===================================================================
@@ -26,6 +26,7 @@
#include "hw/pc.h"
#include "migration.h"
#include "sysemu.h"
+#include "aes.h"
#include <libtpms/tpm_library.h>
#include <libtpms/tpm_error.h>
@@ -105,7 +106,8 @@ typedef struct BSDir {
uint16_t rev;
uint32_t checksum;
uint32_t num_entries;
- uint32_t reserved[10];
+ uint32_t flags;
+ uint32_t reserved[9];
BSEntry entries[BS_DIR_MAX_NUM_ENTRIES];
} __attribute__((packed)) BSDir;
@@ -114,6 +116,8 @@ typedef struct BSDir {
#define BS_DIR_REV_CURRENT BS_DIR_REV1
+#define BS_DIR_FLAG_ENC_BLOBS (1 << 0)
+
/* local variables */
static QemuThread thread;
@@ -145,6 +149,8 @@ static const unsigned char tpm_std_fatal
static char dev_description[80];
+static bool has_key;
+static AES_KEY tpm_enc_key, tpm_dec_key;
static void tpm_builtin_adjust_data_layout(BlockDriverState *bs, BSDir *dir);
static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
@@ -201,6 +207,7 @@ static void tpm_builtin_dir_be_to_cpu(BS
be16_to_cpus(&dir->rev);
be32_to_cpus(&dir->checksum);
be32_to_cpus(&dir->num_entries);
+ be32_to_cpus(&dir->flags);
for (c = 0; c < dir->num_entries && c < BS_DIR_MAX_NUM_ENTRIES; c++) {
be32_to_cpus(&dir->entries[c].type);
@@ -227,6 +234,7 @@ static void tpm_builtin_dir_cpu_to_be(BS
dir->rev = cpu_to_be16(dir->rev);
dir->checksum = cpu_to_be32(dir->checksum);
dir->num_entries = cpu_to_be32(dir->num_entries);
+ dir->flags = cpu_to_be32(dir->flags);
}
@@ -292,6 +300,36 @@ static bool tpm_builtin_has_valid_conten
}
+static uint32_t tpm_builtin_get_dir_flags(void)
+{
+ if (has_key) {
+ return BS_DIR_FLAG_ENC_BLOBS;
+ }
+
+ return 0;
+}
+
+
+static bool tpm_builtin_has_missing_key(const BSDir *dir)
+{
+ if ((dir->flags & BS_DIR_FLAG_ENC_BLOBS) && !has_key) {
+ return true;
+ }
+
+ return false;
+}
+
+
+static bool tpm_builtin_has_unnecessary_key(const BSDir *dir)
+{
+ if (!(dir->flags & BS_DIR_FLAG_ENC_BLOBS) && has_key) {
+ return true;
+ }
+
+ return false;
+}
+
+
static int tpm_builtin_create_blank_dir(BlockDriverState *bs)
{
uint8_t buf[BDRV_SECTOR_SIZE];
@@ -302,6 +340,7 @@ static int tpm_builtin_create_blank_dir(
dir = (BSDir *)buf;
dir->rev = BS_DIR_REV_CURRENT;
dir->num_entries = 0;
+ dir->flags = tpm_builtin_get_dir_flags();
dir->checksum = tpm_builtin_calc_dir_checksum(dir);
@@ -402,6 +441,28 @@ static int startup_bs(BlockDriverState *
tpm_builtin_dir_be_to_cpu(dir);
+ if (tpm_builtin_is_valid_bsdir(dir)) {
+ if (tpm_builtin_has_missing_key(dir)) {
+ fprintf(stderr,
+ "tpm: the data are encrypted but I am missing the key.\n");
+ rc = -EIO;
+ goto err_exit;
+ }
+ if (tpm_builtin_has_unnecessary_key(dir)) {
+ fprintf(stderr,
+ "tpm: I have a key but the data are not encrypted.\n");
+ rc = -EIO;
+ goto err_exit;
+ }
+ if ((dir->flags & BS_DIR_FLAG_ENC_BLOBS) &&
+ !tpm_builtin_has_valid_content(dir)) {
+ fprintf(stderr, "tpm: cannot read the data - "
+ "is this the wrong key?\n");
+ rc = -EIO;
+ goto err_exit;
+ }
+ }
+
if (!tpm_builtin_is_valid_bsdir(dir) ||
!tpm_builtin_has_valid_content(dir)) {
/* if it's encrypted and has something else than null-content,
@@ -566,6 +627,81 @@ static int set_bs_entry_size_crc(BlockDr
}
+static int tpm_builtin_bdrv_pread(BlockDriverState *bs, int64_t offset,
+ void *buf, int count,
+ enum BSEntryType type)
+{
+ int ret;
+ union {
+ uint64_t ll[2];
+ uint8_t b[16];
+ } ivec;
+ int toread = count;
+
+ if (has_key) {
+ toread = ALIGN(count, AES_BLOCK_SIZE);
+ }
+
+ ret = bdrv_pread(bs, offset, buf, toread);
+
+ if (ret != toread) {
+ return ret;
+ }
+
+ if (has_key) {
+ ivec.ll[0] = cpu_to_be64(type);
+ ivec.ll[1] = 0;
+
+ AES_cbc_encrypt(buf, buf, toread, &tpm_dec_key, ivec.b, 0);
+ }
+
+ return count;
+}
+
+
+static int tpm_builtin_bdrv_pwrite(BlockDriverState *bs, int64_t offset,
+ void *buf, int count,
+ enum BSEntryType type)
+{
+ int ret;
+ union {
+ uint64_t ll[2];
+ uint8_t b[16];
+ } ivec;
+ int towrite = count;
+ void *out_buf = buf;
+
+ if (has_key) {
+ ivec.ll[0] = cpu_to_be64(type);
+ ivec.ll[1] = 0;
+
+ towrite = ALIGN(count, AES_BLOCK_SIZE);
+
+ if (towrite != count) {
+ out_buf = qemu_malloc(towrite);
+
+ if (out_buf == NULL) {
+ return -ENOMEM;
+ }
+ }
+
+ AES_cbc_encrypt(buf, out_buf, towrite, &tpm_enc_key, ivec.b, 1);
+ }
+
+ ret = bdrv_pwrite(bs, offset, out_buf, towrite);
+
+ if (out_buf != buf) {
+ qemu_free(out_buf);
+ }
+
+ if (ret == towrite) {
+ return count;
+ }
+
+ return ret;
+}
+
+
static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
enum BSEntryType be,
TPMSizedBuffer *tsb)
@@ -590,7 +726,7 @@ static int tpm_builtin_load_sized_data_f
goto err_exit;
}
- tsb->buffer = qemu_malloc(entry.blobsize);
+ tsb->buffer = qemu_malloc(ALIGN(entry.blobsize, AES_BLOCK_SIZE));
if (!tsb->buffer) {
rc = -ENOMEM;
goto err_exit;
@@ -598,7 +734,8 @@ static int tpm_builtin_load_sized_data_f
tsb->size = entry.blobsize;
- if (bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size) != tsb->size) {
+ if (tpm_builtin_bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size, be) !=
+ tsb->size) {
clear_sized_buffer(tsb);
fprintf(stderr,"tpm: Error while reading sized data!\n");
rc = -EIO;
@@ -662,7 +799,8 @@ static int tpm_builtin_save_sized_data_t
}
if (data_len > 0) {
- if (bdrv_pwrite(bs, entry.offset, data, data_len) != data_len) {
+ if (tpm_builtin_bdrv_pwrite(bs, entry.offset, data, data_len, be) !=
+ data_len) {
rc = -EIO;
}
}
@@ -1572,11 +1710,61 @@ static const char *tpm_builtin_create_de
}
+static bool tpm_builtin_parse_as_hexkey(const char *rawkey,
+ unsigned char keyvalue[32],
+ int *keysize)
+{
+ unsigned int c;
+ unsigned char nib = 0;
+
+ /* skip over leading '0x' */
+ if (!strncmp(rawkey, "0x", 2)) {
+ rawkey += 2;
+ }
+
+ while (c < 64) {
+ if (rawkey[c] == 0) {
+ break;
+ }
+
+ if (rawkey[c] >= '0' && rawkey[c] <= '9') {
+ nib |= rawkey[c] - '0';
+ } else if (rawkey[c] >= 'A' && rawkey[c] <= 'F') {
+ nib |= rawkey[c] - 'A' + 10;
+ } else if (rawkey[c] >= 'a' && rawkey[c] <= 'f') {
+ nib |= rawkey[c] - 'a' + 10;
+ } else {
+ break;
+ }
+
+ keyvalue[c/2] = nib;
+
+ nib <<= 4;
+
+ c++;
+ }
+
+ if (c == 256/4) {
+ *keysize = 256;
+ } else if (c >= 192/4) {
+ *keysize = 192;
+ } else if (c >= 128/4) {
+ *keysize = 128;
+ } else {
+ return false;
+ }
+
+ return true;
+}
+
+
#define TPM_OPTS "id=vtpm-nvram"
static bool tpm_builtin_handle_options(QemuOpts *opts)
{
const char *value;
+ int keysize;
+ unsigned char keyvalue[256/8];
value = qemu_opt_get(opts, "path");
if (value) {
@@ -1585,6 +1773,24 @@ static bool tpm_builtin_handle_options(Q
fprintf(stderr, "-tpm is missing path= parameter\n");
return false;
}
+
+ value = qemu_opt_get(opts, "key");
+ if (value) {
+ has_key = true;
+ memset(keyvalue, 0x0, sizeof(keyvalue));
+
+ if (!tpm_builtin_parse_as_hexkey(value, keyvalue, &keysize)) {
+ keysize = 128;
+ strncpy((char *)keyvalue, value, 128/8);
+ }
+
+ if (AES_set_encrypt_key(keyvalue, keysize, &tpm_enc_key) != 0 ||
+ AES_set_decrypt_key(keyvalue, keysize, &tpm_dec_key) != 0 ) {
+ fprintf(stderr, "tpm: Error setting the key.\n");
+ return false;
+ }
+ }
+
return true;
}
===================================================================
@@ -464,6 +464,11 @@ static QemuOptsList qemu_tpm_opts = {
.type = QEMU_OPT_STRING,
.help = "Persitent storage for TPM state",
},
+ {
+ .name = "key",
+ .type = QEMU_OPT_STRING,
+ .help = "Data encryption key",
+ },
{ /* end of list */ }
},
};
===================================================================
@@ -1045,7 +1045,7 @@ ETEXI
# ifdef CONFIG_TPM
DEF("tpm", HAS_ARG, QEMU_OPTION_tpm, \
""
- "-tpm type=<type>,path=<path>\n" \
+ "-tpm type=<type>,path=<path>[,key=<aes key>]\n" \
" enable a TPM with state from file in given path\n"
" use -tpm ? to get a list of supported TPM types\n",
QEMU_ARCH_I386)
===================================================================
@@ -781,6 +781,7 @@ static int configure_tpm(QemuOpts *opts)
void select_tpm(const char *optarg)
{
QemuOpts *opts;
+ char *key;
if (strcmp("none", optarg) != 0) {
if (*optarg == '?') {
@@ -794,6 +795,15 @@ void select_tpm(const char *optarg)
if (configure_tpm(opts)) {
exit(1);
}
+
+ /* if a key is provided, wipe it out so no one can see it with 'ps' */
+ key = strstr(optarg, "key=");
+ if (key) {
+ key += 4;
+ while (key[0] && key[0] != ',') {
+ *key++ = '-';
+ }
+ }
}
}
This patch adds encryption of the individual state blobs that are written into the block storage. The 'directory' at the beginnig of the block storage is not encrypted. Keys can be passed either as a string of hexadecimal digits forming a 256, 192 or 128 bit AES key. Those keys can optionally start with '0x'. If the parse does not recognize it as such, the string itself is taken as the AES key. The key is passed via command line argument. It's wiped from the command line after parsing. If key=0x1234... was passed before it will then be changed to key=------... so that 'ps' does not show the key anymore. Obviously it cannot be completely prevented that the key is visible during a very short period of time until qemu is done parsing the command line parameters. A flag is introduced in the directory structure indicating whether the blobs are encrypted. An additional 'layer' for reading and writing the blobs to the underlying block storage is added. This layer encrypts the blobs for writing if a key is available. Similarly it decrypts the blobs after reading. Checks are added the test whether a key has been provided although all data are stored in clear-text or whether a key is missing. In either one of the cases the backend returns an error and Qemu terminates. Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com> --- arch_init.c | 10 ++ hw/tpm_builtin.c | 214 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- qemu-config.c | 5 + qemu-options.hx | 2 4 files changed, 226 insertions(+), 5 deletions(-)