forked from genodelabs/genode
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
tresor: check hash of all read vba data
During one of the many re-factorization steps that were applied to the Tresor library and its predecessor, the CBE library, one of the main features of the project, the integrity check, accidentally received a grave regression. The most recent version of the Tresor still used to check all hashes of meta-data blocks but ignored the hashes of the actual data blocks. With this commit, the hashes of all data-block get checked. Note, I have included also the hashes of yet uninitialized data blocks although they were, up until now, always ignored on purpose. The reason for ignoring uninitialized blocks was that they are not actually read from disc but simply generated as an all-zeros block in the driver in order to prevent having to initialize them all to zero in Tresor-Init. Therefore, the integrity of these blocks cannot be compomised and the stored hashes of these blocks are guarded by the above hash tree. I decided to check these hashes anyway for two reasons. First, it simplifies the code and makes it easier to verify that integrity is indeed preserved. And second, not checking the hashes would allow for Tresor containers that are broken in a certain way to be still accepted by the driver, thereby potentially covering up regressions in the Tresor tooling. This commit also adapts the Tresor initializer and check modules to the new behavior regarding hashes of uninitialized data blocks. Ref genodelabs#5062
- Loading branch information
Showing
9 changed files
with
36 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters