From: Eric Biggers <ebiggers@kernel.org>
To: Jeff Layton <jlayton@kernel.org>
Cc: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org
Subject: Re: [RFC PATCH 05/14] lib: lift fscrypt base64 conversion into lib/
Date: Fri, 21 Aug 2020 17:38:18 -0700 [thread overview]
Message-ID: <20200822003818.GB834@sol.localdomain> (raw)
In-Reply-To: <20200821182813.52570-6-jlayton@kernel.org>
On Fri, Aug 21, 2020 at 02:28:04PM -0400, Jeff Layton wrote:
> Once we allow encrypted filenames we'll end up with names that may have
> illegal characters in them (embedded '\0' or '/'), or characters that
> aren't printable.
>
> It'll be safer to use strings that are printable. It turns out that the
> MDS doesn't really care about the length of filenames, so we can just
> base64 encode and decode filenames before writing and reading them.
>
> Lift the base64 implementation that's in fscrypt into lib/. Make fscrypt
> select it when it's enabled.
>
> Signed-off-by: Jeff Layton <jlayton@kernel.org>
> ---
> fs/crypto/Kconfig | 1 +
> fs/crypto/fname.c | 59 +----------------------------------
> include/linux/base64.h | 11 +++++++
> lib/Kconfig | 3 ++
> lib/Makefile | 1 +
> lib/base64.c | 71 ++++++++++++++++++++++++++++++++++++++++++
> 6 files changed, 88 insertions(+), 58 deletions(-)
> create mode 100644 include/linux/base64.h
> create mode 100644 lib/base64.c
You need to be careful here because there are many subtly different variants of
base64. The Wikipedia article is a good reference for this:
https://en.wikipedia.org/wiki/Base64
For example, most versions of base64 use [A-Za-z0-9+/]. However that's *not*
what fs/crypto/fname.c uses, since it needs the encoded strings to be valid
filenames, and '/' isn't a valid character in filenames. Therefore,
fs/crypto/fname.c uses ',' instead of '/'.
It happens that's probably what ceph needs too. However, other kernel
developers who come across a very generic-sounding "lib/base64.c" might expect
it to implement a more common version of base64.
Also, some versions of base64 pad the encoded string with "=" whereas others
don't. The fs/crypto/fname.c implementation doesn't use padding.
So if you're going to make a generic base64 library, you at least need to be
very clear about exactly what version of base64 is meant.
(FWIW, the existing use of base64 in fs/crypto/fname.c isn't part of a stable
API. So it can still be changed to something else, as long as the encoding
doesn't use the '/' or '\0' characters.)
- Eric
next prev parent reply other threads:[~2020-08-22 0:38 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-21 18:27 [RFC PATCH 00/14] ceph+fscrypt: together at last (contexts and filenames) Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 01/14] fscrypt: drop unused inode argument from fscrypt_fname_alloc_buffer Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 02/14] fscrypt: add fscrypt_new_context_from_parent Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 03/14] fscrypt: don't balk when inode is already marked encrypted Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 04/14] fscrypt: export fscrypt_d_revalidate Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 05/14] lib: lift fscrypt base64 conversion into lib/ Jeff Layton
2020-08-22 0:38 ` Eric Biggers [this message]
2020-08-22 1:11 ` Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 06/14] ceph: add fscrypt ioctls Jeff Layton
2020-08-22 0:39 ` Eric Biggers
2020-08-22 1:12 ` Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 07/14] ceph: crypto context handling for ceph Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 08/14] ceph: add routine to create context prior to RPC Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 09/14] ceph: set S_ENCRYPTED bit if new inode has encryption.ctx xattr Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 10/14] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 11/14] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 12/14] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 13/14] ceph: add support to readdir for encrypted filenames Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 14/14] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2020-08-22 0:23 ` [RFC PATCH 00/14] ceph+fscrypt: together at last (contexts and filenames) Eric Biggers
2020-08-22 0:58 ` Jeff Layton
2020-08-22 2:34 ` Eric Biggers
2020-08-24 12:03 ` Jeff Layton
2020-08-24 16:55 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200822003818.GB834@sol.localdomain \
--to=ebiggers@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=jlayton@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox