From patchwork Sat Jan 13 21:34:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dan Aloni X-Patchwork-Id: 10162437 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5347D6029B for ; Sat, 13 Jan 2018 21:36:55 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4461728AFA for ; Sat, 13 Jan 2018 21:36:55 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3919128B2B; Sat, 13 Jan 2018 21:36:55 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_MED, T_DKIM_INVALID, URIBL_BLACK autolearn=ham version=3.3.1 Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.wl.linuxfoundation.org (Postfix) with SMTP id 09B4D28AFA for ; Sat, 13 Jan 2018 21:36:53 +0000 (UTC) Received: (qmail 11714 invoked by uid 550); 13 Jan 2018 21:36:30 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Delivered-To: mailing list kernel-hardening@lists.openwall.com Received: (qmail 11539 invoked from network); 13 Jan 2018 21:36:28 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kernelim-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references; bh=FastQQP/EUblC4kn9yAs32gwH/PHe/P3t3c0VXOTRmY=; b=xdVcFqPL2niBt2Sq7UyQMoRsO/pnfVGmlCsgkdcsDvPffdLCLu9WGuOQZwrW0hXynM 7onpSHMOFU7RYztDfYTxa+oLL74hD//NHb0hdA66aoYxqHARXPSr3iqGB9QGIo/NkyTJ 0n2Ryjn8aXGAn47BSetJj7i2zZADD1eg4yVC+54V2hzwG6+wGvAKgNgG2gl8Bpg5Qp73 29KCNPzdOAFFEIn9ZnbdK9VFWw5CWw7pqN6WtynpLEoUgI009Q46Dr3OHke48Rpu6EIe EEqnT6HVESwcERizb6Xn2FQ1/YRmWVfUNswkllF+Iio4kEOyHWFqasYTlo7iqqGYRAGP KAlA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=FastQQP/EUblC4kn9yAs32gwH/PHe/P3t3c0VXOTRmY=; b=HqLi4DFlvNrsKTRn0N66CtExW15e2dMyemcdsLLDau1vFnC9rizaebbllmmivUdQp2 xIikznwHRuDlFoHg7+7sMrmNbb2S5wQxyi4UNYrT55utHUOI2Sgp/muYKCtFk06+5TnY kfF+BJ4pX2e2ICuYuPJEa0jQgEZDDIOfQ7mNwK6dRhiPpt6CZtKsum/R3swLfhTfJmyC f0/j9icEQZJcq5xjXoSPr4Ng0xQeK0oU2rpH2deEfktZp8cVoPx6mTDxVXEMGEPIvhF7 rRmcb5sOL2iTWLbwMWfW2FJZihxM2Boo7JMbCHmAeOPyf0iAmhgPbLeAl+p0nJJuNhIw I3ug== X-Gm-Message-State: AKwxytcvyO7qux3KY/3CPHxA+SefB4kd0ZuKCULiki22vjIPsYk2nQ4L ZIXyHXW0qumynW1F5svaJcKpJXCp X-Google-Smtp-Source: ACJfBovIGh97xZswS6GjYDEOQQp493WXkz3j9plN6rEIy3mfgP2SwxuheSlSnpqUwqClC9ybXcSRrA== X-Received: by 10.223.151.199 with SMTP id t7mr3392378wrb.8.1515879377336; Sat, 13 Jan 2018 13:36:17 -0800 (PST) From: Dan Aloni To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com Date: Sat, 13 Jan 2018 23:34:36 +0200 Message-Id: <20180113213441.52047-3-dan@kernelim.com> X-Mailer: git-send-email 2.14.3 In-Reply-To: <20180113213441.52047-1-dan@kernelim.com> References: <20180113213441.52047-1-dan@kernelim.com> Subject: [kernel-hardening] [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs X-Virus-Scanned: ClamAV using ClamSMTP Plus, add functions that assist in managing buffer bounds. Signed-off-by: Dan Aloni --- include/linux/base64-armor.h | 65 ++++++++++++++++++++++++++++++++++ lib/Kconfig | 7 ++++ lib/Makefile | 1 + net/ceph/armor.c => lib/base64-armor.c | 13 ++++--- net/ceph/Kconfig | 1 + net/ceph/Makefile | 2 +- net/ceph/crypto.c | 3 +- net/ceph/crypto.h | 4 --- 8 files changed, 85 insertions(+), 11 deletions(-) create mode 100644 include/linux/base64-armor.h rename net/ceph/armor.c => lib/base64-armor.c (86%) diff --git a/include/linux/base64-armor.h b/include/linux/base64-armor.h new file mode 100644 index 000000000000..e5160c77bb2f --- /dev/null +++ b/include/linux/base64-armor.h @@ -0,0 +1,65 @@ +#ifndef __LINUX_BASE64_ARMOR_H__ +#define __LINUX_BASE64_ARMOR_H__ + +#include + +/** + * base64_armor: Perform armored base64 encoding. Output may or may + * not contain newlines, depending on input length. + * + * @dst: Beginning of the destination buffer. + * @src: Beginning of the source buffer. + * @end: Sentinel for the source buffer, pointing one byte after the + * last byte to be encoded. + * + * Returns the number of bytes written to the destination buffer. + * + * _Neither_ the input or output are expected to be NULL-terminated. + * + * The number of output bytes is exactly (n * 4 + (n / 16)) where + * n = ((end - src) + 2) / 3. A less stringent but more wasteful + * validation for output buffer size can be: 4 + (end - src) * 2. + * + * See base64_encode_buffer_bound below. + */ + +extern int base64_armor(char *dst, const char *src, const char *end); + +/** + * base64_unarmor: Perform armored base64 decoding. + * + * @dst: Beginning of the destination buffer. + * @src: Beginning of the source buffer + * @end: Sentinel for the source buffer, pointing one byte after the + * last byte to be encoded. + * + * Returns the number of bytes written to the destination buffer, or + * -EINVAL if the source buffer contains invalid bytes. + * + * _Neither_ the input or output are expected to be NULL-terminated. + * + * It can be assumed that the number of output bytes is less or + * equals to: 3 * ((end - src) / 4). + * + * See base64_decode_buffer_bound below. + */ +extern int base64_unarmor(char *dst, const char *src, const char *end); + + +/* + * Utility functions for buffer upper bounds: + */ + +static inline size_t base64_encode_buffer_bound(size_t src_len) +{ + size_t n = (src_len + 2) / 3; + + return (n * 4 + (n / 16)); +} + +static inline size_t base64_decode_buffer_bound(size_t src_len) +{ + return 3 * (src_len / 4); +} + +#endif diff --git a/lib/Kconfig b/lib/Kconfig index c5e84fbcb30b..caddcaebbc2f 100644 --- a/lib/Kconfig +++ b/lib/Kconfig @@ -188,6 +188,13 @@ config CRC8 when they need to do cyclic redundancy check according CRC8 algorithm. Module will be called crc8. +config BASE64_ARMOR + tristate "BASE64 encoding/decoding functions" + help + This option provides BASE64 encoding and decoding functions. + Module name will be base64-armor if this code is built as a + module. + config XXHASH tristate diff --git a/lib/Makefile b/lib/Makefile index d11c48ec8ffd..47335d28f77f 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -94,6 +94,7 @@ ifneq ($(CONFIG_HAVE_DEC_LOCK),y) lib-y += dec_and_lock.o endif +obj-$(CONFIG_BASE64_ARMOR) += base64-armor.o obj-$(CONFIG_BITREVERSE) += bitrev.o obj-$(CONFIG_RATIONAL) += rational.o obj-$(CONFIG_CRC_CCITT) += crc-ccitt.o diff --git a/net/ceph/armor.c b/lib/base64-armor.c similarity index 86% rename from net/ceph/armor.c rename to lib/base64-armor.c index 0db8065928df..e07d25ac2850 100644 --- a/net/ceph/armor.c +++ b/lib/base64-armor.c @@ -1,9 +1,8 @@ // SPDX-License-Identifier: GPL-2.0 #include - -int ceph_armor(char *dst, const char *src, const char *end); -int ceph_unarmor(char *dst, const char *src, const char *end); +#include +#include /* * base64 encode/decode. @@ -34,7 +33,7 @@ static int decode_bits(char c) return -EINVAL; } -int ceph_armor(char *dst, const char *src, const char *end) +int base64_armor(char *dst, const char *src, const char *end) { int olen = 0; int line = 0; @@ -71,8 +70,9 @@ int ceph_armor(char *dst, const char *src, const char *end) } return olen; } +EXPORT_SYMBOL(base64_unarmor); -int ceph_unarmor(char *dst, const char *src, const char *end) +int base64_unarmor(char *dst, const char *src, const char *end) { int olen = 0; @@ -104,3 +104,6 @@ int ceph_unarmor(char *dst, const char *src, const char *end) } return olen; } +EXPORT_SYMBOL(base64_armor); + +MODULE_LICENSE("GPL v2"); diff --git a/net/ceph/Kconfig b/net/ceph/Kconfig index f8cceb99e732..5c4e7d0f2896 100644 --- a/net/ceph/Kconfig +++ b/net/ceph/Kconfig @@ -2,6 +2,7 @@ config CEPH_LIB tristate "Ceph core library" depends on INET select LIBCRC32C + select BASE64_ARMOR select CRYPTO_AES select CRYPTO_CBC select CRYPTO diff --git a/net/ceph/Makefile b/net/ceph/Makefile index b4bded4b5396..bf6f5e34bdb1 100644 --- a/net/ceph/Makefile +++ b/net/ceph/Makefile @@ -10,7 +10,7 @@ libceph-y := ceph_common.o messenger.o msgpool.o buffer.o pagelist.o \ osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \ debugfs.o \ auth.o auth_none.o \ - crypto.o armor.o \ + crypto.o \ auth_x.o \ ceph_fs.o ceph_strings.o ceph_hash.o \ pagevec.o snapshot.o string_table.o diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c index bf9d079cbafd..25e04e3b1aa4 100644 --- a/net/ceph/crypto.c +++ b/net/ceph/crypto.c @@ -10,6 +10,7 @@ #include #include #include +#include #include #include @@ -115,7 +116,7 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey) buf = kmalloc(blen, GFP_NOFS); if (!buf) return -ENOMEM; - blen = ceph_unarmor(buf, inkey, inkey+inlen); + blen = base64_unarmor(buf, inkey, inkey+inlen); if (blen < 0) { kfree(buf); return blen; diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h index bb45c7d43739..a0236cbad530 100644 --- a/net/ceph/crypto.h +++ b/net/ceph/crypto.h @@ -29,8 +29,4 @@ int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt, int ceph_crypto_init(void); void ceph_crypto_shutdown(void); -/* armor.c */ -int ceph_armor(char *dst, const char *src, const char *end); -int ceph_unarmor(char *dst, const char *src, const char *end); - #endif