[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 03/11] crypto: enforce that key material doesn't overlap with LUK
From: |
Daniel P . Berrangé |
Subject: |
[PATCH 03/11] crypto: enforce that key material doesn't overlap with LUKS header |
Date: |
Tue, 6 Sep 2022 09:41:39 +0100 |
We already check that key material doesn't overlap between key slots,
and that it doesn't overlap with the payload. We didn't check for
overlap with the LUKS header.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/block-luks.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 81744e2a8e..6ef9a89ffa 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -595,6 +595,14 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS
*luks, Error **errp)
return -1;
}
+ if (start1 < DIV_ROUND_UP(sizeof(QCryptoBlockLUKSHeader),
+ QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) {
+ error_setg(errp,
+ "Keyslot %zu is overlapping with the LUKS header",
+ i);
+ return -1;
+ }
+
if (start1 + len1 > luks->header.payload_offset_sector) {
error_setg(errp,
"Keyslot %zu is overlapping with the encrypted payload",
--
2.37.2
- [PATCH 00/11] crypto: improve robustness of LUKS metadata validation, Daniel P . Berrangé, 2022/09/06
- [PATCH 02/11] crypto: enforce that LUKS stripes is always a fixed value, Daniel P . Berrangé, 2022/09/06
- [PATCH 11/11] crypto: add test cases for many malformed LUKS header scenarios, Daniel P . Berrangé, 2022/09/06
- [PATCH 04/11] crypto: validate that LUKS payload doesn't overlap with header, Daniel P . Berrangé, 2022/09/06
- [PATCH 09/11] crypto: quote algorithm names in error messages, Daniel P . Berrangé, 2022/09/06
- [PATCH 05/11] crypto: strengthen the check for key slots overlapping with LUKS header, Daniel P . Berrangé, 2022/09/06
- [PATCH 06/11] crypto: check that LUKS PBKDF2 iterations count is non-zero, Daniel P . Berrangé, 2022/09/06
- [PATCH 03/11] crypto: enforce that key material doesn't overlap with LUKS header,
Daniel P . Berrangé <=
- [PATCH 10/11] crypto: ensure LUKS tests run with GNUTLS crypto provider, Daniel P . Berrangé, 2022/09/06
- [PATCH 01/11] crypto: sanity check that LUKS header strings are NUL-terminated, Daniel P . Berrangé, 2022/09/06
- [PATCH 07/11] crypto: split LUKS header definitions off into file, Daniel P . Berrangé, 2022/09/06
- [PATCH 08/11] crypto: split off helpers for converting LUKS header endianess, Daniel P . Berrangé, 2022/09/06
- Re: [PATCH 00/11] crypto: improve robustness of LUKS metadata validation, Richard W.M. Jones, 2022/09/06