Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
---
crypto/block-luks.c | 366 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 364 insertions(+), 2 deletions(-)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index ba20d55246..21325fbc79 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -70,6 +70,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
#define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
+#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME 2000
+#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
+
static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
'L', 'U', 'K', 'S', 0xBA, 0xBE
};
@@ -219,6 +222,9 @@ struct QCryptoBlockLUKS {
/* Hash algorithm used in pbkdf2 function */
QCryptoHashAlgorithm hash_alg;
+
+ /* Name of the secret that was used to open the image */
+ char *secret;
};
@@ -1089,6 +1095,175 @@ qcrypto_block_luks_find_key(QCryptoBlock *block,
}
+
+/*
+ * Returns true if a slot i is marked as active
+ * (contains encrypted copy of the master key)
+ */
+
+static bool
+qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
+ unsigned int slot_idx)
+{
+ uint32_t val = luks->header.key_slots[slot_idx].active;
+ return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
+}
+
+/*
+ * Returns the number of slots that are marked as active
+ * (contains encrypted copy of the master key)
+ */
+
+static unsigned int
+qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks)
+{
+ size_t i = 0;
+ unsigned int ret = 0;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (qcrypto_block_luks_slot_active(luks, i)) {
+ ret++;
+ }
+ }
+ return ret;
+}
+
+
+/*
+ * Finds first key slot which is not active
+ * Returns the key slot index, or -1 if doesn't exist
+ */
+
+static int
+qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks)
+{
+ size_t i;
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+ if (!qcrypto_block_luks_slot_active(luks, i)) {
+ return i;
+ }
+ }
+ return -1;
+
+}
+
+/*
+ * Erases an keyslot given its index
+ * Returns:
+ * 0 if the keyslot was erased successfully
+ * -1 if a error occurred while erasing the keyslot
+ *
+ */
+
+static int
+qcrypto_block_luks_erase_key(QCryptoBlock *block,
+ unsigned int slot_idx,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
+ g_autofree uint8_t *garbagesplitkey = NULL;
+ size_t splitkeylen = luks->header.master_key_len * slot->stripes;
+ size_t i;
+
+ assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
+ assert(splitkeylen > 0);
+
+ garbagesplitkey = g_malloc0(splitkeylen);
+
+ /* Reset the key slot header */
+ memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
+ slot->iterations = 0;
+ slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
+
+ qcrypto_block_luks_store_header(block, writefunc, opaque, errp);
+
+ /*
+ * Now try to erase the key material, even if the header
+ * update failed
+ */
+
+ for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS ; i++) {
+ if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) {
+ /*
+ * If we failed to get the random data, still write
+ * at least zeros to the key slot at least once
+ */
+
+ if (i > 0) {
+ return -1;
+ }
+ }
+
+ if (writefunc(block,
+ slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_SIZE,
+ garbagesplitkey,
+ splitkeylen,
+ opaque,
+ errp) != splitkeylen) {
+ return -1;
+ }
+ }
+ return 0;
+}
+
+
+/*
+ * Erase all the keys that match the given password
+ * Will stop when only one keyslot is remaining
+ * Returns number of slots that were erased or -1 on failure
+ */
+
+static int
+qcrypto_block_luks_erase_matching_keys(QCryptoBlock *block,
+ const char *password,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ size_t i;
+ int rv;
+ g_autofree uint8_t *masterkey = NULL;
+ unsigned int erased_cnt = 0;
+ unsigned int active_slot_cnt = qcrypto_block_luks_count_active_slots(luks);
+
+ masterkey = g_new0(uint8_t, luks->header.master_key_len);
+
+ for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
+
+ /* refuse to erase last key if not forced */
+ if (!force && active_slot_cnt == 1) {
+ break;
+ }
+
+ rv = qcrypto_block_luks_load_key(block, i, password, masterkey,
+ readfunc, opaque, errp);
+ if (rv < 0) {
+ return -1;
+ }
+ if (rv == 0) {
+ continue;
+ }
+
+ rv = qcrypto_block_luks_erase_key(block, i, writefunc, opaque, errp);
+ if (rv < 0) {
+ return -1;
+ }
+
+ erased_cnt++;
+ active_slot_cnt--;
+ }
+
+ return erased_cnt;
+}
+
+
static int
qcrypto_block_luks_open(QCryptoBlock *block,
QCryptoBlockOpenOptions *options,
@@ -1119,6 +1294,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
luks = g_new0(QCryptoBlockLUKS, 1);
block->opaque = luks;
+ luks->secret = g_strdup(options->u.luks.key_secret);
ret = qcrypto_block_luks_load_header(block, readfunc, opaque, errp);
if (ret) {
@@ -1234,7 +1410,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
- luks_opts.iter_time = 2000;
+ luks_opts.iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME;
}
if (!luks_opts.has_cipher_alg) {
luks_opts.cipher_alg = QCRYPTO_CIPHER_ALG_AES_256;
@@ -1292,6 +1468,8 @@ qcrypto_block_luks_create(QCryptoBlock *block,
optprefix ? optprefix : "");
goto error;
}
+ luks->secret = g_strdup(options->u.luks.key_secret);
+
password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
if (!password) {
goto error;
@@ -1522,6 +1700,187 @@ qcrypto_block_luks_create(QCryptoBlock *block,
}
+#define CHECK_NON_AMEND_OPTION(luks, luks_opts, name) \
+ if (luks_opts.has_##name && luks_opts.name != luks->name) { \
+ error_setg(errp, "Option \"" #name "\" can't be amended"); \
+ goto cleanup; \
+ }
+
+static int
+qcrypto_block_luks_amend_options(QCryptoBlock *block,
+ QCryptoBlockReadFunc readfunc,
+ QCryptoBlockWriteFunc writefunc,
+ void *opaque,
+ QCryptoBlockCreateOptions *options,
+ bool force,
+ Error **errp)
+{
+ QCryptoBlockLUKS *luks = block->opaque;
+ QCryptoBlockCreateOptionsLUKS luks_opts;
+ g_autofree char *old_password = NULL;
+ g_autofree char *password = NULL;
+ const char *unlock_secret = luks->secret;
+ g_autofree uint8_t *masterkey = NULL;
+ int slot = -1;
+ int ret = -1;
+ bool active = true;
+ int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME;
+
+ memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
+
+ CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_alg);
+ CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_mode);
+ CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_alg);
+ CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_hash_alg);
+ CHECK_NON_AMEND_OPTION(luks, luks_opts, hash_alg);
+
+ /* Read given slot and check it */
+ if (luks_opts.has_slot) {
+ slot = luks_opts.slot;
+ if (slot < 0 || slot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
+ error_setg(errp,
+ "Given key slot %i is not supported by LUKS", slot);
+ goto cleanup;
+ }
+ }
+
+ if (luks_opts.has_iter_time) {
+ iter_time = luks_opts.iter_time;
+ }
+
+ if (luks_opts.has_active && luks_opts.active == false) {
+ active = false;
+ }
+
+ if (active) {
+
+ /* Check that we are not overwriting an active slot */
+ if (!force && slot != -1 &&
+ qcrypto_block_luks_slot_active(luks, slot)) {
+
+ error_setg(errp, "Can't update an active key slot %i",
+ slot);
+ goto cleanup;
+ }
+
+ /* check that we have the passwords*/
+ if (!luks_opts.has_key_secret) {
+ error_setg(errp, "Can't add a key slot without a password");
+ goto cleanup;
+ }
+
+ if (luks_opts.has_unlock_secret) {
+ unlock_secret = luks_opts.unlock_secret;
+ }
+
+ /* Read the old password */
+ old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
+ if (!old_password) {
+ goto cleanup;
+ }
+
+ masterkey = g_new0(uint8_t, luks->header.master_key_len);
+
+ /* Retrieve the master key*/
+ if (qcrypto_block_luks_find_key(block, old_password, masterkey,
+ readfunc, opaque,
+ errp) < 0) {
+ error_append_hint(errp,
+ "unlock secret, doesn't unlock the image");
+ goto cleanup;
+ }
+
+ /* Read the new password*/
+ password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
+ if (!password) {
+ goto cleanup;
+ }
+
+ /* Find the new slot to write to */
+ if (slot == -1) {
+ slot = qcrypto_block_luks_find_free_keyslot(luks);
+
+ if (slot == -1) {
+ error_setg(errp,
+ "Can't add a keyslot - all key slots are in use");
+ goto cleanup;
+
+ }
+ }
+
+ /* Store the master key to the new slot */
+ if (qcrypto_block_luks_store_key(block, slot, password, masterkey,
+ iter_time, writefunc, opaque,
+ errp)) {
+
+ error_append_hint(errp, "Failed to store the keyslot %i", slot);
+ goto cleanup;
+ }
+
+ } else {
+
+ /* Check that we are not erasing last key slot */
+ if (qcrypto_block_luks_count_active_slots(luks) <= 1) {
+
+ if (!force) {
+ error_setg(errp, "Only one slot active - can't erase");
+ goto cleanup;
+ }
+ }
+
+ if (slot != -1) {
+ /* Check that we are not erasing an inactive slot */
+ if (!qcrypto_block_luks_slot_active(luks, luks_opts.slot)) {
+ if (!force) {
+ error_setg(errp, "Can't erase an inactive key slot %i",
+ slot);
+ goto cleanup;
+ }
+ }
+
+ /* Erase the given slot */
+ if (qcrypto_block_luks_erase_key(block, slot,
+ writefunc, opaque, errp)) {
+ goto cleanup;
+ }
+
+ } else {
+ if (!luks_opts.has_key_secret) {
+ error_setg(errp,
+ "To erase a keyslot you have to specify either the"
+ "slot index or a password "
+ "(to erase all slots that match it)");
+ goto cleanup;
+ }
+
+ password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret,
+ errp);
+ if (!password) {
+ goto cleanup;
+ }
+
+ ret = qcrypto_block_luks_erase_matching_keys(block, password,
+ readfunc, writefunc,
+ opaque, force, errp);
+ if (ret == 0) {
+ error_setg(errp,
+ "Didn't erase a keyslot, because no keyslots match"
+ " the given password");
+ ret = -EINVAL;
+ goto cleanup;
+ }
+
+ if (ret < 0) {
+ goto cleanup;
+ }
+ }
+ }
+ ret = 0;
+cleanup:
+ return ret;
+}
+
+
static int qcrypto_block_luks_get_info(QCryptoBlock *block,
QCryptoBlockInfo *info,
Error **errp)
@@ -1569,7 +1928,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
{
- g_free(block->opaque);
+ QCryptoBlockLUKS *luks = block->opaque;
+ g_free(luks->secret);
+ g_free(luks);
}
@@ -1606,6 +1967,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
const QCryptoBlockDriver qcrypto_block_driver_luks = {
.open = qcrypto_block_luks_open,
.create = qcrypto_block_luks_create,
+ .amend = qcrypto_block_luks_amend_options,
.get_info = qcrypto_block_luks_get_info,
.cleanup = qcrypto_block_luks_cleanup,
.decrypt = qcrypto_block_luks_decrypt,
--
2.17.2
On Fri, Aug 30, 2019 at 11:56:01PM +0300, Maxim Levitsky wrote:
> Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> ---
> crypto/block-luks.c | 366 +++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 364 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index ba20d55246..21325fbc79 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -70,6 +70,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
>
> #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
>
> +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME 2000
Perhaps use ITER_TIME_MS to make it clear it is millisecs
> +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
> +
> static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
> 'L', 'U', 'K', 'S', 0xBA, 0xBE
> };
> @@ -219,6 +222,9 @@ struct QCryptoBlockLUKS {
>
> /* Hash algorithm used in pbkdf2 function */
> QCryptoHashAlgorithm hash_alg;
> +
> + /* Name of the secret that was used to open the image */
> + char *secret;
> +
> +/*
> + * Returns true if a slot i is marked as active
> + * (contains encrypted copy of the master key)
> + */
> +
> +static bool
No blank line is wanted between the comment & function.
Likewise for the rest of this patch series
> +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
> + unsigned int slot_idx)
> +{
> + uint32_t val = luks->header.key_slots[slot_idx].active;
> + return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
> +}
> +static int
> +qcrypto_block_luks_erase_key(QCryptoBlock *block,
> + unsigned int slot_idx,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
> + g_autofree uint8_t *garbagesplitkey = NULL;
> + size_t splitkeylen = luks->header.master_key_len * slot->stripes;
> + size_t i;
> +
> + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> + assert(splitkeylen > 0);
> +
> + garbagesplitkey = g_malloc0(splitkeylen);
I'd prefer g_new0(uint8_t, splitkeylen)
> +
> + /* Reset the key slot header */
> + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
> + slot->iterations = 0;
> + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> +
> @@ -1522,6 +1700,187 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> }
>
>
> +#define CHECK_NON_AMEND_OPTION(luks, luks_opts, name) \
> + if (luks_opts.has_##name && luks_opts.name != luks->name) { \
> + error_setg(errp, "Option \"" #name "\" can't be amended"); \
> + goto cleanup; \
> + }
> +
> +static int
> +qcrypto_block_luks_amend_options(QCryptoBlock *block,
> + QCryptoBlockReadFunc readfunc,
> + QCryptoBlockWriteFunc writefunc,
> + void *opaque,
> + QCryptoBlockCreateOptions *options,
> + bool force,
> + Error **errp)
> +{
> + QCryptoBlockLUKS *luks = block->opaque;
> + QCryptoBlockCreateOptionsLUKS luks_opts;
> + g_autofree char *old_password = NULL;
> + g_autofree char *password = NULL;
> + const char *unlock_secret = luks->secret;
> + g_autofree uint8_t *masterkey = NULL;
> + int slot = -1;
> + int ret = -1;
> + bool active = true;
> + int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME;
> +
> + memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
> +
> + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_alg);
> + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_mode);
> + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_alg);
> + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_hash_alg);
> + CHECK_NON_AMEND_OPTION(luks, luks_opts, hash_alg);
> +
> + /* Read given slot and check it */
> + if (luks_opts.has_slot) {
> + slot = luks_opts.slot;
> + if (slot < 0 || slot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
> + error_setg(errp,
> + "Given key slot %i is not supported by LUKS", slot);
> + goto cleanup;
Off by 1 one indent
> + }
> + }
> +
> + if (luks_opts.has_iter_time) {
> + iter_time = luks_opts.iter_time;
> + }
> +
> + if (luks_opts.has_active && luks_opts.active == false) {
> + active = false;
> + }
> +
> + if (active) {
> +
> + /* Check that we are not overwriting an active slot */
> + if (!force && slot != -1 &&
> + qcrypto_block_luks_slot_active(luks, slot)) {
> +
> + error_setg(errp, "Can't update an active key slot %i",
> + slot);
> + goto cleanup;
> + }
> +
> + /* check that we have the passwords*/
> + if (!luks_opts.has_key_secret) {
> + error_setg(errp, "Can't add a key slot without a password");
> + goto cleanup;
> + }
> +
> + if (luks_opts.has_unlock_secret) {
> + unlock_secret = luks_opts.unlock_secret;
> + }
> +
> + /* Read the old password */
> + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
> + if (!old_password) {
> + goto cleanup;
> + }
> +
> + masterkey = g_new0(uint8_t, luks->header.master_key_len);
> +
> + /* Retrieve the master key*/
> + if (qcrypto_block_luks_find_key(block, old_password, masterkey,
> + readfunc, opaque,
> + errp) < 0) {
> + error_append_hint(errp,
> + "unlock secret, doesn't unlock the image");
No need for the ',' in this msg I think.
> + goto cleanup;
> + }
> +
> + /* Read the new password*/
> + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
> + if (!password) {
> + goto cleanup;
> + }
> +
> + /* Find the new slot to write to */
> + if (slot == -1) {
> + slot = qcrypto_block_luks_find_free_keyslot(luks);
> +
> + if (slot == -1) {
> + error_setg(errp,
> + "Can't add a keyslot - all key slots are in use");
> + goto cleanup;
> +
> + }
Extra blank line
> + }
> +
> + /* Store the master key to the new slot */
> + if (qcrypto_block_luks_store_key(block, slot, password, masterkey,
> + iter_time, writefunc, opaque,
> + errp)) {
> +
Extra blank line
> + error_append_hint(errp, "Failed to store the keyslot %i", slot);
> + goto cleanup;
> + }
> +
> + } else {
> +
> + /* Check that we are not erasing last key slot */
> + if (qcrypto_block_luks_count_active_slots(luks) <= 1) {
> +
Extra blank line(s)
> + if (!force) {
> + error_setg(errp, "Only one slot active - can't erase");
> + goto cleanup;
> + }
> + }
> +
> + if (slot != -1) {
> + /* Check that we are not erasing an inactive slot */
> + if (!qcrypto_block_luks_slot_active(luks, luks_opts.slot)) {
> + if (!force) {
> + error_setg(errp, "Can't erase an inactive key slot %i",
> + slot);
> + goto cleanup;
> + }
> + }
> +
> + /* Erase the given slot */
> + if (qcrypto_block_luks_erase_key(block, slot,
> + writefunc, opaque, errp)) {
> + goto cleanup;
> + }
> +
> + } else {
> + if (!luks_opts.has_key_secret) {
> + error_setg(errp,
> + "To erase a keyslot you have to specify either the"
> + "slot index or a password "
> + "(to erase all slots that match it)");
> + goto cleanup;
> + }
> +
> + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret,
> + errp);
> + if (!password) {
> + goto cleanup;
> + }
> +
> + ret = qcrypto_block_luks_erase_matching_keys(block, password,
> + readfunc, writefunc,
> + opaque, force, errp);
> + if (ret == 0) {
> + error_setg(errp,
> + "Didn't erase a keyslot, because no keyslots match"
> + " the given password");
> + ret = -EINVAL;
> + goto cleanup;
> + }
> +
> + if (ret < 0) {
> + goto cleanup;
> + }
> + }
> + }
> + ret = 0;
> +cleanup:
> + return ret;
> +}
> +
> +
> static int qcrypto_block_luks_get_info(QCryptoBlock *block,
> QCryptoBlockInfo *info,
> Error **errp)
> @@ -1569,7 +1928,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
>
> static void qcrypto_block_luks_cleanup(QCryptoBlock *block)
> {
> - g_free(block->opaque);
> + QCryptoBlockLUKS *luks = block->opaque;
> + g_free(luks->secret);
> + g_free(luks);
> }
>
>
> @@ -1606,6 +1967,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block,
> const QCryptoBlockDriver qcrypto_block_driver_luks = {
> .open = qcrypto_block_luks_open,
> .create = qcrypto_block_luks_create,
> + .amend = qcrypto_block_luks_amend_options,
> .get_info = qcrypto_block_luks_get_info,
> .cleanup = qcrypto_block_luks_cleanup,
> .decrypt = qcrypto_block_luks_decrypt,
> --
> 2.17.2
>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On Fri, 2019-09-06 at 14:55 +0100, Daniel P. Berrangé wrote:
> On Fri, Aug 30, 2019 at 11:56:01PM +0300, Maxim Levitsky wrote:
> > Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
> > ---
> > crypto/block-luks.c | 366 +++++++++++++++++++++++++++++++++++++++++++-
> > 1 file changed, 364 insertions(+), 2 deletions(-)
> >
> > diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> > index ba20d55246..21325fbc79 100644
> > --- a/crypto/block-luks.c
> > +++ b/crypto/block-luks.c
> > @@ -70,6 +70,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKeySlot;
> >
> > #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL
> >
> > +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME 2000
>
> Perhaps use ITER_TIME_MS to make it clear it is millisecs
Why not... done.
>
> > +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40
> > +
> > static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = {
> > 'L', 'U', 'K', 'S', 0xBA, 0xBE
> > };
> > @@ -219,6 +222,9 @@ struct QCryptoBlockLUKS {
> >
> > /* Hash algorithm used in pbkdf2 function */
> > QCryptoHashAlgorithm hash_alg;
> > +
> > + /* Name of the secret that was used to open the image */
> > + char *secret;
> > +
> > +/*
> > + * Returns true if a slot i is marked as active
> > + * (contains encrypted copy of the master key)
> > + */
> > +
> > +static bool
>
> No blank line is wanted between the comment & function.
> Likewise for the rest of this patch series
No problem!
>
> > +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks,
> > + unsigned int slot_idx)
> > +{
> > + uint32_t val = luks->header.key_slots[slot_idx].active;
> > + return val == QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED;
> > +}
>
>
>
> > +static int
> > +qcrypto_block_luks_erase_key(QCryptoBlock *block,
> > + unsigned int slot_idx,
> > + QCryptoBlockWriteFunc writefunc,
> > + void *opaque,
> > + Error **errp)
> > +{
> > + QCryptoBlockLUKS *luks = block->opaque;
> > + QCryptoBlockLUKSKeySlot *slot = &luks->header.key_slots[slot_idx];
> > + g_autofree uint8_t *garbagesplitkey = NULL;
> > + size_t splitkeylen = luks->header.master_key_len * slot->stripes;
> > + size_t i;
> > +
> > + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS);
> > + assert(splitkeylen > 0);
> > +
> > + garbagesplitkey = g_malloc0(splitkeylen);
>
> I'd prefer g_new0(uint8_t, splitkeylen)
Done.
>
> > +
> > + /* Reset the key slot header */
> > + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN);
> > + slot->iterations = 0;
> > + slot->active = QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED;
> > +
>
>
> > @@ -1522,6 +1700,187 @@ qcrypto_block_luks_create(QCryptoBlock *block,
> > }
> >
> >
> > +#define CHECK_NON_AMEND_OPTION(luks, luks_opts, name) \
> > + if (luks_opts.has_##name && luks_opts.name != luks->name) { \
> > + error_setg(errp, "Option \"" #name "\" can't be amended"); \
> > + goto cleanup; \
> > + }
> > +
> > +static int
> > +qcrypto_block_luks_amend_options(QCryptoBlock *block,
> > + QCryptoBlockReadFunc readfunc,
> > + QCryptoBlockWriteFunc writefunc,
> > + void *opaque,
> > + QCryptoBlockCreateOptions *options,
> > + bool force,
> > + Error **errp)
> > +{
> > + QCryptoBlockLUKS *luks = block->opaque;
> > + QCryptoBlockCreateOptionsLUKS luks_opts;
> > + g_autofree char *old_password = NULL;
> > + g_autofree char *password = NULL;
> > + const char *unlock_secret = luks->secret;
> > + g_autofree uint8_t *masterkey = NULL;
> > + int slot = -1;
> > + int ret = -1;
> > + bool active = true;
> > + int64_t iter_time = QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME;
> > +
> > + memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
> > +
> > + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_alg);
> > + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_mode);
> > + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_alg);
> > + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_hash_alg);
> > + CHECK_NON_AMEND_OPTION(luks, luks_opts, hash_alg);
> > +
> > + /* Read given slot and check it */
> > + if (luks_opts.has_slot) {
> > + slot = luks_opts.slot;
> > + if (slot < 0 || slot >= QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) {
> > + error_setg(errp,
> > + "Given key slot %i is not supported by LUKS", slot);
> > + goto cleanup;
>
> Off by 1 one indent
Sorry about that.
>
> > + }
> > + }
> > +
> > + if (luks_opts.has_iter_time) {
> > + iter_time = luks_opts.iter_time;
> > + }
> > +
> > + if (luks_opts.has_active && luks_opts.active == false) {
> > + active = false;
> > + }
> > +
> > + if (active) {
> > +
> > + /* Check that we are not overwriting an active slot */
> > + if (!force && slot != -1 &&
> > + qcrypto_block_luks_slot_active(luks, slot)) {
> > +
> > + error_setg(errp, "Can't update an active key slot %i",
> > + slot);
> > + goto cleanup;
> > + }
> > +
> > + /* check that we have the passwords*/
> > + if (!luks_opts.has_key_secret) {
> > + error_setg(errp, "Can't add a key slot without a password");
> > + goto cleanup;
> > + }
> > +
> > + if (luks_opts.has_unlock_secret) {
> > + unlock_secret = luks_opts.unlock_secret;
> > + }
> > +
> > + /* Read the old password */
> > + old_password = qcrypto_secret_lookup_as_utf8(unlock_secret, errp);
> > + if (!old_password) {
> > + goto cleanup;
> > + }
> > +
> > + masterkey = g_new0(uint8_t, luks->header.master_key_len);
> > +
> > + /* Retrieve the master key*/
> > + if (qcrypto_block_luks_find_key(block, old_password, masterkey,
> > + readfunc, opaque,
> > + errp) < 0) {
> > + error_append_hint(errp,
> > + "unlock secret, doesn't unlock the image");
>
> No need for the ',' in this msg I think.
Fixed and reworded a bit.
>
> > + goto cleanup;
> > + }
> > +
> > + /* Read the new password*/
> > + password = qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp);
> > + if (!password) {
> > + goto cleanup;
> > + }
> > +
> > + /* Find the new slot to write to */
> > + if (slot == -1) {
> > + slot = qcrypto_block_luks_find_free_keyslot(luks);
> > +
> > + if (slot == -1) {
> > + error_setg(errp,
> > + "Can't add a keyslot - all key slots are in use");
> > + goto cleanup;
> > +
> > + }
>
> Extra blank line
Agree
>
> > + }
> > +
> > + /* Store the master key to the new slot */
> > + if (qcrypto_block_luks_store_key(block, slot, password, masterkey,
> > + iter_time, writefunc, opaque,
> > + errp)) {
> > +
>
>
> Extra blank line
>
> > + error_append_hint(errp, "Failed to store the keyslot %i", slot);
> > + goto cleanup;
> > + }
> > +
> > + } else {
> > +
> > + /* Check that we are not erasing last key slot */
> > + if (qcrypto_block_luks_count_active_slots(luks) <= 1) {
> > +
>
> Extra blank line(s)
I hope I cleaned all blank lines, sorry about that.
Best regards,
Maxim Levitsky
© 2016 - 2025 Red Hat, Inc.