QEMU provides the capability to encrypt the migration data stream using
two transport layer security (TLS) authentication schemes: X.509
certificates and pre-shared keys (PSK). Currently, Libvirt only
supports the X.509-based TLS authentication scheme. In TLS X.509
certificates, a set of live migrations utilize a fixed
set of static certificates for encrypted migration. In this
authentication scheme, users require to deploy a certificate authority
and monitor the certificate expiration window. In case certificates
are compromised all the future live migrations are vulnerable.
To resolve this, this patch series introduce the support for pre-shared
key-based authentication scheme. This mechanism relies on symmetric
pre-shared keys (a secret key that is known to both sender and receiver
prior to secure communication) for providing secure transfer of data.
Libvirt solely manages the lifecycle of the ephemeral pre-shared keys,
including, generation, persistent storage, and cleanup. Libvirt
generates the key on the source machine, then transfers it to the
destination machine using the migration cookie. To allow users to
configure the size of the key, Libvirt provides the
migrate_tls_psk_length configuration parameter in qemu.conf.
To avoid introduction of an additional VIR_MIGRATE_* flag, we rely on
existing the VIR_MIGRATE_TLS flag. If the VIR_MIGRATE_TLS flag
is set but the ca-cert.pem file is missing on the source, then we
fallback to using PSK-based authentication scheme during migration.
v2:
1. Libvirt manages the lifecycle of pre-shared keys.
2. Transfer of keys to the destination via the migration cookie
3. Remove the VIR_MIGRATE_TLS_PSK flag instead rely on
VIR_MIGRATE_TLS and availability of ca-cert.pem on source.
4. Drop VIR_MIGRATE_PARAM_TLS_PSK_DIRECTORY, Libvirt solely manages
the pre-shared keys.
Abhisek Panda (6):
conf: Add a configuration param for TLS-PSK
qemu: Manage a pre-shared key's lifecycle
qemu: Add support to build the tls-creds-psk object
qemu: rename tls-creds-x509 obj related functions
qemu: Manage tls-creds-psk object lifecycle
qemu: Set up the migrate TLS-PSK objects
include/libvirt/libvirt-domain.h | 13 +-
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf.in | 8 ++
src/qemu/qemu_alias.c | 19 ++-
src/qemu/qemu_alias.h | 5 +-
src/qemu/qemu_backup.c | 2 +-
src/qemu/qemu_command.c | 28 +++-
src/qemu/qemu_command.h | 7 +
src/qemu/qemu_conf.c | 10 ++
src/qemu/qemu_conf.h | 1 +
src/qemu/qemu_domain.c | 2 +-
src/qemu/qemu_hotplug.c | 124 +++++++++++-----
src/qemu/qemu_hotplug.h | 42 ++++--
src/qemu/qemu_migration.c | 135 ++++++++++++++----
src/qemu/qemu_migration_cookie.c | 125 ++++++++++++++++
src/qemu/qemu_migration_cookie.h | 5 +
src/qemu/qemu_migration_params.c | 109 ++++++++++----
src/qemu/qemu_migration_params.h | 22 ++-
src/qemu/qemu_postparse.c | 2 +-
src/qemu/test_libvirtd_qemu.aug.in | 1 +
tests/qemumigparamsdata/tls-enabled.json | 2 +-
tests/qemumigparamsdata/tls-enabled.reply | 2 +-
tests/qemumigparamsdata/tls-enabled.xml | 2 +-
tests/qemumigparamsdata/tls-hostname.json | 2 +-
tests/qemumigparamsdata/tls-hostname.reply | 2 +-
tests/qemumigparamsdata/tls-hostname.xml | 2 +-
tests/qemumigrationcookiexmltest.c | 12 +-
tests/qemumonitorjsontest.c | 4 +-
tests/qemustatusxml2xmldata/upgrade-out.xml | 2 +-
.../chardev-backends-json.x86_64-9.1.0.args | 8 +-
.../chardev-backends-json.x86_64-latest.args | 8 +-
.../chardev-backends.x86_64-9.1.0.args | 8 +-
.../chardev-backends.x86_64-latest.args | 8 +-
...rk-tlsx509-nbd-hostname.x86_64-latest.args | 6 +-
...isk-network-tlsx509-nbd.x86_64-latest.args | 6 +-
...-tlsx509-chardev-verify.x86_64-latest.args | 4 +-
...ial-tcp-tlsx509-chardev.x86_64-latest.args | 4 +-
...-tlsx509-secret-chardev.x86_64-latest.args | 4 +-
38 files changed, 576 insertions(+), 171 deletions(-)
--
2.43.7