qcrypto-luks: more rigorous header checking

Check that keyslots don't overlap with the data,
and check that keyslots don't overlap with each other.
(this is done using naive O(n^2) nested loops,
but since there are just 8 keyslots, this doesn't really matter.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Maxim Levitsky 2019-09-26 00:35:26 +03:00 committed by Daniel P. Berrangé
parent bd56a55a94
commit befdba9edd

View File

@ -530,6 +530,11 @@ qcrypto_block_luks_load_header(QCryptoBlock *block,
static int static int
qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp) qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
{ {
size_t i, j;
unsigned int header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
if (memcmp(luks->header.magic, qcrypto_block_luks_magic, if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) { QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
error_setg(errp, "Volume is not in LUKS format"); error_setg(errp, "Volume is not in LUKS format");
@ -541,6 +546,53 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
luks->header.version); luks->header.version);
return -1; return -1;
} }
/* Check all keyslots for corruption */
for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
const QCryptoBlockLUKSKeySlot *slot1 = &luks->header.key_slots[i];
unsigned int start1 = slot1->key_offset_sector;
unsigned int len1 =
qcrypto_block_luks_splitkeylen_sectors(luks,
header_sectors,
slot1->stripes);
if (slot1->stripes == 0) {
error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
return -1;
}
if (slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED &&
slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
error_setg(errp,
"Keyslot %zu state (active/disable) is corrupted", i);
return -1;
}
if (start1 + len1 > luks->header.payload_offset_sector) {
error_setg(errp,
"Keyslot %zu is overlapping with the encrypted payload",
i);
return -1;
}
for (j = i + 1 ; j < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; j++) {
const QCryptoBlockLUKSKeySlot *slot2 = &luks->header.key_slots[j];
unsigned int start2 = slot2->key_offset_sector;
unsigned int len2 =
qcrypto_block_luks_splitkeylen_sectors(luks,
header_sectors,
slot2->stripes);
if (start1 + len1 > start2 && start2 + len2 > start1) {
error_setg(errp,
"Keyslots %zu and %zu are overlapping in the header",
i, j);
return -1;
}
}
}
return 0; return 0;
} }