From patchwork Tue Jan 14 19:33:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Levitsky X-Patchwork-Id: 11332843 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CB42C13B4 for ; Tue, 14 Jan 2020 19:41:54 +0000 (UTC) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 900FF24655 for ; Tue, 14 Jan 2020 19:41:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="iEfTwy1R" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 900FF24655 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Received: from localhost ([::1]:45222 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1irS4X-0003qx-AC for patchwork-qemu-devel@patchwork.kernel.org; Tue, 14 Jan 2020 14:41:53 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:38298) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1irRy9-0002vG-VJ for qemu-devel@nongnu.org; Tue, 14 Jan 2020 14:35:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1irRy6-0007PP-0P for qemu-devel@nongnu.org; Tue, 14 Jan 2020 14:35:17 -0500 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:30032 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1irRy5-0007P5-LV for qemu-devel@nongnu.org; Tue, 14 Jan 2020 14:35:13 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1579030513; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=bI2puMl27MjuC4RNrwvEo4Az2aJ/mxAOHmSpojj8B/M=; b=iEfTwy1RlpqOKjJPfsm9q0IWKSJQY3hr+JdwX7LehiuoYeTc3zqnuaQEoEaGFJeBLU/mhb xThS6EdKQgrLlBceG4zvUDowvrZBIRidKyBzriw/EYv6zAG1IfLOS7+0nMld6Aj3/tZgjG o4lKzryf6KMqZrwPs9xV8gi5vPG3XVk= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-201-bx9LcapiOTifA2CwGrBZ7g-1; Tue, 14 Jan 2020 14:34:04 -0500 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 13EC5DC22; Tue, 14 Jan 2020 19:34:03 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.41]) by smtp.corp.redhat.com (Postfix) with ESMTP id 98E6D7C83A; Tue, 14 Jan 2020 19:34:00 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Subject: [PATCH 02/13] qcrypto-luks: implement encryption key management Date: Tue, 14 Jan 2020 21:33:39 +0200 Message-Id: <20200114193350.10830-3-mlevitsk@redhat.com> In-Reply-To: <20200114193350.10830-1-mlevitsk@redhat.com> References: <20200114193350.10830-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-MC-Unique: bx9LcapiOTifA2CwGrBZ7g-1 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 205.139.110.120 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" Next few patches will expose that functionality to the user. Signed-off-by: Maxim Levitsky --- crypto/block-luks.c | 374 +++++++++++++++++++++++++++++++++++++++++++- qapi/crypto.json | 50 +++++- 2 files changed, 421 insertions(+), 3 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 4861db810c..349e95fed3 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -32,6 +32,7 @@ #include "qemu/uuid.h" #include "qemu/coroutine.h" +#include "qemu/bitmap.h" /* * Reference for the LUKS format implemented here is @@ -70,6 +71,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot; #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000 +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40 + static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = { 'L', 'U', 'K', 'S', 0xBA, 0xBE }; @@ -219,6 +223,9 @@ struct QCryptoBlockLUKS { /* Hash algorithm used in pbkdf2 function */ QCryptoHashAlgorithm hash_alg; + + /* Name of the secret that was used to open the image */ + char *secret; }; @@ -1069,6 +1076,112 @@ qcrypto_block_luks_find_key(QCryptoBlock *block, return -1; } +/* + * Returns true if a slot i is marked as active + * (contains encrypted copy of the master key) + */ +static bool +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks, + unsigned int slot_idx) +{ + uint32_t val = luks->header.key_slots[slot_idx].active; + return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; +} + +/* + * Returns the number of slots that are marked as active + * (slots that contain encrypted copy of the master key) + */ +static unsigned int +qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks) +{ + size_t i = 0; + unsigned int ret = 0; + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (qcrypto_block_luks_slot_active(luks, i)) { + ret++; + } + } + return ret; +} + +/* + * Finds first key slot which is not active + * Returns the key slot index, or -1 if it doesn't exist + */ +static int +qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks) +{ + size_t i; + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (!qcrypto_block_luks_slot_active(luks, i)) { + return i; + } + } + return -1; + +} + +/* + * Erases an keyslot given its index + * Returns: + * 0 if the keyslot was erased successfully + * -1 if a error occurred while erasing the keyslot + * + */ +static int +qcrypto_block_luks_erase_key(QCryptoBlock *block, + unsigned int slot_idx, + QCryptoBlockWriteFunc writefunc, + void *opaque, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx]; + g_autofree uint8_t *garbagesplitkey = NULL; + size_t splitkeylen = luks->header.master_key_len * slot->stripes; + size_t i; + + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS); + assert(splitkeylen > 0); + + garbagesplitkey = g_new0(uint8_t, splitkeylen); + + /* Reset the key slot header */ + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN); + slot->iterations = 0; + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED; + + qcrypto_block_luks_store_header(block, writefunc, opaque, errp); + + /* + * Now try to erase the key material, even if the header + * update failed + */ + for (i = 0; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS; i++) { + if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) { + /* + * If we failed to get the random data, still write + * at least zeros to the key slot at least once + */ + if (i > 0) { + return -1; + } + } + + if (writefunc(block, + slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE, + garbagesplitkey, + splitkeylen, + opaque, + errp) != splitkeylen) { + return -1; + } + } + return 0; +} static int qcrypto_block_luks_open(QCryptoBlock *block, @@ -1099,6 +1212,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, luks = g_new0(QCryptoBlockLUKS, 1); block->opaque = luks; + luks->secret = g_strdup(options->u.luks.key_secret); if (qcrypto_block_luks_load_header(block, readfunc, opaque, errp) < 0) { goto fail; @@ -1164,6 +1278,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, fail: qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); + g_free(luks->secret); g_free(luks); return -1; } @@ -1204,7 +1319,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { - luks_opts.iter_time = 2000; + luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS; } if (!luks_opts.has_cipher_alg) { luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256; @@ -1244,6 +1359,8 @@ qcrypto_block_luks_create(QCryptoBlock *block, optprefix ? optprefix : ""); goto error; } + luks->secret = g_strdup(options->u.luks.key_secret); + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); if (!password) { goto error; @@ -1471,10 +1588,260 @@ qcrypto_block_luks_create(QCryptoBlock *block, qcrypto_block_free_cipher(block); qcrypto_ivgen_free(block->ivgen); + g_free(luks->secret); g_free(luks); return -1; } +/* + * Given LUKSKeyslotUpdate command, return @slots_bitmap with all slots + * that will be updated with new password (or erased) + * returns number of affected slots + */ +static int qcrypto_block_luks_get_slots_bitmap(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + void *opaque, + const LUKSKeyslotUpdate *command, + unsigned long *slots_bitmap, + Error **errp) +{ + const QCryptoBlockLUKS *luks = block->opaque; + size_t i; + int ret = 0; + + if (command->has_keyslot) { + /* keyslot set, select only this keyslot */ + int keyslot = command->keyslot; + + if (keyslot < 0 || keyslot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) { + error_setg(errp, + "Invalid slot %u specified, must be between 0 and %u", + keyslot, QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS - 1); + goto error; + } + bitmap_set(slots_bitmap, keyslot, 1); + ret++; + + } else if (command->has_old_secret) { + /* initially select all active keyslots */ + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (qcrypto_block_luks_slot_active(luks, i)) { + bitmap_set(slots_bitmap, i, 1); + ret++; + } + } + } else { + /* find a free keyslot */ + int slot = qcrypto_block_luks_find_free_keyslot(luks); + + if (slot == -1) { + error_setg(errp, + "Can't add a keyslot - all key slots are in use"); + goto error; + } + bitmap_set(slots_bitmap, slot, 1); + ret++; + } + + if (command->has_old_secret) { + /* now deselect all keyslots that don't contain the password */ + g_autofree uint8_t *tmpkey = g_new0(uint8_t, + luks->header.master_key_len); + + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + g_autofree char *old_password = NULL; + int rv; + + if (!test_bit(i, slots_bitmap)) { + continue; + } + + old_password = qcrypto_secret_lookup_as_utf8(command->old_secret, + errp); + if (!old_password) { + goto error; + } + + rv = qcrypto_block_luks_load_key(block, + i, + old_password, + tmpkey, + readfunc, + opaque, + errp); + if (rv == -1) + goto error; + else if (rv == 0) { + bitmap_clear(slots_bitmap, i, 1); + ret--; + } + } + } + return ret; +error: + return -1; +} + +/* + * Apply a single keyslot update command as described in @command + * Optionally use @unlock_secret to retrieve the master key + */ +static int +qcrypto_block_luks_apply_keyslot_update(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + LUKSKeyslotUpdate *command, + const char *unlock_secret, + uint8_t **master_key, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + g_autofree unsigned long *slots_bitmap = NULL; + int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS; + int slot_count; + size_t i; + char *new_password; + bool erasing; + + slots_bitmap = bitmap_new(QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS); + slot_count = qcrypto_block_luks_get_slots_bitmap(block, readfunc, opaque, + command, slots_bitmap, + errp); + if (slot_count == -1) { + goto error; + } + /* no matching slots, so nothing to do */ + if (slot_count == 0) { + error_setg(errp, "Requested operation didn't match any slots"); + goto error; + } + /* + * slot is erased when the password is set to null, or empty string + * (for compatibility with command line) + */ + erasing = command->new_secret->type == QTYPE_QNULL || + strlen(command->new_secret->u.s) == 0; + + /* safety checks */ + if (!force) { + if (erasing) { + if (slot_count == qcrypto_block_luks_count_active_slots(luks)) { + error_setg(errp, + "Requested operation will erase all active keyslots" + " which will erase all the data in the image" + " irreversibly - refusing operation"); + goto error; + } + } else { + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (!test_bit(i, slots_bitmap)) { + continue; + } + if (qcrypto_block_luks_slot_active(luks, i)) { + error_setg(errp, + "Refusing to overwrite active slot %zu - " + "please erase it first", i); + goto error; + } + } + } + } + + /* setup the data needed for storing the new keyslot */ + if (!erasing) { + /* Load the master key if it wasn't already loaded */ + if (!*master_key) { + g_autofree char *old_password; + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp); + if (!old_password) { + goto error; + } + *master_key = g_new0(uint8_t, luks->header.master_key_len); + + if (qcrypto_block_luks_find_key(block, old_password, *master_key, + readfunc, opaque, errp) < 0) { + error_append_hint(errp, "Failed to retrieve the master key"); + goto error; + } + } + new_password = qcrypto_secret_lookup_as_utf8(command->new_secret->u.s, + errp); + if (!new_password) { + goto error; + } + if (command->has_iter_time) { + iter_time = command->iter_time; + } + } + + /* new apply the update */ + for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (!test_bit(i, slots_bitmap)) { + continue; + } + if (erasing) { + if (qcrypto_block_luks_erase_key(block, i, + writefunc, + opaque, + errp)) { + error_append_hint(errp, "Failed to erase keyslot %zu", i); + goto error; + } + } else { + if (qcrypto_block_luks_store_key(block, i, + new_password, + *master_key, + iter_time, + writefunc, + opaque, + errp)) { + error_append_hint(errp, "Failed to write to keyslot %zu", i); + goto error; + } + } + } + return 0; +error: + return -EINVAL; +} + +static int +qcrypto_block_luks_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockAmendOptions *options, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks = block->opaque; + QCryptoBlockAmendOptionsLUKS *options_luks = &options->u.luks; + LUKSKeyslotUpdateList *ptr; + g_autofree uint8_t *master_key = NULL; + int ret; + + char *unlock_secret = options_luks->has_unlock_secret ? + options_luks->unlock_secret : + luks->secret; + + for (ptr = options_luks->keys; ptr; ptr = ptr->next) { + ret = qcrypto_block_luks_apply_keyslot_update(block, readfunc, + writefunc, opaque, + ptr->value, + unlock_secret, + &master_key, + force, errp); + + if (ret != 0) { + goto error; + } + } + return 0; +error: + return -1; +} static int qcrypto_block_luks_get_info(QCryptoBlock *block, QCryptoBlockInfo *info, @@ -1523,7 +1890,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block, static void qcrypto_block_luks_cleanup(QCryptoBlock *block) { - g_free(block->opaque); + QCryptoBlockLUKS *luks = block->opaque; + g_free(luks->secret); + g_free(luks); } @@ -1560,6 +1929,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, const QCryptoBlockDriver qcrypto_block_driver_luks = { .open = qcrypto_block_luks_open, .create = qcrypto_block_luks_create, + .amend = qcrypto_block_luks_amend_options, .get_info = qcrypto_block_luks_get_info, .cleanup = qcrypto_block_luks_cleanup, .decrypt = qcrypto_block_luks_decrypt, diff --git a/qapi/crypto.json b/qapi/crypto.json index 9faebd03d4..e83847c71e 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -1,6 +1,8 @@ # -*- Mode: Python -*- # +{ 'include': 'common.json' } + ## # = Cryptography ## @@ -310,6 +312,52 @@ 'discriminator': 'format', 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } +## +# @LUKSKeyslotUpdate: +# +# @keyslot: If specified, will update only keyslot with this index +# +# @old-secret: If specified, will only update keyslots that +# can be opened with password which is contained in +# QCryptoSecret with @old-secret ID +# +# If neither @keyslot nor @old-secret is specified, +# first empty keyslot is selected for the update +# +# @new-secret: The ID of a QCryptoSecret object providing a new decryption +# key to place in all matching keyslots. +# null/empty string erases all matching keyslots unless +# last valid keyslot is erased. +# +# @iter-time: number of milliseconds to spend in +# PBKDF passphrase processing +# Since: 5.0 +## +{ 'struct': 'LUKSKeyslotUpdate', + 'data': { + '*keyslot': 'int', + '*old-secret': 'str', + 'new-secret' : 'StrOrNull', + '*iter-time' : 'int' } } + + +## +# @QCryptoBlockAmendOptionsLUKS: +# +# The options that can be changed on existing luks encrypted device +# @keys: list of keyslot updates to perform +# (updates are performed in order) +# @unlock-secret: use this secret to retrieve the current master key +# if not given will use the same secret as one +# that was used to open the image +# +# Since: 5.0 +## +{ 'struct': 'QCryptoBlockAmendOptionsLUKS', + 'data' : { + 'keys': ['LUKSKeyslotUpdate'], + '*unlock-secret' : 'str' } } + ## @@ -324,4 +372,4 @@ 'base': 'QCryptoBlockOptionsBase', 'discriminator': 'format', 'data': { - } } + 'luks': 'QCryptoBlockAmendOptionsLUKS' } }