keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1);
+ return -1;
+ }
+ bitmap_set(slots_bitmap, keyslot, 1);
+
+ } else if (command->has_old_secret) {
+ /* initially select all active keyslots */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ bitmap_set(slots_bitmap, i, 1);
+ }
+ }
+ } else {
+ /* find a free keyslot */
+ int slot = qcrypto_block_luks_find_free_keyslot(luks);
+
+ if (slot == -1) {
+ error_setg(errp,
+ "Can't add a keyslot - all key slots are in use");
+ return -1;
+ }
+ bitmap_set(slots_bitmap, slot, 1);
+ }
+
+ if (command->has_old_secret) {
+ /* now deselect all keyslots that don't contain the password */
+ g_autofree uint8_t *tmpkey = g_new0(uint8_t,
+ luks->header.master_key_len);
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ g_autofree char *old_password = NULL;
+ int rv;
+
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+
+ old_password = qcrypto_secret_lookup_as_utf8(command->old_secret,
+ errp);
+ if (!old_password) {
+ return -1;
+ }
+
+ rv = qcrypto_block_luks_load_key(block,
+ i,
+ old_password,
+ tmpkey,
+ readfunc,
+ opaque,
+ errp);
+ if (rv == -1) {
+ return -1;
+ } else if (rv == 0) {
+ bitmap_clear(slots_bitmap, i, 1);
+ }
+ }
+ }
+ return 0;
+}
+
+/*
+ * Erase a set of keyslots given in @slots_bitmap
+ */
+static int qcrypto_block_luks_erase_keys(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ unsigned long *slots_bitmap,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ long slot_count = bitmap_count_one(slots_bitmap,
+ QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ size_t i;
+
+ /* safety checks */
+ if (!force && slot_count == qcrypto_block_luks_count_active_slots(luks)) {
+ error_setg(errp,
+ "Requested operation will erase all active keyslots"
+ " which will erase all the data in the image"
+ " irreversibly - refusing operation");
+ return -EINVAL;
+ }
+
+ /* new apply the update */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_erase_key(block, i, writefunc, opaque, errp)) {
+ error_append_hint(errp, "Failed to erase keyslot %zu", i);
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
+/*
+ * Set a set of keyslots to @master_key encrypted by @new_secret
+ */
+static int qcrypto_block_luks_set_keys(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ unsigned long *slots_bitmap,
+ uint8_t *master_key,
+ uint64_t iter_time,
+ char *new_secret,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ g_autofree char *new_password = NULL;
+ size_t i;
+
+ /* safety checks */
+ if (!force) {
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ error_setg(errp,
+ "Refusing to overwrite active slot %zu - "
+ "please erase it first", i);
+ return -EINVAL;
+ }
+ }
+ }
+
+ /* Load the new password */
+ new_password = qcrypto_secret_lookup_as_utf8(new_secret, errp);
+ if (!new_password) {
+ return -EINVAL;
+ }
+
+ /* Apply the update */
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!test_bit(i, slots_bitmap)) {
+ continue;
+ }
+ if (qcrypto_block_luks_store_key(block, i, new_password, master_key,
+ iter_time, writefunc, opaque, errp)) {
+ error_append_hint(errp, "Failed to write to keyslot %zu", i);
+ return -EINVAL;
+ }
+ }
+ return 0;
+}
+
+static int
+qcrypto_block_luks_amend_options(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ QCryptoBlockAmendOptions *options,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockAmendOptionsLUKS *options_luks = &options->u.luks;
+ LUKSKeyslotUpdateList *ptr;
+ g_autofree uint8_t *master_key = NULL;
+ g_autofree unsigned long *slots_bitmap = NULL;
+
+ char *unlock_secret = options_luks->has_unlock_secret ?
+ options_luks->unlock_secret :
+ luks->secret;
+
+ slots_bitmap = bitmap_new(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+
+ for (ptr = options_luks->keys; ptr; ptr = ptr->next) {
+
+ LUKSKeyslotUpdate *command = ptr->value;
+ long slot_count;
+ bool erasing;
+
+ /* Retrieve set of slots that we need to update */
+ if (qcrypto_block_luks_get_slots_bitmap(block, readfunc, opaque,
+ command, slots_bitmap,
+ errp) != 0) {
+ return -1;
+ }
+
+ slot_count = bitmap_count_one(slots_bitmap,
+ QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+
+ /* no matching slots, so nothing to do */
+ if (slot_count == 0) {
+ error_setg(errp, "Requested operation didn't match any slots");
+ return -1;
+ }
+
+ /*
+ * slot is erased when the password is set to null, or empty string
+ * (for compatibility with command line)
+ */
+
+ erasing = command->new_secret->type == QTYPE_QNULL ||
+ strlen(command->new_secret->u.s) == 0;
+
+ /* Load the master key if it wasn't already loaded */
+ if (!erasing && !master_key) {
+ g_autofree char *old_password;
+ old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
+ if (!old_password) {
+ return -EINVAL;
+ }
+ master_key = g_new0(uint8_t, luks->header.master_key_len);
+
+ if (qcrypto_block_luks_find_key(block, old_password, master_key,
+ readfunc, opaque, errp) < 0) {
+ error_append_hint(errp, "Failed to retrieve the master key");
+ return -EINVAL;
+ }
+ }
+
+ /* Apply the update*/
+ if (erasing) {
+ if (qcrypto_block_luks_erase_keys(block, readfunc, writefunc,
+ opaque, slots_bitmap, force,
+ errp) != 0) {
+ return -1;
+ }
+ } else {
+ uint64_t iter_time = command->has_iter_time ? command->iter_time :
+ QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS;
+
+ if (qcrypto_block_luks_set_keys(block, readfunc, writefunc,
+ opaque, slots_bitmap, master_key,
+ iter_time,
+ command->new_secret->u.s,
+ force, errp) != 0) {
+ return -1;
+ }
+ }
+ }
+ return 0;
+}
static int qcrypto_block_luks_get_info(QCryptoBlock *block,
QCryptoBlockInfo *info,
@@ -1523,7 +1905,11 @@ static int qcrypto_block_luks_get_info(QCryptoBlock
*block,
static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
{
- g_free(block->opaque);
+ QCryptoBlockLUKS *luks = block->opaque;
+ if (luks) {
+ g_free(luks->secret);
+ g_free(luks);
+ }
}
@@ -1560,6 +1946,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
const QCryptoBlockDriver qcrypto_block_driver_luks = {
.open = qcrypto_block_luks_open,
.create = qcrypto_block_luks_create,
+ .amend = qcrypto_block_luks_amend_options,
.get_info = qcrypto_block_luks_get_info,
.cleanup = qcrypto_block_luks_cleanup,
.decrypt = qcrypto_block_luks_decrypt,
diff --git a/qapi/crypto.json b/qapi/crypto.json
index 3fd0ce177e..48c6635318 100644
--- a/qapi/crypto.json
+++ b/qapi/crypto.json
@@ -1,6 +1,8 @@
# -*- Mode: Python -*-
#
+{ 'include': 'common.json' }
+
##
# = Cryptography
##
@@ -310,6 +312,52 @@
'discriminator': 'format',
'data': { 'luks': 'QCryptoBlockInfoLUKS' } }
+##
+# @LUKSKeyslotUpdate:
+#
+# @keyslot: If specified, will update only keyslot with this index
+#
+# @old-secret: If specified, will only update keyslots that
+# can be opened with password which is contained in
+# QCryptoSecret with @old-secret ID
+#
+# If neither @keyslot nor @old-secret is specified,
+# first empty keyslot is selected for the update
+#
+# @new-secret: The ID of a QCryptoSecret object providing a new decryption
+# key to place in all matching keyslots.
+# null/empty string erases all matching keyslots unless
+# last valid keyslot is erased.
+#
+# @iter-time: number of milliseconds to spend in
+# PBKDF passphrase processing
+# Since: 5.0
+##
+{ 'struct': 'LUKSKeyslotUpdate',
+ 'data': {
+ '*keyslot': 'int',
+ '*old-secret': 'str',
+ 'new-secret' : 'StrOrNull',
+ '*iter-time' : 'int' } }
+
+
+##
+# @QCryptoBlockAmendOptionsLUKS:
+#
+# The options that can be changed on existing luks encrypted device
+# @keys: list of keyslot updates to perform
+# (updates are performed in order)
+# @unlock-secret: use this secret to retrieve the current master key
+# if not given will use the same secret as one
+# that was used to open the image
+#
+# Since: 5.0
+##
+{ 'struct': 'QCryptoBlockAmendOptionsLUKS',
+ 'data' : {
+ 'keys': ['LUKSKeyslotUpdate'],
+ '*unlock-secret' : 'str' } }
+
##
@@ -324,4 +372,4 @@
'base': 'QCryptoBlockOptionsBase',
'discriminator': 'format',
'data': {
- } }
+ 'luks': 'QCryptoBlockAmendOptionsLUKS' } }
--
2.17.2
- [PATCH v2 00/14] LUKS: encryption slot management using amend interface, Maxim Levitsky, 2020/01/30
- [PATCH v2 01/14] qcrypto/core: add generic infrastructure for crypto options amendment, Maxim Levitsky, 2020/01/30
- [PATCH v2 04/14] block/amend: separate amend and create options for qemu-img, Maxim Levitsky, 2020/01/30
- [PATCH v2 03/14] block/amend: add 'force' option, Maxim Levitsky, 2020/01/30
- [PATCH v2 02/14] qcrypto/luks: implement encryption key management,
Maxim Levitsky <=
- [PATCH v2 06/14] block/crypto: rename two functions, Maxim Levitsky, 2020/01/30
- [PATCH v2 07/14] block/crypto: implement the encryption key management, Maxim Levitsky, 2020/01/30
- [PATCH v2 09/14] iotests: filter few more luks specific create options, Maxim Levitsky, 2020/01/30
- [PATCH v2 08/14] block/qcow2: extend qemu-img amend interface with crypto options, Maxim Levitsky, 2020/01/30
- [PATCH v2 11/14] block/core: add generic infrastructure for x-blockdev-amend qmp command, Maxim Levitsky, 2020/01/30
- [PATCH v2 10/14] iotests: qemu-img tests for luks key management, Maxim Levitsky, 2020/01/30
- [PATCH v2 05/14] block/amend: refactor qcow2 amend options, Maxim Levitsky, 2020/01/30
- [PATCH v2 12/14] block/crypto: implement blockdev-amend, Maxim Levitsky, 2020/01/30
- [PATCH v2 13/14] block/qcow2: implement blockdev-amend, Maxim Levitsky, 2020/01/30
- [PATCH v2 14/14] iotests: add tests for blockdev-amend, Maxim Levitsky, 2020/01/30