Richard pointed out that we didn't do all that much validation against bad parameters in the LUKS header metadata. This series adds a bunch more validation checks along with unit tests to demonstrate they are having effect against maliciously crafted headers.
Daniel P. Berrangé (11): crypto: sanity check that LUKS header strings are NUL-terminated crypto: enforce that LUKS stripes is always a fixed value crypto: enforce that key material doesn't overlap with LUKS header crypto: validate that LUKS payload doesn't overlap with header crypto: strengthen the check for key slots overlapping with LUKS header crypto: check that LUKS PBKDF2 iterations count is non-zero crypto: split LUKS header definitions off into file crypto: split off helpers for converting LUKS header endianess crypto: quote algorithm names in error messages crypto: ensure LUKS tests run with GNUTLS crypto provider crypto: add test cases for many malformed LUKS header scenarios crypto/block-luks-priv.h | 143 ++++++++++++++++ crypto/block-luks.c | 228 +++++++++++-------------- tests/unit/test-crypto-block.c | 302 ++++++++++++++++++++++++++++++++- 3 files changed, 542 insertions(+), 131 deletions(-) create mode 100644 crypto/block-luks-priv.h -- 2.37.2