Message ID | 20220906084147.1423045-1-berrange@redhat.com |
---|---|
Headers | show |
Series | crypto: improve robustness of LUKS metadata validation | expand |
On Tue, Sep 06, 2022 at 09:41:36AM +0100, Daniel P. Berrangé wrote: > Richard pointed out that we didn't do all that much validation against > bad parameters in the LUKS header metadata. This series adds a bunch > more validation checks along with unit tests to demonstrate they are > having effect against maliciously crafted headers. > > Daniel P. Berrangé (11): > crypto: sanity check that LUKS header strings are NUL-terminated > crypto: enforce that LUKS stripes is always a fixed value > crypto: enforce that key material doesn't overlap with LUKS header > crypto: validate that LUKS payload doesn't overlap with header > crypto: strengthen the check for key slots overlapping with LUKS > header > crypto: check that LUKS PBKDF2 iterations count is non-zero > crypto: split LUKS header definitions off into file > crypto: split off helpers for converting LUKS header endianess > crypto: quote algorithm names in error messages > crypto: ensure LUKS tests run with GNUTLS crypto provider > crypto: add test cases for many malformed LUKS header scenarios > > crypto/block-luks-priv.h | 143 ++++++++++++++++ > crypto/block-luks.c | 228 +++++++++++-------------- > tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++- > 3 files changed, 542 insertions(+), 131 deletions(-) > create mode 100644 crypto/block-luks-priv.h I think there is one typo in a commit message, but for the series: Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Rich.