Patchwork [V4,10/10] Encrypt state blobs using AES CBC encryption

login
register
mail settings
Submitter Stefan Berger
Date May 6, 2011, 5:32 p.m.
Message ID <20110506173248.638646321@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/94410/
State New
Headers show

Comments

Stefan Berger - May 6, 2011, 5:32 p.m.
This patch adds encryption of the individual state blobs that are written
into the block storage. The 'directory' at the beginnig of the block
storage is not encrypted.

Keys can be passed either as a string of hexadecimal digits forming a 256,
192 or 128 bit AES key. Those keys can optionally start with '0x'. If the
parse does not recognize it as such, the string itself is taken as the AES
key.

The key is passed via command line argument. It's wiped from the command
line after parsing. If key=0x1234... was passed before it will then be
changed to key=------... so that 'ps' does not show the key anymore. Obviously
it cannot be completely prevented that the key is visible during a very
short period of time until qemu is done parsing the command line parameters.

A flag is introduced in the directory structure indicating whether the blobs
are encrypted.

An additional 'layer' for reading and writing the blobs to the underlying
block storage is added. This layer encrypts the blobs for writing if a key is
available. Similarly it decrypts the blobs after reading.

Checks are added the test whether a key has been provided although all
data are stored in clear-text or whether a key is missing. In either one of
the cases the backend returns an error and Qemu terminates.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

---
 arch_init.c      |   10 ++
 hw/tpm_builtin.c |  214 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 qemu-config.c    |    5 +
 qemu-options.hx  |    2 
 4 files changed, 226 insertions(+), 5 deletions(-)

Patch

Index: qemu-git/hw/tpm_builtin.c
===================================================================
--- qemu-git.orig/hw/tpm_builtin.c
+++ qemu-git/hw/tpm_builtin.c
@@ -26,6 +26,7 @@ 
 #include "hw/pc.h"
 #include "migration.h"
 #include "sysemu.h"
+#include "aes.h"
 
 #include <libtpms/tpm_library.h>
 #include <libtpms/tpm_error.h>
@@ -105,7 +106,8 @@  typedef struct BSDir {
     uint16_t  rev;
     uint32_t  checksum;
     uint32_t  num_entries;
-    uint32_t  reserved[10];
+    uint32_t  flags;
+    uint32_t  reserved[9];
     BSEntry   entries[BS_DIR_MAX_NUM_ENTRIES];
 } __attribute__((packed)) BSDir;
 
@@ -114,6 +116,8 @@  typedef struct BSDir {
 
 #define BS_DIR_REV_CURRENT  BS_DIR_REV1
 
+#define BS_DIR_FLAG_ENC_BLOBS   (1 << 0)
+
 /* local variables */
 
 static QemuThread thread;
@@ -145,6 +149,8 @@  static const unsigned char tpm_std_fatal
 
 static char dev_description[80];
 
+static bool has_key;
+static AES_KEY tpm_enc_key, tpm_dec_key;
 
 static void tpm_builtin_adjust_data_layout(BlockDriverState *bs, BSDir *dir);
 static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
@@ -201,6 +207,7 @@  static void tpm_builtin_dir_be_to_cpu(BS
     be16_to_cpus(&dir->rev);
     be32_to_cpus(&dir->checksum);
     be32_to_cpus(&dir->num_entries);
+    be32_to_cpus(&dir->flags);
 
     for (c = 0; c < dir->num_entries && c < BS_DIR_MAX_NUM_ENTRIES; c++) {
         be32_to_cpus(&dir->entries[c].type);
@@ -227,6 +234,7 @@  static void tpm_builtin_dir_cpu_to_be(BS
     dir->rev         = cpu_to_be16(dir->rev);
     dir->checksum    = cpu_to_be32(dir->checksum);
     dir->num_entries = cpu_to_be32(dir->num_entries);
+    dir->flags       = cpu_to_be32(dir->flags);
 }
 
 
@@ -292,6 +300,36 @@  static bool tpm_builtin_has_valid_conten
 }
 
 
+static uint32_t tpm_builtin_get_dir_flags(void)
+{
+    if (has_key) {
+        return BS_DIR_FLAG_ENC_BLOBS;
+    }
+
+    return 0;
+}
+
+
+static bool tpm_builtin_has_missing_key(const BSDir *dir)
+{
+    if ((dir->flags & BS_DIR_FLAG_ENC_BLOBS) && !has_key) {
+        return true;
+    }
+
+    return false;
+}
+
+
+static bool tpm_builtin_has_unnecessary_key(const BSDir *dir)
+{
+    if (!(dir->flags & BS_DIR_FLAG_ENC_BLOBS) && has_key) {
+        return true;
+    }
+
+    return false;
+}
+
+
 static int tpm_builtin_create_blank_dir(BlockDriverState *bs)
 {
     uint8_t buf[BDRV_SECTOR_SIZE];
@@ -302,6 +340,7 @@  static int tpm_builtin_create_blank_dir(
     dir = (BSDir *)buf;
     dir->rev = BS_DIR_REV_CURRENT;
     dir->num_entries = 0;
+    dir->flags = tpm_builtin_get_dir_flags();
 
     dir->checksum = tpm_builtin_calc_dir_checksum(dir);
 
@@ -402,6 +441,28 @@  static int startup_bs(BlockDriverState *
 
     tpm_builtin_dir_be_to_cpu(dir);
 
+    if (tpm_builtin_is_valid_bsdir(dir)) {
+        if (tpm_builtin_has_missing_key(dir)) {
+            fprintf(stderr,
+                    "tpm: the data are encrypted but I am missing the key.\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+        if (tpm_builtin_has_unnecessary_key(dir)) {
+            fprintf(stderr,
+                    "tpm: I have a key but the data are not encrypted.\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+        if ((dir->flags & BS_DIR_FLAG_ENC_BLOBS) &&
+            !tpm_builtin_has_valid_content(dir)) {
+            fprintf(stderr, "tpm: cannot read the data - "
+                    "is this the wrong key?\n");
+            rc = -EIO;
+            goto err_exit;
+        }
+    }
+
     if (!tpm_builtin_is_valid_bsdir(dir) ||
         !tpm_builtin_has_valid_content(dir)) {
         /* if it's encrypted and has something else than null-content,
@@ -566,6 +627,81 @@  static int set_bs_entry_size_crc(BlockDr
 }
 
 
+static int tpm_builtin_bdrv_pread(BlockDriverState *bs, int64_t offset,
+                                  void *buf, int count,
+                                  enum BSEntryType type)
+{
+    int ret;
+    union {
+        uint64_t ll[2];
+        uint8_t b[16];
+    } ivec;
+    int toread = count;
+
+    if (has_key) {
+        toread = ALIGN(count, AES_BLOCK_SIZE);
+    }
+
+    ret = bdrv_pread(bs, offset, buf, toread);
+
+    if (ret != toread) {
+        return ret;
+    }
+
+    if (has_key) {
+        ivec.ll[0] = cpu_to_be64(type);
+        ivec.ll[1] = 0;
+
+        AES_cbc_encrypt(buf, buf, toread, &tpm_dec_key, ivec.b, 0);
+    }
+
+    return count;
+}
+
+
+static int tpm_builtin_bdrv_pwrite(BlockDriverState *bs, int64_t offset,
+                                   void *buf, int count,
+                                   enum BSEntryType type)
+{
+    int ret;
+    union {
+        uint64_t ll[2];
+        uint8_t b[16];
+    } ivec;
+    int towrite = count;
+    void *out_buf = buf;
+
+    if (has_key) {
+        ivec.ll[0] = cpu_to_be64(type);
+        ivec.ll[1] = 0;
+
+        towrite = ALIGN(count, AES_BLOCK_SIZE);
+
+        if (towrite != count) {
+            out_buf = qemu_malloc(towrite);
+
+            if (out_buf == NULL) {
+                return -ENOMEM;
+            }
+        }
+
+        AES_cbc_encrypt(buf, out_buf, towrite, &tpm_enc_key, ivec.b, 1);
+    }
+
+    ret = bdrv_pwrite(bs, offset, out_buf, towrite);
+
+    if (out_buf != buf) {
+        qemu_free(out_buf);
+    }
+
+    if (ret == towrite) {
+        return count;
+    }
+
+    return ret;
+}
+
+
 static int tpm_builtin_load_sized_data_from_bs(BlockDriverState *bs,
                                                enum BSEntryType be,
                                                TPMSizedBuffer *tsb)
@@ -590,7 +726,7 @@  static int tpm_builtin_load_sized_data_f
         goto err_exit;
     }
 
-    tsb->buffer = qemu_malloc(entry.blobsize);
+    tsb->buffer = qemu_malloc(ALIGN(entry.blobsize, AES_BLOCK_SIZE));
     if (!tsb->buffer) {
         rc = -ENOMEM;
         goto err_exit;
@@ -598,7 +734,8 @@  static int tpm_builtin_load_sized_data_f
 
     tsb->size = entry.blobsize;
 
-    if (bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size) != tsb->size) {
+    if (tpm_builtin_bdrv_pread(bs, entry.offset, tsb->buffer, tsb->size, be) !=
+        tsb->size) {
         clear_sized_buffer(tsb);
         fprintf(stderr,"tpm: Error while reading sized data!\n");
         rc = -EIO;
@@ -662,7 +799,8 @@  static int tpm_builtin_save_sized_data_t
     }
 
     if (data_len > 0) {
-        if (bdrv_pwrite(bs, entry.offset, data, data_len) != data_len) {
+        if (tpm_builtin_bdrv_pwrite(bs, entry.offset, data, data_len, be) !=
+            data_len) {
             rc = -EIO;
         }
     }
@@ -1572,11 +1710,61 @@  static const char *tpm_builtin_create_de
 }
 
 
+static bool tpm_builtin_parse_as_hexkey(const char *rawkey,
+                                        unsigned char keyvalue[32],
+                                        int *keysize)
+{
+    unsigned int c;
+    unsigned char nib = 0;
+
+    /* skip over leading '0x' */
+    if (!strncmp(rawkey, "0x", 2)) {
+        rawkey += 2;
+    }
+
+    while (c < 64) {
+        if (rawkey[c] == 0) {
+            break;
+        }
+
+        if (rawkey[c] >= '0' && rawkey[c] <= '9') {
+            nib |= rawkey[c] - '0';
+        } else if (rawkey[c] >= 'A' && rawkey[c] <= 'F') {
+            nib |= rawkey[c] - 'A' + 10;
+        } else if (rawkey[c] >= 'a' && rawkey[c] <= 'f') {
+            nib |= rawkey[c] - 'a' + 10;
+        } else {
+            break;
+        }
+
+        keyvalue[c/2] = nib;
+
+        nib <<= 4;
+
+        c++;
+    }
+
+    if (c == 256/4) {
+        *keysize = 256;
+    } else if (c >= 192/4) {
+        *keysize = 192;
+    } else if (c >= 128/4) {
+        *keysize = 128;
+    } else {
+        return false;
+    }
+
+    return true;
+}
+
+
 #define TPM_OPTS "id=vtpm-nvram"
 
 static bool tpm_builtin_handle_options(QemuOpts *opts)
 {
     const char *value;
+    int keysize;
+    unsigned char keyvalue[256/8];
 
     value = qemu_opt_get(opts, "path");
     if (value) {
@@ -1585,6 +1773,24 @@  static bool tpm_builtin_handle_options(Q
         fprintf(stderr, "-tpm is missing path= parameter\n");
         return false;
     }
+
+    value = qemu_opt_get(opts, "key");
+    if (value) {
+        has_key = true;
+        memset(keyvalue, 0x0, sizeof(keyvalue));
+
+        if (!tpm_builtin_parse_as_hexkey(value, keyvalue, &keysize)) {
+            keysize = 128;
+            strncpy((char *)keyvalue, value, 128/8);
+        }
+
+        if (AES_set_encrypt_key(keyvalue, keysize, &tpm_enc_key) != 0 ||
+            AES_set_decrypt_key(keyvalue, keysize, &tpm_dec_key) != 0 ) {
+            fprintf(stderr, "tpm: Error setting the key.\n");
+            return false;
+        }
+    }
+
     return true;
 }
 
Index: qemu-git/qemu-config.c
===================================================================
--- qemu-git.orig/qemu-config.c
+++ qemu-git/qemu-config.c
@@ -464,6 +464,11 @@  static QemuOptsList qemu_tpm_opts = {
             .type = QEMU_OPT_STRING,
             .help = "Persitent storage for TPM state",
         },
+        {
+            .name = "key",
+            .type = QEMU_OPT_STRING,
+            .help = "Data encryption key",
+        },
         { /* end of list */ }
     },
 };
Index: qemu-git/qemu-options.hx
===================================================================
--- qemu-git.orig/qemu-options.hx
+++ qemu-git/qemu-options.hx
@@ -1045,7 +1045,7 @@  ETEXI
 # ifdef CONFIG_TPM
 DEF("tpm", HAS_ARG, QEMU_OPTION_tpm, \
     ""
-    "-tpm type=<type>,path=<path>\n" \
+    "-tpm type=<type>,path=<path>[,key=<aes key>]\n" \
     "                enable a TPM with state from file in given path\n"
     "                use -tpm ? to get a list of supported TPM types\n",
     QEMU_ARCH_I386)
Index: qemu-git/arch_init.c
===================================================================
--- qemu-git.orig/arch_init.c
+++ qemu-git/arch_init.c
@@ -781,6 +781,7 @@  static int configure_tpm(QemuOpts *opts)
 void select_tpm(const char *optarg)
 {
     QemuOpts *opts;
+    char *key;
 
     if (strcmp("none", optarg) != 0) {
         if (*optarg == '?') {
@@ -794,6 +795,15 @@  void select_tpm(const char *optarg)
         if (configure_tpm(opts)) {
             exit(1);
         }
+
+        /* if a key is provided, wipe it out so no one can see it with 'ps' */
+        key = strstr(optarg, "key=");
+        if (key) {
+            key += 4;
+            while (key[0] && key[0] != ',') {
+                *key++ = '-';
+            }
+        }
     }
 }