Patchwork [V6,10/13] Encrypt state blobs using AES CBC encryption

login
register
mail settings
Submitter Stefan Berger
Date July 6, 2011, 4:34 p.m.
Message ID <20110706163516.877620190@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/103545/
State New
Headers show

Comments

Stefan Berger - July 6, 2011, 4:34 p.m.
This patch adds encryption of the individual state blobs that are written
into the block storage. The 'directory' at the beginnig of the block
storage is not encrypted.

The encryption support added in this patch would also work if QCoW2 was not
to be used as the (only) image file format to store the TPM's state.

Keys can be passed as a string of hexadecimal digits forming a 256, 192 or
128 bit AES key. The string can optionally start with '0x'. If the
parser does not recognize it as a hexadecimal number, the string itself is
taken as the AES key, which makes for example 'my_key' a valid AES key
parameter. It is also necessart to provide the encryption scheme.
Currently only 'aes-cbc' is supported.  An example for a valid key command
line argument is:

-tpm builtin,key=aes-cbc:0x1234567890abcdef123456

The key passed via command line argument is wiped from the command
line after parsing. If for example key=aes-cbc:0x1234... was passed it will
then be changed to key=------... so that 'ps' does not show the key anymore.
Obviously it cannot be completely prevented that the key is visible during a
very short period of time until qemu gets to the point where the code wiping
the key is reached.

A byte indicating the encryption type being used is introduced in the
directory structure indicating whether blobs are encrypted and if so, what
encryption type was used, i.e., aes-cbc.

An additional 'layer' for reading and writing the blobs to the underlying
block storage is added. This layer encrypts the blobs for writing if a key is
available. Similarly it decrypts the blobs after reading.

Checks are added that test
- whether encryption is supported follwing the revision of the directory
  structure (rev >= 2)
- whether a key has been provided although all data are stored in clear-text
- whether a key is missing for decryption.

In either one of the cases the backend reports an error message to the user
and Qemu terminates.

-v6:
  - changed the format of the key= to take the type of encryption into
    account: key=aes-cbc:0x12345... and reworked code for encryption and
    decryption of blobs;
  - modified directory entry to hold a uint_8 describing the encryption
    type (none, aes-cbc) being used for the blobs.
  - incrementing revision of the directory to '2' indicating encryption
    support
    
-v5:
  - -tpmdev now also gets a key parameter
  - add documentation about key parameter

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

---
 hw/tpm_builtin.c |  269 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 qemu-config.c    |   10 ++
 qemu-options.hx  |   22 +++-
 tpm.c            |   10 ++
 4 files changed, 302 insertions(+), 9 deletions(-)

Patch

Index: qemu-git/hw/tpm_builtin.c
===================================================================
--- qemu-git.orig/hw/tpm_builtin.c
+++ qemu-git/hw/tpm_builtin.c
@@ -27,6 +27,7 @@ 
 #include "hw/pc.h"
 #include "migration.h"
 #include "sysemu.h"
+#include "aes.h"
 
 #include <libtpms/tpm_library.h>
 #include <libtpms/tpm_error.h>
@@ -110,14 +111,27 @@  typedef struct BSDir {
     uint16_t  rev;
     uint32_t  checksum;
     uint32_t  num_entries;
-    uint32_t  reserved[10];
+    uint8_t   enctype;
+    uint8_t   reserved1[3];
+    uint32_t  reserved[8];
     BSEntry   entries[BS_DIR_MAX_NUM_ENTRIES];
 } __attribute__((packed)) BSDir;
 
 
 #define BS_DIR_REV1         1
+/* rev 2 added encryption */
+#define BS_DIR_REV2         2
 
-#define BS_DIR_REV_CURRENT  BS_DIR_REV1
+
+#define BS_DIR_REV_CURRENT  BS_DIR_REV2
+
+/* above enctype */
+enum BSEnctype {
+    BS_DIR_ENCTYPE_NONE = 0,
+    BS_DIR_ENCTYPE_AES_CBC,
+
+    BS_DIR_ENCTYPE_LAST,
+};
 
 /* local variables */
 
@@ -150,6 +164,11 @@  static const unsigned char tpm_std_fatal
 
 static char dev_description[80];
 
+static struct enckey {
+    uint8_t enctype;
+    AES_KEY tpm_enc_key;
+    AES_KEY tpm_dec_key;
+} enckey;
 
 static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
                                                enum BSEntryType be,
@@ -264,7 +283,7 @@  static uint32_t tpm_builtin_calc_dir_che
 
 static bool tpm_builtin_is_valid_bsdir(BSDir *dir)
 {
-    if (dir->rev != BS_DIR_REV_CURRENT ||
+    if (dir->rev > BS_DIR_REV_CURRENT ||
         dir->num_entries > BS_DIR_MAX_NUM_ENTRIES) {
         return false;
     }
@@ -295,6 +314,33 @@  static bool tpm_builtin_has_valid_conten
     return rc;
 }
 
+static bool tpm_builtin_supports_encryption(const BSDir *dir)
+{
+    return (dir->rev >= BS_DIR_REV2);
+}
+
+
+static bool tpm_builtin_has_missing_key(const BSDir *dir)
+{
+    return ((dir->enctype   != BS_DIR_ENCTYPE_NONE) &&
+            (enckey.enctype == BS_DIR_ENCTYPE_NONE) );
+}
+
+
+static bool tpm_builtin_has_unnecessary_key(const BSDir *dir)
+{
+    return (((dir->enctype   == BS_DIR_ENCTYPE_NONE) &&
+             (enckey.enctype != BS_DIR_ENCTYPE_NONE))  ||
+            ((!tpm_builtin_supports_encryption(dir)) &&
+             (enckey.enctype != BS_DIR_ENCTYPE_NONE)) );
+}
+
+
+static bool tpm_builtin_uses_unsupported_enctype(const BSDir *dir)
+{
+    return (dir->enctype >= BS_DIR_ENCTYPE_LAST);
+}
+
 
 static int tpm_builtin_create_blank_dir(BlockDriverState *bs)
 {
@@ -306,6 +352,7 @@  static int tpm_builtin_create_blank_dir(
     dir = (BSDir *)buf;
     dir->rev = BS_DIR_REV_CURRENT;
     dir->num_entries = 0;
+    dir->enctype = enckey.enctype;
 
     dir->checksum = tpm_builtin_calc_dir_checksum(dir);
 
@@ -407,6 +454,38 @@  static int tpm_builtin_startup_bs(BlockD
 
     tpm_builtin_dir_be_to_cpu(dir);
 
+    if (tpm_builtin_is_valid_bsdir(dir)) {
+        if (tpm_builtin_supports_encryption(dir) &&
+            tpm_builtin_has_missing_key(dir)) {
+            fprintf(stderr,
+                    "tpm: the data are encrypted but I am missing the key.\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+        if (tpm_builtin_has_unnecessary_key(dir)) {
+            fprintf(stderr,
+                    "tpm: I have a key but the data are not encrypted.\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+        if (tpm_builtin_supports_encryption(dir) &&
+            tpm_builtin_uses_unsupported_enctype(dir)) {
+            fprintf(stderr,
+                    "tpm: State is encrypted with an unsupported encryption "
+                    "scheme.\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+        if (tpm_builtin_supports_encryption(dir) &&
+            (dir->enctype != BS_DIR_ENCTYPE_NONE) &&
+            !tpm_builtin_has_valid_content(dir)) {
+            fprintf(stderr, "tpm: cannot read the data - "
+                    "is this the wrong key?\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+    }
+
     if (!tpm_builtin_is_valid_bsdir(dir) ||
         !tpm_builtin_has_valid_content(dir)) {
         /* if it's encrypted and has something else than null-content,
@@ -565,6 +644,105 @@  static int set_bs_entry_size_crc(BlockDr
 }
 
 
+static int tpm_builtin_blocksize_roundup(uint8_t enctype, int plainsize)
+{
+    switch (enctype) {
+    case BS_DIR_ENCTYPE_NONE:
+        return plainsize;
+    case BS_DIR_ENCTYPE_AES_CBC:
+        return ALIGN(plainsize, AES_BLOCK_SIZE);
+    default:
+        assert(false);
+        return 0;
+    }
+}
+
+
+static int tpm_builtin_bdrv_pread(BlockDriverState *bs, int64_t offset,
+                                  void *buf, int count,
+                                  enum BSEntryType type)
+{
+    int ret;
+    union {
+        uint64_t ll[2];
+        uint8_t b[16];
+    } ivec;
+    int toread = count;
+
+    toread = tpm_builtin_blocksize_roundup(enckey.enctype, count);
+
+    ret = bdrv_pread(bs, offset, buf, toread);
+
+    if (ret != toread) {
+        return ret;
+    }
+
+    switch (enckey.enctype) {
+    case BS_DIR_ENCTYPE_NONE:
+        break;
+    case BS_DIR_ENCTYPE_AES_CBC:
+        ivec.ll[0] = cpu_to_be64(type);
+        ivec.ll[1] = 0;
+
+        AES_cbc_encrypt(buf, buf, toread, &enckey.tpm_dec_key, ivec.b, 0);
+        break;
+    default:
+        assert(false);
+    }
+
+    return count;
+}
+
+
+static int tpm_builtin_bdrv_pwrite(BlockDriverState *bs, int64_t offset,
+                                   void *buf, int count,
+                                   enum BSEntryType type)
+{
+    int ret;
+    union {
+        uint64_t ll[2];
+        uint8_t b[16];
+    } ivec;
+    int towrite = count;
+    void *out_buf = buf;
+
+    switch (enckey.enctype) {
+    case BS_DIR_ENCTYPE_NONE:
+        break;
+    case BS_DIR_ENCTYPE_AES_CBC:
+        ivec.ll[0] = cpu_to_be64(type);
+        ivec.ll[1] = 0;
+
+        towrite = ALIGN(count, AES_BLOCK_SIZE);
+
+        if (towrite != count) {
+            out_buf = qemu_malloc(towrite);
+
+            if (out_buf == NULL) {
+                return -ENOMEM;
+            }
+        }
+
+        AES_cbc_encrypt(buf, out_buf, towrite, &enckey.tpm_enc_key, ivec.b, 1);
+        break;
+    default:
+        assert(false);
+    }
+
+    ret = bdrv_pwrite(bs, offset, out_buf, towrite);
+
+    if (out_buf != buf) {
+        qemu_free(out_buf);
+    }
+
+    if (ret == towrite) {
+        return count;
+    }
+
+    return ret;
+}
+
+
 static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
                                                enum BSEntryType be,
                                                TPMSizedBuffer *tsb)
@@ -589,7 +767,7 @@  static int tpm_builtin_load_sized_data_f
         goto err_exit;
     }
 
-    tsb->buffer = qemu_malloc(entry.blobsize);
+    tsb->buffer = qemu_malloc(ALIGN(entry.blobsize, AES_BLOCK_SIZE));
     if (!tsb->buffer) {
         rc = -ENOMEM;
         goto err_exit;
@@ -597,7 +775,8 @@  static int tpm_builtin_load_sized_data_f
 
     tsb->size = entry.blobsize;
 
-    if (bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size) != tsb->size) {
+    if (tpm_builtin_bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size, be) !=
+        tsb->size) {
         clear_sized_buffer(tsb);
         fprintf(stderr,"tpm: Error while reading stored data!\n");
         rc = -EIO;
@@ -661,7 +840,8 @@  static int tpm_builtin_save_sized_data_t
     }
 
     if (data_len > 0) {
-        if (bdrv_pwrite(bs, entry.offset, data, data_len) != data_len) {
+        if (tpm_builtin_bdrv_pwrite(bs, entry.offset, data, data_len, be) !=
+            data_len) {
             rc = -EIO;
         }
     }
@@ -1485,11 +1665,61 @@  static const char *tpm_builtin_create_de
 }
 
 
+static bool tpm_builtin_parse_as_hexkey(const char *rawkey,
+                                        unsigned char keyvalue[32],
+                                        int *keysize)
+{
+    unsigned int c = 0;
+    unsigned char nib = 0;
+
+    /* skip over leading '0x' */
+    if (!strncmp(rawkey, "0x", 2)) {
+        rawkey += 2;
+    }
+
+    while (c < 64) {
+        if (rawkey[c] == 0) {
+            break;
+        }
+
+        if (rawkey[c] >= '0' && rawkey[c] <= '9') {
+            nib |= rawkey[c] - '0';
+        } else if (rawkey[c] >= 'A' && rawkey[c] <= 'F') {
+            nib |= rawkey[c] - 'A' + 10;
+        } else if (rawkey[c] >= 'a' && rawkey[c] <= 'f') {
+            nib |= rawkey[c] - 'a' + 10;
+        } else {
+            break;
+        }
+
+        keyvalue[c/2] = nib;
+
+        nib <<= 4;
+
+        c++;
+    }
+
+    if (c == 256/4) {
+        *keysize = 256;
+    } else if (c >= 192/4) {
+        *keysize = 192;
+    } else if (c >= 128/4) {
+        *keysize = 128;
+    } else {
+        return false;
+    }
+
+    return true;
+}
+
+
 static TPMBackend *tpm_builtin_create(QemuOpts *opts, const char *id,
                                       const char *model)
 {
     TPMBackend *driver;
     const char *value;
+    int keysize;
+    unsigned char keyvalue[256/8];
 
     driver = qemu_malloc(sizeof(TPMBackend));
     if (!driver) {
@@ -1515,6 +1745,33 @@  static TPMBackend *tpm_builtin_create(Qe
         goto err_exit;
     }
 
+    value = qemu_opt_get(opts, "key");
+    if (value) {
+        if (!strncasecmp(value, "aes-cbc:", 8)) {
+            memset(keyvalue, 0x0, sizeof(keyvalue));
+
+            if (!tpm_builtin_parse_as_hexkey(&value[8], keyvalue, &keysize)) {
+                keysize = 128;
+                strncpy((char *)keyvalue, value, 128/8);
+            }
+
+            if (AES_set_encrypt_key(keyvalue, keysize,
+                                    &enckey.tpm_enc_key) != 0 ||
+                AES_set_decrypt_key(keyvalue, keysize,
+                                    &enckey.tpm_dec_key) != 0 ) {
+                fprintf(stderr, "tpm: Error setting AES key.\n");
+                goto err_exit;
+            }
+            enckey.enctype = BS_DIR_ENCTYPE_AES_CBC;
+        } else {
+            fprintf(stderr, "tpm: Unknown encryption scheme. Known types are: "
+                            "aes-cbc.\n");
+            goto err_exit;
+        }
+    } else {
+        enckey.enctype = BS_DIR_ENCTYPE_NONE;
+    }
+
     return driver;
 
 err_exit:
Index: qemu-git/qemu-config.c
===================================================================
--- qemu-git.orig/qemu-config.c
+++ qemu-git/qemu-config.c
@@ -484,6 +484,11 @@  static QemuOptsList qemu_tpmdev_opts = {
             .type = QEMU_OPT_STRING,
             .help = "Persistent storage for TPM state",
         },
+        {
+            .name = "key",
+            .type = QEMU_OPT_STRING,
+            .help = "Data encryption key",
+        },
         { /* end of list */ }
     },
 };
@@ -508,6 +513,11 @@  static QemuOptsList qemu_tpm_opts = {
             .type = QEMU_OPT_STRING,
             .help = "Persistent storage for TPM state",
         },
+        {
+            .name = "key",
+            .type = QEMU_OPT_STRING,
+            .help = "Data encryption key",
+        },
         { /* end of list */ }
     },
 };
Index: qemu-git/tpm.c
===================================================================
--- qemu-git.orig/tpm.c
+++ qemu-git/tpm.c
@@ -244,6 +244,7 @@  void tpm_cleanup(void)
 void tpm_config_parse(QemuOptsList *opts_list, const char *optarg)
 {
     QemuOpts *opts;
+    char *key;
 
     if (strcmp("none", optarg) != 0) {
         if (*optarg == '?') {
@@ -254,6 +255,15 @@  void tpm_config_parse(QemuOptsList *opts
         if (!opts) {
             exit(1);
         }
+
+        /* if a key is provided, wipe it out so no one can see it with 'ps' */
+        key = strstr(optarg, "key=");
+        if (key) {
+            key += 4;
+            while (key[0] && key[0] != ',') {
+                *key++ = '-';
+            }
+        }
     }
 }
 
Index: qemu-git/qemu-options.hx
===================================================================
--- qemu-git.orig/qemu-options.hx
+++ qemu-git/qemu-options.hx
@@ -1713,8 +1713,9 @@  DEFHEADING(TPM device options:)
 # ifdef CONFIG_TPM
 DEF("tpm", HAS_ARG, QEMU_OPTION_tpm, \
     "" \
-    "-tpm builtin,path=<path>[,model=<model>]\n" \
+    "-tpm builtin,path=<path>[,model=<model>][,key=<aes key>]\n" \
     "                enable a builtin TPM with state in file in path\n" \
+    "                and encrypt the TPM's state with the given AES key\n" \
     "-tpm model=?    to list available TPM device models\n" \
     "-tpm ?          to list available TPM backend types\n",
     QEMU_ARCH_I386)
@@ -1743,13 +1744,22 @@  Use ? to print all available TPM backend
 qemu -tpmdev ?
 @end example
 
-@item -tpmdev builtin ,id=@var{id}, path=@var{path}
+@item -tpmdev builtin ,id=@var{id}, path=@var{path}, key=@var{key}
 
 Creates an instance of the built-in TPM.
 
 @option{path} specifies the path to the QCoW2 image that will store
 the TPM's persistent data. @option{path} is required.
 
+@option{key} specifies the AES key to use to encrypt the TPM's persistent
+data. If encryption is to be used, the key must be provided the first
+time a Qemu VM with attached TPM is started and the same key must subsequently
+be used. The format of the key is the type of encryption to use, i.e.,
+@code{aes-cbc}, followed by a colon and then the actual key. The key can
+be a hex number with optional leading @code{0x}
+and 32, 48 or 64 hex digits for 128, 192 or 256 bit AES keys respectively.
+@option{key} is optional.
+
 To create a built-in TPM use the following two options:
 @example
 -tpmdev builtin,id=tpm0,path=<path_to_qcow2> -device tpm-tis,tpmdev=tpm0
@@ -1757,12 +1767,18 @@  To create a built-in TPM use the followi
 Not that the @code{-tpmdev} id is @code{tpm0} and is referenced by
 @code{tpmdev=tpm0} in the device option.
 
+
+To create a built-in TPM whose state is encrypted with a 128 bit AES key
+using AES-CBC encryption scheme supply the following two options:
+@example
+-tpmdev builtin,id=tpm0,path=<path_to_qcow2>,key=aes-cbc:0x1234567890abcdef01234567890abcdef -device tpm-tis,tpmdev=tpm0
+@end example
 @end table
 
 The short form of a TPM device option is:
 @table @option
 
-@item -tpm @var{backend-type}, path=@var{path} [,model=@var{model}]
+@item -tpm @var{backend-type}, path=@var{path} [,model=@var{model}] [,key=@var{key}]
 @findex -tpm
 
 @option{model} specifies the device model. The default device model is a