From: Karel Zak Date: Mon, 19 Sep 2022 09:39:09 +0000 (+0200) Subject: Revert "libblkid: luks: add checksum support" X-Git-Tag: v2.39-rc1~520 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dac8edb710d09d8e20a3bf74a0d564133250f503;p=thirdparty%2Futil-linux.git Revert "libblkid: luks: add checksum support" See discussion at https://github.com/util-linux/util-linux/pull/1801 The change is unwanted by LUKS upstream developers, the checksum functionality is designed for libcryptsetup internal use only. Issues: * introduces security issue (allocated buffer is not checked agaisnt maximal value) - inserting LUKS2 device with header faking oversized header size will cause allocating of huge amount of memory (perhaps crash of blkid) * we support JSON area up to 4MB in size (checksum covers also this part that was not intended to be read by blkid) - calculating SHA256 for such area is really not fast operation; readin of 4MB of data is waste of resources either (that's why there is smaill 4k binary header) * even if checksum check is disabled, it is calculated (complete waste of time here) * it does not support anything else that SHA256 (we can switch to different hash or other algorithm later); blkid should not introduce such limits. * checksum for the second heder is not calculated at all This reverts commit eca0d8b8b1360f745131158bf6b5b5c1c04d98c9. Signed-off-by: Karel Zak Addresses: https://github.com/util-linux/util-linux/pull/1801 --- diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c index a3aa84c5ea..0230b34926 100644 --- a/libblkid/src/superblocks/luks.c +++ b/libblkid/src/superblocks/luks.c @@ -17,7 +17,6 @@ #include #include "superblocks.h" -#include "sha256.h" #define LUKS_CIPHERNAME_L 32 #define LUKS_CIPHERMODE_L 32 @@ -97,23 +96,6 @@ static int luks_attributes(blkid_probe pr, struct luks2_phdr *header, uint64_t o return BLKID_PROBE_OK; } -static int luks_verify_csum(blkid_probe pr, struct luks2_phdr *header) -{ - if (strncmp(header->checksum_alg, "sha256", sizeof(header->checksum_alg))) - return 1; - - uint64_t header_size = be64_to_cpu(header->hdr_size); - unsigned char *checksummed = blkid_probe_get_buffer(pr, 0, header_size); - if (!checksummed) - return 0; - memset(checksummed + offsetof(struct luks2_phdr, csum), 0, LUKS2_CHECKSUM_L); - - unsigned char csum[32]; - ul_SHA256(csum, checksummed, header_size); - - return blkid_probe_verify_csum(pr, 1, !memcmp(header->csum, csum, 32)); -} - static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute__((__unused__))) { struct luks2_phdr *header; @@ -124,8 +106,6 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_ return errno ? -errno : BLKID_PROBE_NONE; if (!memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L)) { - if (!luks_verify_csum(pr, header)) - return BLKID_PROBE_NONE; /* LUKS primary header was found. */ return luks_attributes(pr, header, 0); } diff --git a/tests/ts/blkid/images-fs/luks2.img.xz b/tests/ts/blkid/images-fs/luks2.img.xz index 311a4e8656..997fb0483d 100644 Binary files a/tests/ts/blkid/images-fs/luks2.img.xz and b/tests/ts/blkid/images-fs/luks2.img.xz differ