Richard pointed out that we didn't do all that much validation against
bad parameters in the LUKS header metadata. This series adds a bunch
more validation checks along with unit tests to demonstrate they are
having effect against maliciously crafted headers.
Daniel P. Berrangé (11):
crypto: sanity check that LUKS header strings are NUL-terminated
crypto: enforce that LUKS stripes is always a fixed value
crypto: enforce that key material doesn't overlap with LUKS header
crypto: validate that LUKS payload doesn't overlap with header
crypto: strengthen the check for key slots overlapping with LUKS
header
crypto: check that LUKS PBKDF2 iterations count is non-zero
crypto: split LUKS header definitions off into file
crypto: split off helpers for converting LUKS header endianess
crypto: quote algorithm names in error messages
crypto: ensure LUKS tests run with GNUTLS crypto provider
crypto: add test cases for many malformed LUKS header scenarios
crypto/block-luks-priv.h | 143 ++++++++++++++++
crypto/block-luks.c | 228 +++++++++++--------------
tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++-
3 files changed, 542 insertions(+), 131 deletions(-)
create mode 100644 crypto/block-luks-priv.h
--
2.37.2
