qcrypto-luks: more rigorous header checking
Check that keyslots don't overlap with the data, and check that keyslots don't overlap with each other. (this is done using naive O(n^2) nested loops, but since there are just 8 keyslots, this doesn't really matter. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
bd56a55a94
commit
befdba9edd
@ -530,6 +530,11 @@ qcrypto_block_luks_load_header(QCryptoBlock *block,
|
|||||||
static int
|
static int
|
||||||
qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
|
qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
|
||||||
{
|
{
|
||||||
|
size_t i, j;
|
||||||
|
|
||||||
|
unsigned int header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
|
||||||
|
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
|
||||||
|
|
||||||
if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
|
if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
|
||||||
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
|
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
|
||||||
error_setg(errp, "Volume is not in LUKS format");
|
error_setg(errp, "Volume is not in LUKS format");
|
||||||
@ -541,6 +546,53 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
|
|||||||
luks->header.version);
|
luks->header.version);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Check all keyslots for corruption */
|
||||||
|
for (i = 0 ; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; i++) {
|
||||||
|
|
||||||
|
const QCryptoBlockLUKSKeySlot *slot1 = &luks->header.key_slots[i];
|
||||||
|
unsigned int start1 = slot1->key_offset_sector;
|
||||||
|
unsigned int len1 =
|
||||||
|
qcrypto_block_luks_splitkeylen_sectors(luks,
|
||||||
|
header_sectors,
|
||||||
|
slot1->stripes);
|
||||||
|
|
||||||
|
if (slot1->stripes == 0) {
|
||||||
|
error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_DISABLED &&
|
||||||
|
slot1->active != QCRYPTO_BLOCK_LUKS_KEY_SLOT_ENABLED) {
|
||||||
|
error_setg(errp,
|
||||||
|
"Keyslot %zu state (active/disable) is corrupted", i);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (start1 + len1 > luks->header.payload_offset_sector) {
|
||||||
|
error_setg(errp,
|
||||||
|
"Keyslot %zu is overlapping with the encrypted payload",
|
||||||
|
i);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (j = i + 1 ; j < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS ; j++) {
|
||||||
|
const QCryptoBlockLUKSKeySlot *slot2 = &luks->header.key_slots[j];
|
||||||
|
unsigned int start2 = slot2->key_offset_sector;
|
||||||
|
unsigned int len2 =
|
||||||
|
qcrypto_block_luks_splitkeylen_sectors(luks,
|
||||||
|
header_sectors,
|
||||||
|
slot2->stripes);
|
||||||
|
|
||||||
|
if (start1 + len1 > start2 && start2 + len2 > start1) {
|
||||||
|
error_setg(errp,
|
||||||
|
"Keyslots %zu and %zu are overlapping in the header",
|
||||||
|
i, j);
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user