From nobody Wed Nov 12 02:03:13 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1568327688; cv=none; d=zoho.com; s=zohoarc; b=YeDH0feS85FhOBBFFo4NwPRLEh37ZjuBGuWZXrymmCz3cCE7onIu42ak8aAbRvM/tbuE+0I3GgOHbi8FdJynXdyZrR8WUWZUU82i1rMNSV7q1GFxIbAN2fx0dWlloIU4KpZZR4NU43fE+Ghwy5NwZcdATC/Xf5wn7ViqytX9R8E= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1568327688; h=Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=43VtUa/j4mhvKdkGW7DUstL6Y9AnDtakdfXo09B1PpQ=; b=jwBHFtRZ7Hp+b5DLLFg5ifbNVTJjUdlGoWEh8xT9FdHEFiN4rBdusBRZqHsjW98X9HYW4BH4pp1f5V6TRxRGXF1VSTe37czIL/QBJo4FGhdom7LtVR2CBrGiOzwBr4eSWIc1lRxcm4iqbyYfS+S2RhHC3rfrMef2b8Nl64DIm2U= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1568327688351563.2321038827382; Thu, 12 Sep 2019 15:34:48 -0700 (PDT) Received: from localhost ([::1]:39210 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8Xfq-0001ue-GD for importer@patchew.org; Thu, 12 Sep 2019 18:34:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:41792) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1i8Xc9-0007iv-VB for qemu-devel@nongnu.org; Thu, 12 Sep 2019 18:30:59 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1i8Xc8-0005lF-5n for qemu-devel@nongnu.org; Thu, 12 Sep 2019 18:30:57 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60552) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1i8Xc4-0005j7-Fb; Thu, 12 Sep 2019 18:30:52 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BDBF43086222; Thu, 12 Sep 2019 22:30:51 +0000 (UTC) Received: from maximlenovopc.usersys.redhat.com (unknown [10.35.206.59]) by smtp.corp.redhat.com (Postfix) with ESMTP id 802A65C1B2; Thu, 12 Sep 2019 22:30:49 +0000 (UTC) From: Maxim Levitsky To: qemu-devel@nongnu.org Date: Fri, 13 Sep 2019 01:30:20 +0300 Message-Id: <20190912223028.18496-4-mlevitsk@redhat.com> In-Reply-To: <20190912223028.18496-1-mlevitsk@redhat.com> References: <20190912223028.18496-1-mlevitsk@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.42]); Thu, 12 Sep 2019 22:30:51 +0000 (UTC) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PATCH v2 03/11] qcrypto-luks: implement the encryption key management X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Wolf , =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= , qemu-block@nongnu.org, Markus Armbruster , Max Reitz , Maxim Levitsky , John Snow Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Signed-off-by: Maxim Levitsky --- crypto/block-luks.c | 356 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 354 insertions(+), 2 deletions(-) diff --git a/crypto/block-luks.c b/crypto/block-luks.c index fed80e6646..26ce50b111 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -70,6 +70,9 @@ typedef struct QCryptoBlockLUKSKeySlot QCryptoBlockLUKSKe= ySlot; =20 #define QCRYPTO_BLOCK_LUKS_SECTOR_SIZE 512LL =20 +#define QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS 2000 +#define QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS 40 + static const char qcrypto_block_luks_magic[QCRYPTO_BLOCK_LUKS_MAGIC_LEN] = =3D { 'L', 'U', 'K', 'S', 0xBA, 0xBE }; @@ -219,6 +222,9 @@ struct QCryptoBlockLUKS { =20 /* Hash algorithm used in pbkdf2 function */ QCryptoHashAlgorithm hash_alg; + + /* Name of the secret that was used to open the image */ + char *secret; }; =20 =20 @@ -1070,6 +1076,170 @@ qcrypto_block_luks_find_key(QCryptoBlock *block, } =20 =20 + +/* + * Returns true if a slot i is marked as active + * (contains encrypted copy of the master key) + */ +static bool +qcrypto_block_luks_slot_active(const QCryptoBlockLUKS *luks, + unsigned int slot_idx) +{ + uint32_t val =3D luks->header.key_slots[slot_idx].active; + return val =3D=3D QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED; +} + +/* + * Returns the number of slots that are marked as active + * (contains encrypted copy of the master key) + */ +static unsigned int +qcrypto_block_luks_count_active_slots(const QCryptoBlockLUKS *luks) +{ + size_t i =3D 0; + unsigned int ret =3D 0; + + for (i =3D 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (qcrypto_block_luks_slot_active(luks, i)) { + ret++; + } + } + return ret; +} + + +/* + * Finds first key slot which is not active + * Returns the key slot index, or -1 if doesn't exist + */ +static int +qcrypto_block_luks_find_free_keyslot(const QCryptoBlockLUKS *luks) +{ + size_t i; + + for (i =3D 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + if (!qcrypto_block_luks_slot_active(luks, i)) { + return i; + } + } + return -1; + +} + +/* + * Erases an keyslot given its index + * Returns: + * 0 if the keyslot was erased successfully + * -1 if a error occurred while erasing the keyslot + * + */ +static int +qcrypto_block_luks_erase_key(QCryptoBlock *block, + unsigned int slot_idx, + QCryptoBlockWriteFunc writefunc, + void *opaque, + Error **errp) +{ + QCryptoBlockLUKS *luks =3D block->opaque; + QCryptoBlockLUKSKeySlot *slot =3D &luks->header.key_slots[slot_idx]; + g_autofree uint8_t *garbagesplitkey =3D NULL; + size_t splitkeylen =3D luks->header.master_key_len * slot->stripes; + size_t i; + + assert(slot_idx < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS); + assert(splitkeylen > 0); + + garbagesplitkey =3D g_new0(uint8_t, splitkeylen); + + /* Reset the key slot header */ + memset(slot->salt, 0, QCRYPTO_BLOCK_LUKS_SALT_LEN); + slot->iterations =3D 0; + slot->active =3D QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED; + + qcrypto_block_luks_store_header(block, writefunc, opaque, errp); + + /* + * Now try to erase the key material, even if the header + * update failed + */ + + for (i =3D 0 ; i < QCRYPTO_BLOCK_LUKS_ERASE_ITERATIONS ; i++) { + if (qcrypto_random_bytes(garbagesplitkey, splitkeylen, errp) < 0) { + /* + * If we failed to get the random data, still write + * at least zeros to the key slot at least once + */ + + if (i > 0) { + return -1; + } + } + + if (writefunc(block, + slot->key_offset_sector * QCRYPTO_BLOCK_LUKS_SECTOR_= SIZE, + garbagesplitkey, + splitkeylen, + opaque, + errp) !=3D splitkeylen) { + return -1; + } + } + return 0; +} + + +/* + * Erase all the keys that match the given password + * Will stop when only one keyslot is remaining + * Returns number of slots that were erased or -1 on failure + */ +static int +qcrypto_block_luks_erase_matching_keys(QCryptoBlock *block, + const char *password, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks =3D block->opaque; + size_t i; + int rv; + g_autofree uint8_t *masterkey =3D NULL; + unsigned int erased_cnt =3D 0; + unsigned int active_slot_cnt =3D qcrypto_block_luks_count_active_slots= (luks); + + masterkey =3D g_new0(uint8_t, luks->header.master_key_len); + + for (i =3D 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) { + + /* refuse to erase last key if not forced */ + if (!force && active_slot_cnt =3D=3D 1) { + break; + } + + rv =3D qcrypto_block_luks_load_key(block, i, password, masterkey, + readfunc, opaque, errp); + if (rv < 0) { + return -1; + } + if (rv =3D=3D 0) { + continue; + } + + rv =3D qcrypto_block_luks_erase_key(block, i, writefunc, opaque, e= rrp); + if (rv < 0) { + return -1; + } + + erased_cnt++; + active_slot_cnt--; + } + + return erased_cnt; +} + + static int qcrypto_block_luks_open(QCryptoBlock *block, QCryptoBlockOpenOptions *options, @@ -1100,6 +1270,7 @@ qcrypto_block_luks_open(QCryptoBlock *block, =20 luks =3D g_new0(QCryptoBlockLUKS, 1); block->opaque =3D luks; + luks->secret =3D g_strdup(options->u.luks.key_secret); =20 ret =3D qcrypto_block_luks_load_header(block, readfunc, opaque, errp); if (ret < 0) { @@ -1215,7 +1386,7 @@ qcrypto_block_luks_create(QCryptoBlock *block, =20 memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); if (!luks_opts.has_iter_time) { - luks_opts.iter_time =3D 2000; + luks_opts.iter_time =3D QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS; } if (!luks_opts.has_cipher_alg) { luks_opts.cipher_alg =3D QCRYPTO_CIPHER_ALG_AES_256; @@ -1273,6 +1444,8 @@ qcrypto_block_luks_create(QCryptoBlock *block, optprefix ? optprefix : ""); goto error; } + luks->secret =3D g_strdup(options->u.luks.key_secret); + password =3D qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, errp); if (!password) { goto error; @@ -1504,6 +1677,182 @@ qcrypto_block_luks_create(QCryptoBlock *block, } =20 =20 +#define CHECK_NON_AMEND_OPTION(luks, luks_opts, name) \ + if (luks_opts.has_##name && luks_opts.name !=3D luks->name) { \ + error_setg(errp, "Option \"" #name "\" can't be amended"); \ + goto cleanup; \ + } + +static int +qcrypto_block_luks_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockCreateOptions *options, + bool force, + Error **errp) +{ + QCryptoBlockLUKS *luks =3D block->opaque; + QCryptoBlockCreateOptionsLUKS luks_opts; + g_autofree char *old_password =3D NULL; + g_autofree char *password =3D NULL; + const char *unlock_secret =3D luks->secret; + g_autofree uint8_t *masterkey =3D NULL; + int slot =3D -1; + int ret =3D -1; + bool active =3D true; + int64_t iter_time =3D QCRYPTO_BLOCK_LUKS_DEFAULT_ITER_TIME_MS; + + memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts)); + + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, cipher_mode); + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, ivgen_hash_alg); + CHECK_NON_AMEND_OPTION(luks, luks_opts, hash_alg); + + /* Read given slot and check it */ + if (luks_opts.has_slot) { + slot =3D luks_opts.slot; + if (slot < 0 || slot >=3D QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS) { + error_setg(errp, + "Given key slot %i is not supported by LUKS", slot); + goto cleanup; + } + } + + if (luks_opts.has_iter_time) { + iter_time =3D luks_opts.iter_time; + } + + if (luks_opts.has_active && luks_opts.active =3D=3D false) { + active =3D false; + } + + if (active) { + /* Check that we are not overwriting an active slot */ + if (!force && slot !=3D -1 && + qcrypto_block_luks_slot_active(luks, slot)) { + + error_setg(errp, "Can't update an active key slot %i", + slot); + goto cleanup; + } + + /* check that we have the passwords*/ + if (!luks_opts.has_key_secret) { + error_setg(errp, "Can't add a key slot without a password"); + goto cleanup; + } + + if (luks_opts.has_unlock_secret) { + unlock_secret =3D luks_opts.unlock_secret; + } + + /* Read the old password */ + old_password =3D qcrypto_secret_lookup_as_utf8(unlock_secret, errp= ); + if (!old_password) { + goto cleanup; + } + + masterkey =3D g_new0(uint8_t, luks->header.master_key_len); + + /* Retrieve the master key*/ + if (qcrypto_block_luks_find_key(block, old_password, masterkey, + readfunc, opaque, + errp) < 0) { + error_append_hint(errp, + "'unlock-secret' failed to unlock the image"= ); + goto cleanup; + } + + /* Read the new password*/ + password =3D qcrypto_secret_lookup_as_utf8(luks_opts.key_secret, e= rrp); + if (!password) { + goto cleanup; + } + + /* Find the new slot to write to */ + if (slot =3D=3D -1) { + slot =3D qcrypto_block_luks_find_free_keyslot(luks); + + if (slot =3D=3D -1) { + error_setg(errp, + "Can't add a keyslot - all key slots are in use= "); + goto cleanup; + } + } + + /* Store the master key to the new slot */ + if (qcrypto_block_luks_store_key(block, slot, password, masterkey, + iter_time, writefunc, opaque, + errp)) { + error_append_hint(errp, "Failed to store the keyslot %i", slot= ); + goto cleanup; + } + + } else { + /* Check that we are not erasing last key slot */ + if (qcrypto_block_luks_count_active_slots(luks) <=3D 1) { + if (!force) { + error_setg(errp, "Only one slot active - can't erase"); + goto cleanup; + } + } + + if (slot !=3D -1) { + /* Check that we are not erasing an inactive slot */ + if (!qcrypto_block_luks_slot_active(luks, luks_opts.slot)) { + if (!force) { + error_setg(errp, "Can't erase an inactive key slot %i", + slot); + goto cleanup; + } + } + + /* Erase the given slot */ + if (qcrypto_block_luks_erase_key(block, slot, + writefunc, opaque, errp)) { + goto cleanup; + } + + } else { + if (!luks_opts.has_key_secret) { + error_setg(errp, + "To erase a keyslot you have to specify either = the" + "slot index or a password " + "(to erase all slots that match it)"); + goto cleanup; + } + + password =3D qcrypto_secret_lookup_as_utf8(luks_opts.key_secre= t, + errp); + if (!password) { + goto cleanup; + } + + ret =3D qcrypto_block_luks_erase_matching_keys(block, password, + readfunc, writefunc, + opaque, force, errp= ); + if (ret =3D=3D 0) { + error_setg(errp, + "Didn't erase a keyslot, because no keyslots ma= tch" + " the given password"); + ret =3D -EINVAL; + goto cleanup; + } + + if (ret < 0) { + goto cleanup; + } + } + } + ret =3D 0; +cleanup: + return ret; +} + + static int qcrypto_block_luks_get_info(QCryptoBlock *block, QCryptoBlockInfo *info, Error **errp) @@ -1551,7 +1900,9 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *= block, =20 static void qcrypto_block_luks_cleanup(QCryptoBlock *block) { - g_free(block->opaque); + QCryptoBlockLUKS *luks =3D block->opaque; + g_free(luks->secret); + g_free(luks); } =20 =20 @@ -1588,6 +1939,7 @@ qcrypto_block_luks_encrypt(QCryptoBlock *block, const QCryptoBlockDriver qcrypto_block_driver_luks =3D { .open =3D qcrypto_block_luks_open, .create =3D qcrypto_block_luks_create, + .amend =3D qcrypto_block_luks_amend_options, .get_info =3D qcrypto_block_luks_get_info, .cleanup =3D qcrypto_block_luks_cleanup, .decrypt =3D qcrypto_block_luks_decrypt, --=20 2.17.2