diff mbox series

[02/11] crypto: enforce that LUKS stripes is always a fixed value

Message ID 20220906084147.1423045-3-berrange@redhat.com
State New
Headers show
Series crypto: improve robustness of LUKS metadata validation | expand

Commit Message

Daniel P. Berrangé Sept. 6, 2022, 8:41 a.m. UTC 
Although the LUKS stripes are encoded in the keyslot header and so
potentially configurable, in pratice the cryptsetup impl mandates
this has the fixed value 4000. To avoid incompatibility apply the
same enforcement in QEMU too. This also caps the memory usage for
key material when QEMU tries to open a LUKS volume.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 crypto/block-luks.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Richard W.M. Jones Sept. 6, 2022, 9:09 a.m. UTC | #1 
On Tue, Sep 06, 2022 at 09:41:38AM +0100, Daniel P. Berrangé wrote:
> Although the LUKS stripes are encoded in the keyslot header and so
> potentially configurable, in pratice the cryptsetup impl mandates
> this has the fixed value 4000. To avoid incompatibility apply the
> same enforcement in QEMU too. This also caps the memory usage for
> key material when QEMU tries to open a LUKS volume.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>  crypto/block-luks.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/crypto/block-luks.c b/crypto/block-luks.c
> index 27d1b34c1d..81744e2a8e 100644
> --- a/crypto/block-luks.c
> +++ b/crypto/block-luks.c
> @@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
>                                                     header_sectors,
>                                                     slot1->stripes);
>  
> -        if (slot1->stripes == 0) {
> -            error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
> +        if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) {
> +            error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)",
> +                       i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES);
>              return -1;
>          }

In nbdkit I decided to just check that this number < 10000, but I
agree that the only important implementation (the kernel) always fixes
this at 4000 (cryptsetup.git/lib/keymanage.c), so:

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>

Rich.
diff mbox series

Patch

diff --git a/crypto/block-luks.c b/crypto/block-luks.c
index 27d1b34c1d..81744e2a8e 100644
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@@ -582,8 +582,9 @@  qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
                                                    header_sectors,
                                                    slot1->stripes);
 
-        if (slot1->stripes == 0) {
-            error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
+        if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) {
+            error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)",
+                       i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES);
             return -1;
         }