[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 00/11] crypto: improve robustness of LUKS metadata validation
From: |
Daniel P . Berrangé |
Subject: |
[PATCH 00/11] crypto: improve robustness of LUKS metadata validation |
Date: |
Tue, 6 Sep 2022 09:41:36 +0100 |
Richard pointed out that we didn't do all that much validation against
bad parameters in the LUKS header metadata. This series adds a bunch
more validation checks along with unit tests to demonstrate they are
having effect against maliciously crafted headers.
Daniel P. Berrangé (11):
crypto: sanity check that LUKS header strings are NUL-terminated
crypto: enforce that LUKS stripes is always a fixed value
crypto: enforce that key material doesn't overlap with LUKS header
crypto: validate that LUKS payload doesn't overlap with header
crypto: strengthen the check for key slots overlapping with LUKS
header
crypto: check that LUKS PBKDF2 iterations count is non-zero
crypto: split LUKS header definitions off into file
crypto: split off helpers for converting LUKS header endianess
crypto: quote algorithm names in error messages
crypto: ensure LUKS tests run with GNUTLS crypto provider
crypto: add test cases for many malformed LUKS header scenarios
crypto/block-luks-priv.h | 143 ++++++++++++++++
crypto/block-luks.c | 228 +++++++++++--------------
tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++-
3 files changed, 542 insertions(+), 131 deletions(-)
create mode 100644 crypto/block-luks-priv.h
--
2.37.2
- [PATCH 00/11] crypto: improve robustness of LUKS metadata validation,
Daniel P . Berrangé <=
- [PATCH 02/11] crypto: enforce that LUKS stripes is always a fixed value, Daniel P . Berrangé, 2022/09/06
- [PATCH 11/11] crypto: add test cases for many malformed LUKS header scenarios, Daniel P . Berrangé, 2022/09/06
- [PATCH 04/11] crypto: validate that LUKS payload doesn't overlap with header, Daniel P . Berrangé, 2022/09/06
- [PATCH 09/11] crypto: quote algorithm names in error messages, Daniel P . Berrangé, 2022/09/06
- [PATCH 05/11] crypto: strengthen the check for key slots overlapping with LUKS header, Daniel P . Berrangé, 2022/09/06
- [PATCH 06/11] crypto: check that LUKS PBKDF2 iterations count is non-zero, Daniel P . Berrangé, 2022/09/06
- [PATCH 03/11] crypto: enforce that key material doesn't overlap with LUKS header, Daniel P . Berrangé, 2022/09/06