crypto: enforce that LUKS stripes is always a fixed value

Although the LUKS stripes are encoded in the keyslot header and so
potentially configurable, in pratice the cryptsetup impl mandates
this has the fixed value 4000. To avoid incompatibility apply the
same enforcement in QEMU too. This also caps the memory usage for
key material when QEMU tries to open a LUKS volume.

Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2022-05-10 14:27:33 +01:00
parent c1d8634c20
commit f1195961f3

View File

@ -582,8 +582,9 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
header_sectors, header_sectors,
slot1->stripes); slot1->stripes);
if (slot1->stripes == 0) { if (slot1->stripes != QCRYPTO_BLOCK_LUKS_STRIPES) {
error_setg(errp, "Keyslot %zu is corrupted (stripes == 0)", i); error_setg(errp, "Keyslot %zu is corrupted (stripes %d != %d)",
i, slot1->stripes, QCRYPTO_BLOCK_LUKS_STRIPES);
return -1; return -1;
} }