eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-05 16:00:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix possible keyslot area size overflow during convert to LUKS2

Browse Source 
If keyslots are not sorted according to binary area offset,
the calculation of area size is wrong and can overflow
(LUKS1 does not store area size, only offset).

Let's just use function that calculates size from volume key size.
Images where keyslot areas are not aligned to 4k offset
are not supported anyway.

Fixes: #753
This commit is contained in:
Milan Broz
2022-06-23 07:02:03 +02:00
parent a485f44b57
commit d22b003640
2 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/luks2/luks2_luks1_convert.c
View File

@@ -62,7 +62,7 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
char *base64_str, cipher[LUKS_CIPHERNAME_L+LUKS_CIPHERMODE_L];
size_t base64_len;
struct json_object *keyslot_obj, *field, *jobj_kdf, *jobj_af, *jobj_area;
uint64_t offset, area_size, offs_a, offs_b, length;
uint64_t offset, area_size, length;
int r;
keyslot_obj = json_object_new_object();
@@ -110,14 +110,12 @@ static int json_luks1_keyslot(const struct luks_phdr *hdr_v1, int keyslot, struc
json_object_object_add(jobj_area, "encryption", json_object_new_string(hdr_v1->cipherName));
/* area */
if (LUKS_keyslot_area(hdr_v1, 0, &offs_a, &length) ||
LUKS_keyslot_area(hdr_v1, 1, &offs_b, &length) ||
LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
if (LUKS_keyslot_area(hdr_v1, keyslot, &offset, &length)) {
json_object_put(keyslot_obj);
json_object_put(jobj_area);
return -EINVAL;
}
area_size = offs_b - offs_a;
area_size = size_round_up(length, 4096);
json_object_object_add(jobj_area, "key_size", json_object_new_int(hdr_v1->keyBytes));
json_object_object_add(jobj_area, "offset", crypt_jobj_new_uint64(offset));
json_object_object_add(jobj_area, "size", crypt_jobj_new_uint64(area_size));

12
tests/compat-test2
View File

@@ -801,6 +801,18 @@ $CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail
$CRYPTSETUP isLuks --type luks2 $LOOPDEV || fail
$CRYPTSETUP luksOpen $LOOPDEV --test-passphrase --key-slot 0 -d $KEY5 || fail
# keyslot 1 area offset is higher than keyslot 0 area
echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --key-slot 0 $LOOPDEV || fail
echo -e "$PWD1\n$PWD2" | $CRYPTSETUP -q luksAddKey $FAST_PBKDF_OPT --key-slot 1 $LOOPDEV || fail
echo -e "$PWD1\n$PWD1" | $CRYPTSETUP -q luksChangeKey $FAST_PBKDF_OPT $LOOPDEV || fail
# convert to LUKS1 and back; LUKS1 does not store length, only offset
$CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
$CRYPTSETUP -q convert --type luks2 $LOOPDEV || fail
echo $PWD1 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
echo $PWD2 | $CRYPTSETUP -q open --test-passphrase $LOOPDEV || fail
if dm_crypt_keyring_flawed; then
prepare "[32a] LUKS2 keyring dm-crypt bug" wipe
echo $PWD1 | $CRYPTSETUP luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV --header $HEADER_IMG || fail