crypto: enforce that LUKS stripes is always a fixed value

Although the LUKS stripes are encoded in the keyslot header and so potentially configurable, in pratice the cryptsetup impl mandates this has the fixed value 4000. To avoid incompatibility apply the same enforcement in QEMU too. This also caps the memory usage for key material when QEMU tries to open a LUKS volume. Reviewed-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-10 14:27:33 +01:00 · 2022-05-10 14:27:33 +01:00 · f1195961f3
parent c1d8634c20
commit f1195961f3
1 changed files with 3 additions and 2 deletions
--- a/crypto/block-luks.c
+++ b/crypto/block-luks.c
@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
                                                   header_sectors,
                                                   slot1->stripes);

-        if (slot1->stripes == 0) {
-            error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i);
+        if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) {
+            error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)",
+                       i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES);
            return -1;
        }