qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 00/11] crypto: improve robustness of LUKS metadata validation

From: Daniel P . Berrangé
Subject: [PATCH 00/11] crypto: improve robustness of LUKS metadata validation
Date: Tue, 6 Sep 2022 09:41:36 +0100 
Richard pointed out that we didn't do all that much validation against
bad parameters in the LUKS header metadata. This series adds a bunch
more validation checks along with unit tests to demonstrate they are
having effect against maliciously crafted headers.

Daniel P. Berrangé (11):
  crypto: sanity check that LUKS header strings are NUL-terminated
  crypto: enforce that LUKS stripes is always a fixed value
  crypto: enforce that key material doesn't overlap with LUKS header
  crypto: validate that LUKS payload doesn't overlap with header
  crypto: strengthen the check for key slots overlapping with LUKS
    header
  crypto: check that LUKS PBKDF2 iterations count is non-zero
  crypto: split LUKS header definitions off into file
  crypto: split off helpers for converting LUKS header endianess
  crypto: quote algorithm names in error messages
  crypto: ensure LUKS tests run with GNUTLS crypto provider
  crypto: add test cases for many malformed LUKS header scenarios

 crypto/block-luks-priv.h       | 143 ++++++++++++++++
 crypto/block-luks.c            | 228 +++++++++++--------------
 tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++-
 3 files changed, 542 insertions(+), 131 deletions(-)
 create mode 100644 crypto/block-luks-priv.h

-- 
2.37.2
reply via email to
[Prev in Thread] Current Thread [Next in Thread]