From dac8edb710d09d8e20a3bf74a0d564133250f503 Mon Sep 17 00:00:00 2001 From: Karel Zak Date: Mon, 19 Sep 2022 11:39:09 +0200 Subject: [PATCH] Revert "libblkid: luks: add checksum support" See discussion at https://github.com/util-linux/util-linux/pull/1801 The change is unwanted by LUKS upstream developers, the checksum functionality is designed for libcryptsetup internal use only. Issues: * introduces security issue (allocated buffer is not checked agaisnt maximal value) - inserting LUKS2 device with header faking oversized header size will cause allocating of huge amount of memory (perhaps crash of blkid) * we support JSON area up to 4MB in size (checksum covers also this part that was not intended to be read by blkid) - calculating SHA256 for such area is really not fast operation; readin of 4MB of data is waste of resources either (that's why there is smaill 4k binary header) * even if checksum check is disabled, it is calculated (complete waste of time here) * it does not support anything else that SHA256 (we can switch to different hash or other algorithm later); blkid should not introduce such limits. * checksum for the second heder is not calculated at all This reverts commit eca0d8b8b1360f745131158bf6b5b5c1c04d98c9. Signed-off-by: Karel Zak Addresses: https://github.com/util-linux/util-linux/pull/1801 --- libblkid/src/superblocks/luks.c | 20 -------------------- tests/ts/blkid/images-fs/luks2.img.xz | Bin 744 -> 276 bytes 2 files changed, 20 deletions(-) diff --git a/libblkid/src/superblocks/luks.c b/libblkid/src/superblocks/luks.c index a3aa84c5ea..0230b34926 100644 --- a/libblkid/src/superblocks/luks.c +++ b/libblkid/src/superblocks/luks.c @@ -17,7 +17,6 @@ #include #include "superblocks.h" -#include "sha256.h" #define LUKS_CIPHERNAME_L 32 #define LUKS_CIPHERMODE_L 32 @@ -97,23 +96,6 @@ static int luks_attributes(blkid_probe pr, struct luks2_phdr *header, uint64_t o return BLKID_PROBE_OK; } -static int luks_verify_csum(blkid_probe pr, struct luks2_phdr *header) -{ - if (strncmp(header->checksum_alg, "sha256", sizeof(header->checksum_alg))) - return 1; - - uint64_t header_size = be64_to_cpu(header->hdr_size); - unsigned char *checksummed = blkid_probe_get_buffer(pr, 0, header_size); - if (!checksummed) - return 0; - memset(checksummed + offsetof(struct luks2_phdr, csum), 0, LUKS2_CHECKSUM_L); - - unsigned char csum[32]; - ul_SHA256(csum, checksummed, header_size); - - return blkid_probe_verify_csum(pr, 1, !memcmp(header->csum, csum, 32)); -} - static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute__((__unused__))) { struct luks2_phdr *header; @@ -124,8 +106,6 @@ static int probe_luks(blkid_probe pr, const struct blkid_idmag *mag __attribute_ return errno ? -errno : BLKID_PROBE_NONE; if (!memcmp(header->magic, LUKS_MAGIC, LUKS_MAGIC_L)) { - if (!luks_verify_csum(pr, header)) - return BLKID_PROBE_NONE; /* LUKS primary header was found. */ return luks_attributes(pr, header, 0); } diff --git a/tests/ts/blkid/images-fs/luks2.img.xz b/tests/ts/blkid/images-fs/luks2.img.xz index 311a4e865608e81dcc79f1e0351558c0d1a9f796..997fb0483d6e1f4827543f9267e8cf830898144f 100644 GIT binary patch delta 246 zc-jH>015x-1(X6E{Wp48S^xk9=GL@E0stWa761SMbT8$j;1B-*)R7%1e-MFPh^CO8 zN7@_eT!XSyRqZPJI}nw;Jrd{xZ`5C9&-gQ6B%SW;UyrD`w3I|LkFWN2%<|!(jRfA( zcAIMxeelWQtk!Z{irJF6&TO%E4U#v9!12>Y-#9D8be#jrR^=>W4i}hiq7#4CS2x<;@-$mMq wZr}2|F#An7$VdeM05qX^m2PaLJpcjl0e~O?0Iw9YKC#4S`vL#}000D8S~%@=?EnA( delta 718 zc-jHZ0x|uR0_X)D{Wp48S^xk9=GL@E0stWa8~^|S5YJf5;6MKYrjZ>ee_C>^U7wOd zoK&dj>IJybGqW$Ycuh9aSkrLEXqaLd-^CM!hVU~s8$wb&qHMjuF*&;w?Dw=S^+SgB zWrG_1TjN~+iRN|9)n_Y>O#L=Xd?I*tHC9K^@o)|JehM|`eP4YS4w?YT0Yi%(0AD3c z;x%xWJ*in&N{a%B!uT6k>4CDvP+`WB*7;{!X1*QI01`b~lE*KobkfcXaE5M!nRKs0 zduM*nK9oitTYNMXlMilA^p%G%a6}f5O`_aI>{(bygeZ zslR8LYnT9--k)uh;R7z{+$<=f0)2&@>2wpcNwmfvpdg>b3jftZ(sL4^OV+CLwR{(* z@I1>rN9}5+8!;EZznaRx=%7do4;>@k&-R}61HwLdSQ_8oRD75eeG!tiO;P7Y`e!PwW89O8Cbsw(Ip>76 zf2=n^rKeg(5KH?CMkK5jFq!G$8gcmvayi?-SwSWAZ{Dd%f9~R2jzg_5Vn>O0)erns zm`le9M*CBwjYZMlFKPjzS)xdE8e2_eF)gXy=jx>XQm9NBm4NDgkw!w6LwJ!&H($5c zBdMLD