[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v3 00/26] Support LUKS encryption in block devices
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PATCH v3 00/26] Support LUKS encryption in block devices |
Date: |
Mon, 15 Feb 2016 16:10:33 +0000 |
This series was previously submitted here:
v1: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
v2: https://lists.gnu.org/archive/html/qemu-block/2016-01/msg00534.html
This series depends on these previously submitted
patches to the block tools, that Kevin has in his
block queue:
https://lists.gnu.org/archive/html/qemu-block/2016-02/msg00361.html
As can be guessed from the subject, the primary goal of this
patch series is to support LUKS encryption in the QEMU block
layer. QEMU has increasingly been adding native clients for
network block protocols (RBD, gluster, NFS, iSCSI, etc) and
apps like OpenStack are embracing them as it is much easier
to deal with this from a management POV than to deal with the
kernel block layer & userspace tools. Unfortunately when using
QEMU native clients, apps are locked out of using dm-crypt
and LUKS which is undesirable.
This series introduces two new features to the block layer.
First there is a general purpose 'luks' format driver which
can be layered over any other existing block driver. eg it
can be layed above RBD, iSCSI, etc. Second the qcow2 file
format is extended so that its embedded encryption can be
replaced with the LUKS data format. While you could just
layer the general purpose luks driver over qcow2, this is
slightly less desirable, as it removes the ability to
reliably auto-detect that LUKS is used by QEMU, as opposed
to used by the guest OS. Having use of LUKS encoded in the
qcow2 header addresses this.
The code is designed such that there is a strict separation
between the full disk encryption format and the block I/O
layer. Thus there is an generic API for dealing with full
disk encryption added to the crypto/ subsystem. The block
layer merely calls this FDE API when required, which serves
to minimize the code present in the already complex block
layer.
The big change in this series is the addition of an integration
test in tests/qemu-iotests/145. This uses 'sudo cryptsetup' to
create LUKS volumes on the host kernel and perform I/O to/from
them. This is validated against QEMU's implementation using
qemu-io. Conversely we also create LUKS volumes wth qemu-img
and then validate that the kernel can use them. This proves
good interoperability between the two implementations across
a wide range of crypto algorithms.
The big thing that I have *not* addressed is Fam's idea about
modifying the generic block layer so that it can automatically
instantitate a LUKS block driver above the qcow2 driver, if
qcow2 indicates that it needs encryption support. I'm still
not 100% sure this is the right way to go, but I've not had
time to investigate, since the focus since last posting has
been on dm-crypt interoperability for the generic 'luks'
block driver.
The first 11 patches add some supporting APIs and algorithms
to the crypto subsystem.
The 12-13 patches introduce the general full disk encryption
API to the crypto subsystem and LUKS implementation
Patches 14-18 do a little preparation to the block code for
future patches.
Patch 19 addes the new 'luks' block driver format along with
a test for interoperability with dm-crypt/cryptsetup
Patches 20-23 convert qcow & qcow2 to the new FDE APIs,
enabling LUKS in qcow2 (but not qcow) at the same time.
Patches 24-25 clean up the horrible password handling
cruft in the block layer and monitor.
Patch 26 blocks use of the legacy qcow[2] encryption
from the system emulators.
Changes since v2:
- Added support for XTS cipher usage mode
- Added support for serpent, twofish & cast5 ciphers
- Use qemu/osdep.h where applicable (Eric)
- Use MAX macro where applicable (Eric)
- Use bool instead of gboolean (Eric)
- Use bytes instead of sectors in API to future proof
for 4k sector sizes (Eric)
- Add asserts for LUKS structs matching spec size (Eric)
- Switch to XTS+plain64 instead of CBC+essiv for new
LUKS volumes
- Add qemu I/O test 145 for dm-crypt interoperability
- Rearrange vol creation so that we treat size as the
logical guest volume size, instead of physical
container size (Fam).
- Push malloc of bounce buffer out of loop in LUKS
block driver (Eric)
- Many misc typos/docs fixes (Fam, Eric)
Changes since v1:
- Unit testing coverage of the full disk encryption
APIs
- Functional testing of LUKS driver via the
qemu-iotests for the block layer
- Use GNUTLS random API for the random byte source
- Use Makefile.objs for conditional compilation of
pbkdf files (Fam)
- Use 'key-secret' instead of 'key-id' as property
for decryption key (Paolo)
- Rename 'fde' to 'crypto' in block code (Kevin)
- Fix accounting of encryption header clusters when
checking refcounts (Kevin)
- Rename format 'qcowaes' to 'qcow' (Eric)
- Fix qapi syntax for marking optional parameters (Eric)
- Add assertions in I/O path for BDRV_O_NO_IO flag
- Cleanup return codes / error reporting (Kevin)
- Other misc fixes identified in testing
Changes since WIP:
- QAPI parameters defined for the encryption key ID
- The qcow2 integration of LUKS is working, using
extra allocated clusters to store LUKS header
instead of trying to expand the main qcow2 header
region to > 1 cluster
- qemu-img info now works without prompting for
decryption password
- Unit testing of pbkdf2, afsplit and ivgen APis.
Daniel P. Berrange (26):
crypto: add cryptographic random byte source
crypto: add support for PBKDF2 algorithm
crypto: add support for generating initialization vectors
crypto: add support for anti-forensic split algorithm
crypto: skip testing of unsupported cipher algorithms
crypto: add support for the cast5-128 cipher algorithm
crypto: add support for the serpent cipher algorithm
crypto: add support for the twofish cipher algorithm
crypto: import an implementation of the XTS cipher mode
crypto: refactor code for dealing with AES cipher
crypto: wire up XTS mode for cipher APIs
crypto: add block encryption framework
crypto: implement the LUKS block encryption format
block: add flag to indicate that no I/O will be performed
qemu-img/qemu-io: don't prompt for passwords if not required
tests: redirect stderr to stdout for iotests
tests: refactor python I/O tests helper main method
tests: add output filter to python I/O tests helper
block: add generic full disk encryption driver
qcow2: make qcow2_encrypt_sectors encrypt in place
qcow2: convert QCow2 to use QCryptoBlock for encryption
qcow: make encrypt_sectors encrypt in place
qcow: convert QCow to use QCryptoBlock for encryption
block: rip out all traces of password prompting
block: remove all encryption handling APIs
block: remove support for legecy AES qcow/qcow2 encryption
Makefile.objs | 2 +-
block.c | 99 +-
block/Makefile.objs | 2 +
block/crypto.c | 568 +++++++++++
block/io.c | 2 +
block/qapi.c | 2 +-
block/qcow.c | 199 ++--
block/qcow2-cluster.c | 53 +-
block/qcow2-refcount.c | 10 +
block/qcow2.c | 499 +++++++--
block/qcow2.h | 24 +-
blockdev.c | 41 +-
crypto/Makefile.objs | 17 +
crypto/afsplit.c | 158 +++
crypto/block-luks.c | 1313 ++++++++++++++++++++++++
crypto/block-luks.h | 28 +
crypto/block-qcow.c | 173 ++++
crypto/block-qcow.h | 28 +
crypto/block.c | 260 +++++
crypto/blockpriv.h | 92 ++
crypto/cipher-builtin.c | 207 +++-
crypto/cipher-gcrypt.c | 171 +++-
crypto/cipher-nettle.c | 197 +++-
crypto/cipher.c | 41 +-
crypto/ivgen-essiv.c | 118 +++
crypto/ivgen-essiv.h | 28 +
crypto/ivgen-plain.c | 59 ++
crypto/ivgen-plain.h | 28 +
crypto/ivgen-plain64.c | 59 ++
crypto/ivgen-plain64.h | 28 +
crypto/ivgen.c | 99 ++
crypto/ivgenpriv.h | 49 +
crypto/pbkdf-gcrypt.c | 68 ++
crypto/pbkdf-nettle.c | 65 ++
crypto/pbkdf-stub.c | 41 +
crypto/pbkdf.c | 77 ++
crypto/random-gcrypt.c | 33 +
crypto/random-gnutls.c | 43 +
crypto/random-stub.c | 31 +
crypto/xts.c | 256 +++++
docs/specs/qcow2.txt | 77 ++
hmp.c | 31 -
hw/usb/dev-storage.c | 34 -
include/block/block.h | 6 +-
include/block/block_int.h | 1 -
include/crypto/afsplit.h | 135 +++
include/crypto/block.h | 232 +++++
include/crypto/ivgen.h | 206 ++++
include/crypto/pbkdf.h | 152 +++
include/crypto/random.h | 44 +
include/crypto/xts.h | 86 ++
include/monitor/monitor.h | 7 -
include/qemu/osdep.h | 2 -
monitor.c | 68 --
qapi/block-core.json | 46 +-
qapi/crypto.json | 145 ++-
qemu-img.c | 66 +-
qemu-io.c | 21 -
qmp.c | 10 +-
tests/.gitignore | 5 +
tests/Makefile | 10 +
tests/qemu-iotests/049 | 2 +-
tests/qemu-iotests/049.out | 10 +-
tests/qemu-iotests/082.out | 189 ++++
tests/qemu-iotests/087 | 30 +-
tests/qemu-iotests/087.out | 28 +-
tests/qemu-iotests/134 | 18 +-
tests/qemu-iotests/134.out | 33 +-
tests/qemu-iotests/145 | 521 ++++++++++
tests/qemu-iotests/145.out | 2252 +++++++++++++++++++++++++++++++++++++++++
tests/qemu-iotests/common | 8 +
tests/qemu-iotests/group | 1 +
tests/qemu-iotests/iotests.py | 48 +-
tests/test-crypto-afsplit.c | 191 ++++
tests/test-crypto-block.c | 343 +++++++
tests/test-crypto-cipher.c | 215 +++-
tests/test-crypto-ivgen.c | 168 +++
tests/test-crypto-pbkdf.c | 378 +++++++
tests/test-crypto-xts.c | 424 ++++++++
util/oslib-posix.c | 66 --
util/oslib-win32.c | 24 -
81 files changed, 10721 insertions(+), 880 deletions(-)
create mode 100644 block/crypto.c
create mode 100644 crypto/afsplit.c
create mode 100644 crypto/block-luks.c
create mode 100644 crypto/block-luks.h
create mode 100644 crypto/block-qcow.c
create mode 100644 crypto/block-qcow.h
create mode 100644 crypto/block.c
create mode 100644 crypto/blockpriv.h
create mode 100644 crypto/ivgen-essiv.c
create mode 100644 crypto/ivgen-essiv.h
create mode 100644 crypto/ivgen-plain.c
create mode 100644 crypto/ivgen-plain.h
create mode 100644 crypto/ivgen-plain64.c
create mode 100644 crypto/ivgen-plain64.h
create mode 100644 crypto/ivgen.c
create mode 100644 crypto/ivgenpriv.h
create mode 100644 crypto/pbkdf-gcrypt.c
create mode 100644 crypto/pbkdf-nettle.c
create mode 100644 crypto/pbkdf-stub.c
create mode 100644 crypto/pbkdf.c
create mode 100644 crypto/random-gcrypt.c
create mode 100644 crypto/random-gnutls.c
create mode 100644 crypto/random-stub.c
create mode 100644 crypto/xts.c
create mode 100644 include/crypto/afsplit.h
create mode 100644 include/crypto/block.h
create mode 100644 include/crypto/ivgen.h
create mode 100644 include/crypto/pbkdf.h
create mode 100644 include/crypto/random.h
create mode 100644 include/crypto/xts.h
create mode 100755 tests/qemu-iotests/145
create mode 100644 tests/qemu-iotests/145.out
create mode 100644 tests/test-crypto-afsplit.c
create mode 100644 tests/test-crypto-block.c
create mode 100644 tests/test-crypto-ivgen.c
create mode 100644 tests/test-crypto-pbkdf.c
create mode 100644 tests/test-crypto-xts.c
--
2.5.0
- [Qemu-devel] [PATCH v3 00/26] Support LUKS encryption in block devices,
Daniel P. Berrange <=
- [Qemu-devel] [PATCH v3 02/26] crypto: add support for PBKDF2 algorithm, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 06/26] crypto: add support for the cast5-128 cipher algorithm, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 01/26] crypto: add cryptographic random byte source, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 05/26] crypto: skip testing of unsupported cipher algorithms, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 04/26] crypto: add support for anti-forensic split algorithm, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 03/26] crypto: add support for generating initialization vectors, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 07/26] crypto: add support for the serpent cipher algorithm, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 08/26] crypto: add support for the twofish cipher algorithm, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 10/26] crypto: refactor code for dealing with AES cipher, Daniel P. Berrange, 2016/02/15
- [Qemu-devel] [PATCH v3 15/26] qemu-img/qemu-io: don't prompt for passwords if not required, Daniel P. Berrange, 2016/02/15