libblkid: luks: add checksum support

author Thomas Weißschuh <thomas@t-8ch.de>

Sun, 11 Sep 2022 13:46:19 +0000 (15:46 +0200)

committer Thomas Weißschuh <thomas@t-8ch.de>

Mon, 12 Sep 2022 16:30:21 +0000 (18:30 +0200)
author Thomas Weißschuh <thomas@t-8ch.de>
Sun, 11 Sep 2022 13:46:19 +0000 (15:46 +0200)
committer Thomas Weißschuh <thomas@t-8ch.de>
Mon, 12 Sep 2022 16:30:21 +0000 (18:30 +0200)
diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c

index 0230b349267081966641122a0dbbecc57df47e6d..a3aa84c5ea6df21e72f2ec7738e78d63f388dbfd 100644 (file)
--- a/libblkid/src/superblocks/luks.c
+++ b/libblkid/src/superblocks/luks.c
@@ -17,6 +17,7 @@
  #include <stdint.h>
  
  #include "superblocks.h"
+#include "sha256.h"
  
  #define LUKS_CIPHERNAME_L              32
  #define LUKS_CIPHERMODE_L              32
@@ -96,6 +97,23 @@ static int luks_attributes(blkid_probe pr, struct luks2_phdr *header, uint64_t o
         return BLKID_PROBE_OK;
  }
  
+static int luks_verify_csum(blkid_probe pr, struct luks2_phdr *header)
+{
+       if (strncmp(header->checksum_alg, "sha256", sizeof(header->checksum_alg)))
+               return 1;
+
+       uint64_t header_size = be64_to_cpu(header->hdr_size);
+       unsigned char *checksummed = blkid_probe_get_buffer(pr, 0, header_size);
+       if (!checksummed)
+               return 0;
+       memset(checksummed + offsetof(struct luks2_phdr, csum), 0, LUKS2_CHECKSUM_L);
+
+       unsigned char csum[32];
+       ul_SHA256(csum, checksummed, header_size);
+
+       return blkid_probe_verify_csum(pr, 1, !memcmp(header->csum, csum, 32));
+}
+
  static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute__((__unused__)))
  {
         struct luks2_phdr *header;
@@ -106,6 +124,8 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_
                 return errno ? -errno : BLKID_PROBE_NONE;
  
         if (!memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L)) {
+               if (!luks_verify_csum(pr, header))
+                       return BLKID_PROBE_NONE;
                 /* LUKS primary header was found. */
                 return luks_attributes(pr, header, 0);
         }
diff --git a/tests/ts/blkid/images-fs/luks2.img.xz b/tests/ts/blkid/images-fs/luks2.img.xz

index 997fb0483d6e1f4827543f9267e8cf830898144f..311a4e865608e81dcc79f1e0351558c0d1a9f796 100644 (file)

Binary files a/tests/ts/blkid/images-fs/luks2.img.xz and b/tests/ts/blkid/images-fs/luks2.img.xz differ
author	Thomas Weißschuh <thomas@t-8ch.de>
	Sun, 11 Sep 2022 13:46:19 +0000 (15:46 +0200)
committer	Thomas Weißschuh <thomas@t-8ch.de>
	Mon, 12 Sep 2022 16:30:21 +0000 (18:30 +0200)
libblkid/src/superblocks/luks.c		patch \| blob \| blame \| history
tests/ts/blkid/images-fs/luks2.img.xz		patch \| blob \| blame \| history