From: Luca Boccassi <bluca@debian.org>
Date: Wed, 15 Feb 2023 00:44:01 +0000 (+0000)
Subject: cryptsetup: do not assert when unsealing token without salt
X-Git-Tag: v253~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=504d0acf61c8472bc93c2a927e858074873b2eaf;p=thirdparty%2Fsystemd.git

cryptsetup: do not assert when unsealing token without salt

Salt was added in v253. We are not checking whether it was actually found
(non-zero size), so when an old tpm+pin enrollment is opened things go boom.
For good measure, check both the buffer and the size in both places.

Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
---

diff --git a/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c b/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
index 80a2c0d3161..c4377230cad 100644
--- a/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tokens/luks2-tpm2.c
@@ -38,6 +38,7 @@ int acquire_luks2_key(
         _cleanup_(erase_and_freep) char *b64_salted_pin = NULL;
         int r;
 
+        assert(salt || salt_size == 0);
         assert(ret_decrypted_key);
         assert(ret_decrypted_key_size);
 
@@ -58,7 +59,7 @@ int acquire_luks2_key(
         if ((flags & TPM2_FLAGS_USE_PIN) && salt && !pin)
                 return -ENOANO;
 
-        if (pin) {
+        if (pin && salt_size > 0) {
                 uint8_t salted_pin[SHA256_DIGEST_SIZE] = {};
                 CLEANUP_ERASE(salted_pin);
                 r = tpm2_util_pbkdf2_hmac_sha256(pin, strlen(pin), salt, salt_size, salted_pin);
diff --git a/src/cryptsetup/cryptsetup-tpm2.c b/src/cryptsetup/cryptsetup-tpm2.c
index 2a8a38c5938..a375a227586 100644
--- a/src/cryptsetup/cryptsetup-tpm2.c
+++ b/src/cryptsetup/cryptsetup-tpm2.c
@@ -86,6 +86,8 @@ int acquire_tpm2_key(
         const void *blob;
         int r;
 
+        assert(salt || salt_size == 0);
+
         if (!device) {
                 r = tpm2_find_device_auto(LOG_DEBUG, &auto_device);
                 if (r == -ENODEV)
@@ -152,7 +154,7 @@ int acquire_tpm2_key(
                 if (r < 0)
                         return r;
 
-                if (salt) {
+                if (salt_size > 0) {
                         uint8_t salted_pin[SHA256_DIGEST_SIZE] = {};
                         CLEANUP_ERASE(salted_pin);
 
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c
index 6552e66bf4e..259f280e0fc 100644
--- a/src/shared/tpm2-util.c
+++ b/src/shared/tpm2-util.c
@@ -2487,6 +2487,7 @@ int tpm2_util_pbkdf2_hmac_sha256(const void *pass,
          */
         static const uint8_t block_cnt[] = { 0, 0, 0, 1 };
 
+        assert (salt);
         assert (saltlen > 0);
         assert (saltlen <= (SIZE_MAX - sizeof(block_cnt)));
         assert (passlen > 0);