crypto: Add tls-cipher-suites object

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

On the host OS, various aspects of TLS operation are configurable.
In particular it is possible for the sysadmin to control the TLS
cipher/protocol algorithms that applications are permitted to use.

* Any given crypto library has a built-in default priority list
defined by the distro maintainer of the library package (or by
upstream).

* The "crypto-policies" RPM (or equivalent host OS package)
provides a config file such as "/etc/crypto-policies/config",
where the sysadmin can set a high level (library-independent)
policy.

The "update-crypto-policies --set" command (or equivalent) is
used to translate the global policy to individual library
representations, producing files such as
"/etc/crypto-policies/back-ends/*.config". The generated files,
if present, are loaded by the various crypto libraries to
override their own built-in defaults.

For example, the GNUTLS library may read
"/etc/crypto-policies/back-ends/gnutls.config".

* A management application (or the QEMU user) may overide the
system-wide crypto-policies config via their own config, if
they need to diverge from the former.

Thus the priority order is "QEMU user config" > "crypto-policies
system config" > "library built-in config".

Introduce the "tls-cipher-suites" object for exposing the ordered
list of permitted TLS cipher suites from the host side to the
guest firmware, via fw_cfg. The list is represented as an array
of bytes.

The priority at which the host-side policy is retrieved is given
by the "priority" property of the new object type. For example,
"priority=@SYSTEM" may be used to refer to
"/etc/crypto-policies/back-ends/gnutls.config" (given that QEMU
uses GNUTLS).

The firmware uses the IANA_TLS_CIPHER array for configuring
guest-side TLS, for example in UEFI HTTPS Boot.

[Description from Daniel P. Berrangé, edited by Laszlo Ersek.]

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20200623172726.21040-2-philmd@redhat.com>

Philippe Mathieu-Daudé 5 years ago 993aec27 4abf70a6

+179

5 changed files

expand all

crypto

Makefile.objs

tls-cipher-suites.c

trace-events

include

crypto

tls-cipher-suites.h

qemu-options.hx

crypto/Makefile.objs

··· 13 13 crypto-obj-$(CONFIG_AF_ALG) += afalg.o 14 14 crypto-obj-$(CONFIG_AF_ALG) += cipher-afalg.o 15 15 crypto-obj-$(CONFIG_AF_ALG) += hash-afalg.o 16 + crypto-obj-$(CONFIG_GNUTLS) += tls-cipher-suites.o 16 17 crypto-obj-y += tlscreds.o 17 18 crypto-obj-y += tlscredsanon.o 18 19 crypto-obj-y += tlscredspsk.o

+115

crypto/tls-cipher-suites.c

··· 1 + /* 2 + * QEMU TLS Cipher Suites 3 + * 4 + * Copyright (c) 2018-2020 Red Hat, Inc. 5 + * 6 + * Author: Philippe Mathieu-Daudé <philmd@redhat.com> 7 + * 8 + * SPDX-License-Identifier: GPL-2.0-or-later 9 + */ 10 + 11 + #include "qemu/osdep.h" 12 + #include "qapi/error.h" 13 + #include "qom/object_interfaces.h" 14 + #include "crypto/tlscreds.h" 15 + #include "crypto/tls-cipher-suites.h" 16 + #include "trace.h" 17 + 18 + /* 19 + * IANA registered TLS ciphers: 20 + * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4 21 + */ 22 + typedef struct { 23 + uint8_t data[2]; 24 + } QEMU_PACKED IANA_TLS_CIPHER; 25 + 26 + GByteArray *qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites *obj, 27 + Error **errp) 28 + { 29 + QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(obj); 30 + gnutls_priority_t pcache; 31 + GByteArray *byte_array; 32 + const char *err; 33 + size_t i; 34 + int ret; 35 + 36 + trace_qcrypto_tls_cipher_suite_priority(creds->priority); 37 + ret = gnutls_priority_init(&pcache, creds->priority, &err); 38 + if (ret < 0) { 39 + error_setg(errp, "Syntax error using priority '%s': %s", 40 + creds->priority, gnutls_strerror(ret)); 41 + return NULL; 42 + } 43 + 44 + byte_array = g_byte_array_new(); 45 + 46 + for (i = 0;; i++) { 47 + int ret; 48 + unsigned idx; 49 + const char *name; 50 + IANA_TLS_CIPHER cipher; 51 + gnutls_protocol_t protocol; 52 + const char *version; 53 + 54 + ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx); 55 + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { 56 + break; 57 + } 58 + if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) { 59 + continue; 60 + } 61 + 62 + name = gnutls_cipher_suite_info(idx, (unsigned char *)&cipher, 63 + NULL, NULL, NULL, &protocol); 64 + if (name == NULL) { 65 + continue; 66 + } 67 + 68 + version = gnutls_protocol_get_name(protocol); 69 + g_byte_array_append(byte_array, cipher.data, 2); 70 + trace_qcrypto_tls_cipher_suite_info(cipher.data[0], 71 + cipher.data[1], 72 + version, name); 73 + } 74 + trace_qcrypto_tls_cipher_suite_count(byte_array->len); 75 + gnutls_priority_deinit(pcache); 76 + 77 + return byte_array; 78 + } 79 + 80 + static void qcrypto_tls_cipher_suites_complete(UserCreatable *uc, 81 + Error **errp) 82 + { 83 + QCryptoTLSCreds *creds = QCRYPTO_TLS_CREDS(uc); 84 + 85 + if (!creds->priority) { 86 + error_setg(errp, "'priority' property is not set"); 87 + return; 88 + } 89 + } 90 + 91 + static void qcrypto_tls_cipher_suites_class_init(ObjectClass *oc, void *data) 92 + { 93 + UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc); 94 + 95 + ucc->complete = qcrypto_tls_cipher_suites_complete; 96 + } 97 + 98 + static const TypeInfo qcrypto_tls_cipher_suites_info = { 99 + .parent = TYPE_QCRYPTO_TLS_CREDS, 100 + .name = TYPE_QCRYPTO_TLS_CIPHER_SUITES, 101 + .instance_size = sizeof(QCryptoTLSCreds), 102 + .class_size = sizeof(QCryptoTLSCredsClass), 103 + .class_init = qcrypto_tls_cipher_suites_class_init, 104 + .interfaces = (InterfaceInfo[]) { 105 + { TYPE_USER_CREATABLE }, 106 + { } 107 + } 108 + }; 109 + 110 + static void qcrypto_tls_cipher_suites_register_types(void) 111 + { 112 + type_register_static(&qcrypto_tls_cipher_suites_info); 113 + } 114 + 115 + type_init(qcrypto_tls_cipher_suites_register_types);

crypto/trace-events

··· 21 21 # tlssession.c 22 22 qcrypto_tls_session_new(void *session, void *creds, const char *hostname, const char *authzid, int endpoint) "TLS session new session=%p creds=%p hostname=%s authzid=%s endpoint=%d" 23 23 qcrypto_tls_session_check_creds(void *session, const char *status) "TLS session check creds session=%p status=%s" 24 + 25 + # tls-cipher-suites.c 26 + qcrypto_tls_cipher_suite_priority(const char *name) "priority: %s" 27 + qcrypto_tls_cipher_suite_info(uint8_t data0, uint8_t data1, const char *version, const char *name) "data=[0x%02x,0x%02x] version=%s name=%s" 28 + qcrypto_tls_cipher_suite_count(unsigned count) "count: %u"

+39

include/crypto/tls-cipher-suites.h

··· 1 + /* 2 + * QEMU TLS Cipher Suites Registry (RFC8447) 3 + * 4 + * Copyright (c) 2018-2020 Red Hat, Inc. 5 + * 6 + * Author: Philippe Mathieu-Daudé <philmd@redhat.com> 7 + * 8 + * SPDX-License-Identifier: GPL-2.0-or-later 9 + */ 10 + 11 + #ifndef QCRYPTO_TLSCIPHERSUITES_H 12 + #define QCRYPTO_TLSCIPHERSUITES_H 13 + 14 + #include "qom/object.h" 15 + #include "crypto/tlscreds.h" 16 + 17 + #define TYPE_QCRYPTO_TLS_CIPHER_SUITES "tls-cipher-suites" 18 + #define QCRYPTO_TLS_CIPHER_SUITES(obj) \ 19 + OBJECT_CHECK(QCryptoTLSCipherSuites, (obj), TYPE_QCRYPTO_TLS_CIPHER_SUITES) 20 + 21 + typedef struct QCryptoTLSCipherSuites { 22 + /* <private> */ 23 + QCryptoTLSCreds parent_obj; 24 + /* <public> */ 25 + } QCryptoTLSCipherSuites; 26 + 27 + /** 28 + * qcrypto_tls_cipher_suites_get_data: 29 + * @obj: pointer to a TLS cipher suites object 30 + * @errp: pointer to a NULL-initialized error object 31 + * 32 + * Returns: reference to a byte array containing the data. 33 + * The caller should release the reference when no longer 34 + * required. 35 + */ 36 + GByteArray *qcrypto_tls_cipher_suites_get_data(QCryptoTLSCipherSuites *obj, 37 + Error **errp); 38 + 39 + #endif /* QCRYPTO_TLSCIPHERSUITES_H */

+19

qemu-options.hx

··· 4567 4567 string as described at 4568 4568 https://gnutls.org/manual/html_node/Priority-Strings.html. 4569 4569 4570 + ``-object tls-cipher-suites,id=id,priority=priority`` 4571 + Creates a TLS cipher suites object, which can be used to control 4572 + the TLS cipher/protocol algorithms that applications are permitted 4573 + to use. 4574 + 4575 + The ``id`` parameter is a unique ID which frontends will use to 4576 + access the ordered list of permitted TLS cipher suites from the 4577 + host. 4578 + 4579 + The ``priority`` parameter allows to override the global default 4580 + priority used by gnutls. This can be useful if the system 4581 + administrator needs to use a weaker set of crypto priorities for 4582 + QEMU without potentially forcing the weakness onto all 4583 + applications. Or conversely if one wants wants a stronger 4584 + default for QEMU than for all other applications, they can do 4585 + this through this parameter. Its format is a gnutls priority 4586 + string as described at 4587 + https://gnutls.org/manual/html_node/Priority-Strings.html. 4588 + 4570 4589 ``-object filter-buffer,id=id,netdev=netdevid,interval=t[,queue=all|rx|tx][,status=on|off][,position=head|tail|id=<id>][,insert=behind|before]`` 4571 4590 Interval t can't be 0, this filter batches the packet delivery: 4572 4591 all packets arriving in a given interval on netdev netdevid are