From: Dan Aloni <dan@kernelim.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [kernel-hardening] [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs
Date: Sat, 13 Jan 2018 23:34:36 +0200 [thread overview]
Message-ID: <20180113213441.52047-3-dan@kernelim.com> (raw)
In-Reply-To: <20180113213441.52047-1-dan@kernelim.com>
Plus, add functions that assist in managing buffer bounds.
Signed-off-by: Dan Aloni <dan@kernelim.com>
---
include/linux/base64-armor.h | 65 ++++++++++++++++++++++++++++++++++
lib/Kconfig | 7 ++++
lib/Makefile | 1 +
net/ceph/armor.c => lib/base64-armor.c | 13 ++++---
net/ceph/Kconfig | 1 +
net/ceph/Makefile | 2 +-
net/ceph/crypto.c | 3 +-
net/ceph/crypto.h | 4 ---
8 files changed, 85 insertions(+), 11 deletions(-)
create mode 100644 include/linux/base64-armor.h
rename net/ceph/armor.c => lib/base64-armor.c (86%)
diff --git a/include/linux/base64-armor.h b/include/linux/base64-armor.h
new file mode 100644
index 000000000000..e5160c77bb2f
--- /dev/null
+++ b/include/linux/base64-armor.h
@@ -0,0 +1,65 @@
+#ifndef __LINUX_BASE64_ARMOR_H__
+#define __LINUX_BASE64_ARMOR_H__
+
+#include <linux/types.h>
+
+/**
+ * base64_armor: Perform armored base64 encoding. Output may or may
+ * not contain newlines, depending on input length.
+ *
+ * @dst: Beginning of the destination buffer.
+ * @src: Beginning of the source buffer.
+ * @end: Sentinel for the source buffer, pointing one byte after the
+ * last byte to be encoded.
+ *
+ * Returns the number of bytes written to the destination buffer.
+ *
+ * _Neither_ the input or output are expected to be NULL-terminated.
+ *
+ * The number of output bytes is exactly (n * 4 + (n / 16)) where
+ * n = ((end - src) + 2) / 3. A less stringent but more wasteful
+ * validation for output buffer size can be: 4 + (end - src) * 2.
+ *
+ * See base64_encode_buffer_bound below.
+ */
+
+extern int base64_armor(char *dst, const char *src, const char *end);
+
+/**
+ * base64_unarmor: Perform armored base64 decoding.
+ *
+ * @dst: Beginning of the destination buffer.
+ * @src: Beginning of the source buffer
+ * @end: Sentinel for the source buffer, pointing one byte after the
+ * last byte to be encoded.
+ *
+ * Returns the number of bytes written to the destination buffer, or
+ * -EINVAL if the source buffer contains invalid bytes.
+ *
+ * _Neither_ the input or output are expected to be NULL-terminated.
+ *
+ * It can be assumed that the number of output bytes is less or
+ * equals to: 3 * ((end - src) / 4).
+ *
+ * See base64_decode_buffer_bound below.
+ */
+extern int base64_unarmor(char *dst, const char *src, const char *end);
+
+
+/*
+ * Utility functions for buffer upper bounds:
+ */
+
+static inline size_t base64_encode_buffer_bound(size_t src_len)
+{
+ size_t n = (src_len + 2) / 3;
+
+ return (n * 4 + (n / 16));
+}
+
+static inline size_t base64_decode_buffer_bound(size_t src_len)
+{
+ return 3 * (src_len / 4);
+}
+
+#endif
diff --git a/lib/Kconfig b/lib/Kconfig
index c5e84fbcb30b..caddcaebbc2f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -188,6 +188,13 @@ config CRC8
when they need to do cyclic redundancy check according CRC8
algorithm. Module will be called crc8.
+config BASE64_ARMOR
+ tristate "BASE64 encoding/decoding functions"
+ help
+ This option provides BASE64 encoding and decoding functions.
+ Module name will be base64-armor if this code is built as a
+ module.
+
config XXHASH
tristate
diff --git a/lib/Makefile b/lib/Makefile
index d11c48ec8ffd..47335d28f77f 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -94,6 +94,7 @@ ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
lib-y += dec_and_lock.o
endif
+obj-$(CONFIG_BASE64_ARMOR) += base64-armor.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-$(CONFIG_RATIONAL) += rational.o
obj-$(CONFIG_CRC_CCITT) += crc-ccitt.o
diff --git a/net/ceph/armor.c b/lib/base64-armor.c
similarity index 86%
rename from net/ceph/armor.c
rename to lib/base64-armor.c
index 0db8065928df..e07d25ac2850 100644
--- a/net/ceph/armor.c
+++ b/lib/base64-armor.c
@@ -1,9 +1,8 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/errno.h>
-
-int ceph_armor(char *dst, const char *src, const char *end);
-int ceph_unarmor(char *dst, const char *src, const char *end);
+#include <linux/module.h>
+#include <linux/base64-armor.h>
/*
* base64 encode/decode.
@@ -34,7 +33,7 @@ static int decode_bits(char c)
return -EINVAL;
}
-int ceph_armor(char *dst, const char *src, const char *end)
+int base64_armor(char *dst, const char *src, const char *end)
{
int olen = 0;
int line = 0;
@@ -71,8 +70,9 @@ int ceph_armor(char *dst, const char *src, const char *end)
}
return olen;
}
+EXPORT_SYMBOL(base64_unarmor);
-int ceph_unarmor(char *dst, const char *src, const char *end)
+int base64_unarmor(char *dst, const char *src, const char *end)
{
int olen = 0;
@@ -104,3 +104,6 @@ int ceph_unarmor(char *dst, const char *src, const char *end)
}
return olen;
}
+EXPORT_SYMBOL(base64_armor);
+
+MODULE_LICENSE("GPL v2");
diff --git a/net/ceph/Kconfig b/net/ceph/Kconfig
index f8cceb99e732..5c4e7d0f2896 100644
--- a/net/ceph/Kconfig
+++ b/net/ceph/Kconfig
@@ -2,6 +2,7 @@ config CEPH_LIB
tristate "Ceph core library"
depends on INET
select LIBCRC32C
+ select BASE64_ARMOR
select CRYPTO_AES
select CRYPTO_CBC
select CRYPTO
diff --git a/net/ceph/Makefile b/net/ceph/Makefile
index b4bded4b5396..bf6f5e34bdb1 100644
--- a/net/ceph/Makefile
+++ b/net/ceph/Makefile
@@ -10,7 +10,7 @@ libceph-y := ceph_common.o messenger.o msgpool.o buffer.o pagelist.o \
osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \
debugfs.o \
auth.o auth_none.o \
- crypto.o armor.o \
+ crypto.o \
auth_x.o \
ceph_fs.o ceph_strings.o ceph_hash.o \
pagevec.o snapshot.o string_table.o
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index bf9d079cbafd..25e04e3b1aa4 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -10,6 +10,7 @@
#include <crypto/skcipher.h>
#include <linux/key-type.h>
#include <linux/sched/mm.h>
+#include <linux/base64-armor.h>
#include <keys/ceph-type.h>
#include <keys/user-type.h>
@@ -115,7 +116,7 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
buf = kmalloc(blen, GFP_NOFS);
if (!buf)
return -ENOMEM;
- blen = ceph_unarmor(buf, inkey, inkey+inlen);
+ blen = base64_unarmor(buf, inkey, inkey+inlen);
if (blen < 0) {
kfree(buf);
return blen;
diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index bb45c7d43739..a0236cbad530 100644
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -29,8 +29,4 @@ int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
int ceph_crypto_init(void);
void ceph_crypto_shutdown(void);
-/* armor.c */
-int ceph_armor(char *dst, const char *src, const char *end);
-int ceph_unarmor(char *dst, const char *src, const char *end);
-
#endif
--
2.14.3
WARNING: multiple messages have this Message-ID (diff)
From: Dan Aloni <dan@kernelim.com>
To: linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com
Subject: [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs
Date: Sat, 13 Jan 2018 23:34:36 +0200 [thread overview]
Message-ID: <20180113213441.52047-3-dan@kernelim.com> (raw)
In-Reply-To: <20180113213441.52047-1-dan@kernelim.com>
Plus, add functions that assist in managing buffer bounds.
Signed-off-by: Dan Aloni <dan@kernelim.com>
---
include/linux/base64-armor.h | 65 ++++++++++++++++++++++++++++++++++
lib/Kconfig | 7 ++++
lib/Makefile | 1 +
net/ceph/armor.c => lib/base64-armor.c | 13 ++++---
net/ceph/Kconfig | 1 +
net/ceph/Makefile | 2 +-
net/ceph/crypto.c | 3 +-
net/ceph/crypto.h | 4 ---
8 files changed, 85 insertions(+), 11 deletions(-)
create mode 100644 include/linux/base64-armor.h
rename net/ceph/armor.c => lib/base64-armor.c (86%)
diff --git a/include/linux/base64-armor.h b/include/linux/base64-armor.h
new file mode 100644
index 000000000000..e5160c77bb2f
--- /dev/null
+++ b/include/linux/base64-armor.h
@@ -0,0 +1,65 @@
+#ifndef __LINUX_BASE64_ARMOR_H__
+#define __LINUX_BASE64_ARMOR_H__
+
+#include <linux/types.h>
+
+/**
+ * base64_armor: Perform armored base64 encoding. Output may or may
+ * not contain newlines, depending on input length.
+ *
+ * @dst: Beginning of the destination buffer.
+ * @src: Beginning of the source buffer.
+ * @end: Sentinel for the source buffer, pointing one byte after the
+ * last byte to be encoded.
+ *
+ * Returns the number of bytes written to the destination buffer.
+ *
+ * _Neither_ the input or output are expected to be NULL-terminated.
+ *
+ * The number of output bytes is exactly (n * 4 + (n / 16)) where
+ * n = ((end - src) + 2) / 3. A less stringent but more wasteful
+ * validation for output buffer size can be: 4 + (end - src) * 2.
+ *
+ * See base64_encode_buffer_bound below.
+ */
+
+extern int base64_armor(char *dst, const char *src, const char *end);
+
+/**
+ * base64_unarmor: Perform armored base64 decoding.
+ *
+ * @dst: Beginning of the destination buffer.
+ * @src: Beginning of the source buffer
+ * @end: Sentinel for the source buffer, pointing one byte after the
+ * last byte to be encoded.
+ *
+ * Returns the number of bytes written to the destination buffer, or
+ * -EINVAL if the source buffer contains invalid bytes.
+ *
+ * _Neither_ the input or output are expected to be NULL-terminated.
+ *
+ * It can be assumed that the number of output bytes is less or
+ * equals to: 3 * ((end - src) / 4).
+ *
+ * See base64_decode_buffer_bound below.
+ */
+extern int base64_unarmor(char *dst, const char *src, const char *end);
+
+
+/*
+ * Utility functions for buffer upper bounds:
+ */
+
+static inline size_t base64_encode_buffer_bound(size_t src_len)
+{
+ size_t n = (src_len + 2) / 3;
+
+ return (n * 4 + (n / 16));
+}
+
+static inline size_t base64_decode_buffer_bound(size_t src_len)
+{
+ return 3 * (src_len / 4);
+}
+
+#endif
diff --git a/lib/Kconfig b/lib/Kconfig
index c5e84fbcb30b..caddcaebbc2f 100644
--- a/lib/Kconfig
+++ b/lib/Kconfig
@@ -188,6 +188,13 @@ config CRC8
when they need to do cyclic redundancy check according CRC8
algorithm. Module will be called crc8.
+config BASE64_ARMOR
+ tristate "BASE64 encoding/decoding functions"
+ help
+ This option provides BASE64 encoding and decoding functions.
+ Module name will be base64-armor if this code is built as a
+ module.
+
config XXHASH
tristate
diff --git a/lib/Makefile b/lib/Makefile
index d11c48ec8ffd..47335d28f77f 100644
--- a/lib/Makefile
+++ b/lib/Makefile
@@ -94,6 +94,7 @@ ifneq ($(CONFIG_HAVE_DEC_LOCK),y)
lib-y += dec_and_lock.o
endif
+obj-$(CONFIG_BASE64_ARMOR) += base64-armor.o
obj-$(CONFIG_BITREVERSE) += bitrev.o
obj-$(CONFIG_RATIONAL) += rational.o
obj-$(CONFIG_CRC_CCITT) += crc-ccitt.o
diff --git a/net/ceph/armor.c b/lib/base64-armor.c
similarity index 86%
rename from net/ceph/armor.c
rename to lib/base64-armor.c
index 0db8065928df..e07d25ac2850 100644
--- a/net/ceph/armor.c
+++ b/lib/base64-armor.c
@@ -1,9 +1,8 @@
// SPDX-License-Identifier: GPL-2.0
#include <linux/errno.h>
-
-int ceph_armor(char *dst, const char *src, const char *end);
-int ceph_unarmor(char *dst, const char *src, const char *end);
+#include <linux/module.h>
+#include <linux/base64-armor.h>
/*
* base64 encode/decode.
@@ -34,7 +33,7 @@ static int decode_bits(char c)
return -EINVAL;
}
-int ceph_armor(char *dst, const char *src, const char *end)
+int base64_armor(char *dst, const char *src, const char *end)
{
int olen = 0;
int line = 0;
@@ -71,8 +70,9 @@ int ceph_armor(char *dst, const char *src, const char *end)
}
return olen;
}
+EXPORT_SYMBOL(base64_unarmor);
-int ceph_unarmor(char *dst, const char *src, const char *end)
+int base64_unarmor(char *dst, const char *src, const char *end)
{
int olen = 0;
@@ -104,3 +104,6 @@ int ceph_unarmor(char *dst, const char *src, const char *end)
}
return olen;
}
+EXPORT_SYMBOL(base64_armor);
+
+MODULE_LICENSE("GPL v2");
diff --git a/net/ceph/Kconfig b/net/ceph/Kconfig
index f8cceb99e732..5c4e7d0f2896 100644
--- a/net/ceph/Kconfig
+++ b/net/ceph/Kconfig
@@ -2,6 +2,7 @@ config CEPH_LIB
tristate "Ceph core library"
depends on INET
select LIBCRC32C
+ select BASE64_ARMOR
select CRYPTO_AES
select CRYPTO_CBC
select CRYPTO
diff --git a/net/ceph/Makefile b/net/ceph/Makefile
index b4bded4b5396..bf6f5e34bdb1 100644
--- a/net/ceph/Makefile
+++ b/net/ceph/Makefile
@@ -10,7 +10,7 @@ libceph-y := ceph_common.o messenger.o msgpool.o buffer.o pagelist.o \
osd_client.o osdmap.o crush/crush.o crush/mapper.o crush/hash.o \
debugfs.o \
auth.o auth_none.o \
- crypto.o armor.o \
+ crypto.o \
auth_x.o \
ceph_fs.o ceph_strings.o ceph_hash.o \
pagevec.o snapshot.o string_table.o
diff --git a/net/ceph/crypto.c b/net/ceph/crypto.c
index bf9d079cbafd..25e04e3b1aa4 100644
--- a/net/ceph/crypto.c
+++ b/net/ceph/crypto.c
@@ -10,6 +10,7 @@
#include <crypto/skcipher.h>
#include <linux/key-type.h>
#include <linux/sched/mm.h>
+#include <linux/base64-armor.h>
#include <keys/ceph-type.h>
#include <keys/user-type.h>
@@ -115,7 +116,7 @@ int ceph_crypto_key_unarmor(struct ceph_crypto_key *key, const char *inkey)
buf = kmalloc(blen, GFP_NOFS);
if (!buf)
return -ENOMEM;
- blen = ceph_unarmor(buf, inkey, inkey+inlen);
+ blen = base64_unarmor(buf, inkey, inkey+inlen);
if (blen < 0) {
kfree(buf);
return blen;
diff --git a/net/ceph/crypto.h b/net/ceph/crypto.h
index bb45c7d43739..a0236cbad530 100644
--- a/net/ceph/crypto.h
+++ b/net/ceph/crypto.h
@@ -29,8 +29,4 @@ int ceph_crypt(const struct ceph_crypto_key *key, bool encrypt,
int ceph_crypto_init(void);
void ceph_crypto_shutdown(void);
-/* armor.c */
-int ceph_armor(char *dst, const char *src, const char *end);
-int ceph_unarmor(char *dst, const char *src, const char *end);
-
#endif
--
2.14.3
next prev parent reply other threads:[~2018-01-13 21:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-13 21:34 [kernel-hardening] [PATCHv2 0/7] RFC: Public key encryption of dmesg by the kernel Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 1/7] crypto: fix memory leak in rsa-kcs1pad encryption Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-13 21:34 ` Dan Aloni [this message]
2018-01-13 21:34 ` [PATCHv2 2/7] Move net/ceph/armor to lib/ and add docs Dan Aloni
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 3/7] base64-armor: add bounds checking Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 4/7] certs: allow in-kernel access of trusted keys Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-15 9:11 ` [kernel-hardening] " David Howells
2018-01-15 9:11 ` David Howells
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 5/7] printk: allow kmsg to be encrypted using public key encryption Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-14 1:48 ` [kernel-hardening] " Sergey Senozhatsky
2018-01-14 1:48 ` Sergey Senozhatsky
2018-01-14 8:01 ` [kernel-hardening] " Dan Aloni
2018-01-14 8:01 ` Dan Aloni
2018-01-15 12:52 ` [kernel-hardening] " Steven Rostedt
2018-01-15 12:52 ` Steven Rostedt
2018-01-16 2:09 ` [kernel-hardening] " Sergey Senozhatsky
2018-01-16 2:09 ` Sergey Senozhatsky
2018-01-16 23:44 ` [kernel-hardening] " Daniel Micay
2018-01-17 15:01 ` Steven Rostedt
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 6/7] tools: add dmesg decryption program Dan Aloni
2018-01-13 21:34 ` Dan Aloni
2018-01-13 21:34 ` [kernel-hardening] [PATCHv2 7/7] docs: add dmesg encryption doc Dan Aloni
2018-01-13 21:34 ` Dan Aloni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180113213441.52047-3-dan@kernelim.com \
--to=dan@kernelim.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.