Tag Archives: encryption

nbdkit finally supports TLS (encryption)

nbdkit is a liberally licensed NBD server which a stable plugin API for serving disks from unconventional sources.

Finally I got around to adding TLS (encryption and authentication) support. The support is complete and appears to interoperate with QEMU. It also supports a certificate authority, client certificate verification, certificate revocation, server verification (by the client), and configurable algorithms.

Actually using TLS with NBD is no easy matter. It takes a few pages of instructions just to explain how to set up the public-key infrastructure. On the client (QEMU) side, the command line parameter for connecting to a TLS-enabled NBD server is lengthy.

Then there’s the question of how you ensure TLS is being used. In nbdkit as in other NBD servers you can either turn on TLS in which case it’s used when the client requests it, or you can require TLS. In the latter case nbdkit will reject non-TLS connections (thus ensuring TLS is really being used), but most clients won’t be able to connect to such a server.

As usual, where SSH got it right, SSL/TLS/HTTPS got it all horribly wrong.

Advertisements

7 Comments

Filed under Uncategorized

guestfish -i now decrypts encrypted guests

$ guestfish --ro -i /tmp/encrypted.img
Enter key or passphrase ("/dev/vda2"): ***

Welcome to guestfish, the libguestfs filesystem interactive shell for
editing virtual machine filesystems.

Type: 'help' for help on commands
      'man' to read the manual
      'quit' to quit the shell

Operating system: Fedora release 13 (Goddard)
/dev/vg_f13x64encrypted/lv_root mounted on /
/dev/vda1 mounted on /boot

><fs> 

I was asked yesterday how to use these features direct from the API. The simplest thing is probably to add the guestfish -x option which will trace out all the API calls that guestfish uses, eg:

$ guestfish --ro -x -i /tmp/encrypted.img
add_drive_opts "/tmp/encrypted.img" "readonly:true"
is_config
launch
list_partitions
vfs_type "/dev/vda1"
vfs_type "/dev/vda2"
Enter key or passphrase ("/dev/vda2"): ***
luks_open "/dev/vda2" "***" "luksvda2"
vgscan
vg_activate_all true
inspect_os
[etc]

and you can use the same API calls from your own program.

Leave a comment

Filed under Uncategorized

USB Hardware Random Number Generator

This is a USB Entropy Key, cost £42 inc VAT and delivery from a company up in Lancashire.

usb 2-1: new full speed USB device using uhci_hcd and address 2
usb 2-1: New USB device found, idVendor=20df, idProduct=0001
usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 2-1: Product: Entropy Key
usb 2-1: Manufacturer: Simtec Electronics
usb 2-1: SerialNumber: M/xxx

I can report that it works fine in Fedora 13 with the open source daemon provided. The entropy can be collected in a file, passed to egd, but by default it is added to the kernel entropy pool for use by /dev/random and things like ASLR.

I love how overengineered (yet cheap) this thing is. From the documentation:

“The Entropy Key uses P-N semiconductor junctions reverse biased with a high enough voltage to bring them near to, but not beyond, breakdown in order to generate noise. In other words, it has a pair of devices that are wired up in such a way that as a high potential is applied across them, where electrons do not normally flow in this direction and would be blocked, the high voltage compresses the semiconduction gap sufficiently that the occasional stray electron will quantum tunnel through the P-N junction. (This is sometimes referred to as avalanche noise.) When this happens is unpredictable, and the occurrence of these events is what the Entropy Key measures.

These noise generators are then coupled to a 72MHz ARM Cortex-M3 CPU on the device. This processor samples the generators at a high frequency, forming a stream of random bytes. These streams of bytes are then analyzed using Ueli Maurer’s universal test for random bit generators whereby the amount of entropy in the streams is estimated rather conservatively. The streams are also exclusive-ORed together and that stream’s entropy is estimated in the same manner. If the raw streams appear to have severely reduced entropy then it indicates a fault in that generator, if the third stream has low entropy then it indicates that the generators have correlated and are not independently gathering entropy. Any of those three states are considered a failure mode and will result in the eKey locking itself out of the host, returning only an error code instead of generating entropy packets.

The two raw streams are then processed further in a de-biasing process invented by John von Neumann. Their entropy is estimated after the de-biasing process has been performed. Again, if the estimated entropy in the streams is seen to vary too wildly at this stage, the Entropy Key will lock itself out. The processed streams are then mixed into a pool made with a secure hashing function. Once at least 50% more (estimated) entropy has been mixed into the pool than it could possibly hold it is finalised and another pool initialised. Once enough pools have been processed to fill 20000 bits, the totality is subjected to the tests stipulated in FIPS 140-2. These tests produce a PASS/FAIL indicator for the block. On its own, this is not useful, since a perfectly random block could quite plausibly fail the tests. The Entropy Key therefore keeps running statistics on the FIPS 140-2 tests and will lock itself out if the ratio of failed blocks to passed blocks rises above a conservative estimate of the statistical likelihood of failure.

Once the block has been analysed, regardless of its PASS/FAIL indication, it is chopped up into 32 byte packets and these are handed off to the protocol handler in the device. Through this process therefore, each 256 bit block of data handed to the host was formed from somewhere in the region of between 3000 and 5000 bits read from the generators.”

2 Comments

Filed under Uncategorized

More support for Linux encrypted VMs in libguestfs

I added support for creating new LUKS disk images and managing existing key slots.

Leave a comment

Filed under Uncategorized

libguestfs support for encrypted Linux VMs

Two people asked me in about as many days if libguestfs supports encrypted VMs, so with the help of LUKS I added this feature.

A typical session in guestfish looks like this:

$ guestfish --ro -a encrypted.img
><fs> run
><fs> list-devices
/dev/vda
><fs> list-partitions
/dev/vda1
/dev/vda2
><fs> vfs-type /dev/vda2
crypto_LUKS
><fs> luks-open /dev/vda2 luksdev
Enter key or passphrase ("key"):
><fs> vgscan
><fs> vg-activate-all true
><fs> vgs
vg_f13x64encrypted
><fs> lvs
/dev/vg_f13x64encrypted/lv_root
/dev/vg_f13x64encrypted/lv_swap
><fs> mount /dev/vg_f13x64encrypted/lv_root /
><fs> ll /
total 132
dr-xr-xr-x.  24 root root  4096 Jul 21 12:01 .
dr-xr-xr-x   20 root root     0 Jul 21 20:06 ..
drwx------.   3 root root  4096 Jul 21 11:59 .dbus
drwx------.   2 root root  4096 Jul 21 12:00 .pulse
-rw-------.   1 root root   256 Jul 21 12:00 .pulse-cookie
dr-xr-xr-x.   2 root root  4096 May 13 03:03 bin

Since it’s a little clumsy to use in guestfish at the moment, I hope we can add some convenience commands in a future release.

PS. WTF are dbus and pulseaudio doing creating those files and directories under /?

Leave a comment

Filed under Uncategorized