Message ID | 20220906084147.1423045-3-berrange@redhat.com |
---|---|
State | New |
Headers | show |
Series | crypto: improve robustness of LUKS metadata validation | expand |
On Tue, Sep 06, 2022 at 09:41:38AM +0100, Daniel P. Berrangé wrote: > Although the LUKS stripes are encoded in the keyslot header and so > potentially configurable, in pratice the cryptsetup impl mandates > this has the fixed value 4000. To avoid incompatibility apply the > same enforcement in QEMU too. This also caps the memory usage for > key material when QEMU tries to open a LUKS volume. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > crypto/block-luks.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/crypto/block-luks.c b/crypto/block-luks.c > index 27d1b34c1d..81744e2a8e 100644 > --- a/crypto/block-luks.c > +++ b/crypto/block-luks.c > @@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) > header_sectors, > slot1->stripes); > > - if (slot1->stripes == 0) { > - error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i); > + if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) { > + error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)", > + i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES); > return -1; > } In nbdkit I decided to just check that this number < 10000, but I agree that the only important implementation (the kernel) always fixes this at 4000 (cryptsetup.git/lib/keymanage.c), so: Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Rich.
diff --git a/crypto/block-luks.c b/crypto/block-luks.c index 27d1b34c1d..81744e2a8e 100644 --- a/crypto/block-luks.c +++ b/crypto/block-luks.c @@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) header_sectors, slot1->stripes); - if (slot1->stripes == 0) { - error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i); + if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) { + error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)", + i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES); return -1; }
Although the LUKS stripes are encoded in the keyslot header and so potentially configurable, in pratice the cryptsetup impl mandates this has the fixed value 4000. To avoid incompatibility apply the same enforcement in QEMU too. This also caps the memory usage for key material when QEMU tries to open a LUKS volume. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- crypto/block-luks.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)