From: Ondrej Kozina <okozina@redhat.com>
To: "dm-crypt@saout.de" <dm-crypt@saout.de>
Cc: "Schneider, Robert" <robert.schneider03@sap.com>,
Milan Broz <gmazyland@gmail.com>
Subject: [dm-crypt] Re: Transactional updates for LUKS2 metadata?
Date: Tue, 20 Apr 2021 10:43:56 +0200 [thread overview]
Message-ID: <8b72fbe2-1197-149e-b59d-7f10e2b6b8e3@redhat.com> (raw)
In-Reply-To: <AM0PR02MB55853E23D3570BAA4E21FB358F719@AM0PR02MB5585.eurprd02.prod.outlook.com>
On 4/11/21 2:09 PM, Schneider, Robert wrote:
> Thank you very much for your response!
>
> I am implementing a form of key rotation for a "backup" key (a secondary key). The backup key has associated data which I wanted to store in a token. This associated data is required to get the passphrase. To rotate this backup key, I have to adjust the keyslot json object, the token, and the keyslot binary data.
>
> Currently, I am using two keyslots to implement a safe update. I'm relying on the atomicity of API calls such as crypt_keyslot_add_by_* to a certain degree. To maintain the pair of keyslots, I write a sequence number into the token object. The key is rotated as follows:
> 1. crypt_keyslot_add_* - add new keyslot
> 2. crypt_token_set - add metadata for new keyslot, with incremented sequence number
> 3. crypt_keyslot_wipe - remove old keyslot and tokens
I have a suggestion based on the atomic writes of LUKS2 metadata. (LUKS2
metadata only because as you've correctly noticed keyslots binary area
writes does not provide any such guaranties at the moment).
Also it's based on assumption your application understands the token
content and therefore can do something like this:
1) Write token with following metadata (let's say in token id 6)
{
"type" : "my_token",
"keyslots" : [],
"new_keyslot" : 21, <-- does not exist yet
"current_keyslot" : 5, <-- it's the old keyslot, stil valid
}
2) crypt_keyslot_add_* (with keyslot id 21)
3) wipe_keyslot 5
4) replace token 6 with new metadata (this will be atomic):
{
"type" : "my_token",
"keyslots" : [],
"current_keyslot" : 21
}
If anytime in between 1) and 4) crash occurs you can double check:
Does 'new_keyslot' exist and is it ok (just check passphrase by unlock
API function with name set to NULL). Yes? go on. No? we crashed during
step 2)
Provided both "current_keyslot" and "new_keyslot" fields are in token
metadata: Does keyslot referenced in "current_keyslot" still exist? Yes?
we crashed during step 3) No? we crashed in before step 4) finished
correctly.
If "current_keyslot" field is missing the transaction was successfully
completed.
Internal LUKS2 format validation code only enforces content in fields
"type" and "keyslots". The later can be left empty.
Did I understand your use case correctly?
Kind regards
O.
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de
next prev parent reply other threads:[~2021-04-20 8:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-09 18:46 [dm-crypt] Transactional updates for LUKS2 metadata? Schneider, Robert
2021-04-10 19:27 ` [dm-crypt] " Milan Broz
2021-04-11 12:09 ` Schneider, Robert
2021-04-20 8:43 ` Ondrej Kozina [this message]
2021-04-22 7:00 ` Schneider, Robert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8b72fbe2-1197-149e-b59d-7f10e2b6b8e3@redhat.com \
--to=okozina@redhat.com \
--cc=dm-crypt@saout.de \
--cc=gmazyland@gmail.com \
--cc=robert.schneider03@sap.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.