From: Jeff Layton <jlayton@kernel.org>
To: Eric Biggers <ebiggers@kernel.org>
Cc: ceph-devel@vger.kernel.org, linux-fscrypt@vger.kernel.org
Subject: Re: [RFC PATCH 05/14] lib: lift fscrypt base64 conversion into lib/
Date: Fri, 21 Aug 2020 21:11:53 -0400 [thread overview]
Message-ID: <3787ef6b2a6c7aefab07fc81d8b2c5da6ce12a13.camel@kernel.org> (raw)
In-Reply-To: <20200822003818.GB834@sol.localdomain>
On Fri, 2020-08-21 at 17:38 -0700, Eric Biggers wrote:
> On Fri, Aug 21, 2020 at 02:28:04PM -0400, Jeff Layton wrote:
> > Once we allow encrypted filenames we'll end up with names that may have
> > illegal characters in them (embedded '\0' or '/'), or characters that
> > aren't printable.
> >
> > It'll be safer to use strings that are printable. It turns out that the
> > MDS doesn't really care about the length of filenames, so we can just
> > base64 encode and decode filenames before writing and reading them.
> >
> > Lift the base64 implementation that's in fscrypt into lib/. Make fscrypt
> > select it when it's enabled.
> >
> > Signed-off-by: Jeff Layton <jlayton@kernel.org>
> > ---
> > fs/crypto/Kconfig | 1 +
> > fs/crypto/fname.c | 59 +----------------------------------
> > include/linux/base64.h | 11 +++++++
> > lib/Kconfig | 3 ++
> > lib/Makefile | 1 +
> > lib/base64.c | 71 ++++++++++++++++++++++++++++++++++++++++++
> > 6 files changed, 88 insertions(+), 58 deletions(-)
> > create mode 100644 include/linux/base64.h
> > create mode 100644 lib/base64.c
>
> You need to be careful here because there are many subtly different variants of
> base64. The Wikipedia article is a good reference for this:
> https://en.wikipedia.org/wiki/Base64
>
> For example, most versions of base64 use [A-Za-z0-9+/]. However that's *not*
> what fs/crypto/fname.c uses, since it needs the encoded strings to be valid
> filenames, and '/' isn't a valid character in filenames. Therefore,
> fs/crypto/fname.c uses ',' instead of '/'.
>
> It happens that's probably what ceph needs too. However, other kernel
> developers who come across a very generic-sounding "lib/base64.c" might expect
> it to implement a more common version of base64.
>
> Also, some versions of base64 pad the encoded string with "=" whereas others
> don't. The fs/crypto/fname.c implementation doesn't use padding.
>
> So if you're going to make a generic base64 library, you at least need to be
> very clear about exactly what version of base64 is meant.
>
> (FWIW, the existing use of base64 in fs/crypto/fname.c isn't part of a stable
> API. So it can still be changed to something else, as long as the encoding
> doesn't use the '/' or '\0' characters.)
>
> - Eric
Ok, thanks -- that makes sense. We may need to rename this to something
less generic then. I'll plan to do that for the next set.
It may also make more sense to just create fscrypt functions that can
deal with base64-encoded strings instead of binary crypttext.
--
Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2020-08-22 1:11 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-21 18:27 [RFC PATCH 00/14] ceph+fscrypt: together at last (contexts and filenames) Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 01/14] fscrypt: drop unused inode argument from fscrypt_fname_alloc_buffer Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 02/14] fscrypt: add fscrypt_new_context_from_parent Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 03/14] fscrypt: don't balk when inode is already marked encrypted Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 04/14] fscrypt: export fscrypt_d_revalidate Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 05/14] lib: lift fscrypt base64 conversion into lib/ Jeff Layton
2020-08-22 0:38 ` Eric Biggers
2020-08-22 1:11 ` Jeff Layton [this message]
2020-08-21 18:28 ` [RFC PATCH 06/14] ceph: add fscrypt ioctls Jeff Layton
2020-08-22 0:39 ` Eric Biggers
2020-08-22 1:12 ` Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 07/14] ceph: crypto context handling for ceph Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 08/14] ceph: add routine to create context prior to RPC Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 09/14] ceph: set S_ENCRYPTED bit if new inode has encryption.ctx xattr Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 10/14] ceph: make ceph_msdc_build_path use ref-walk Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 11/14] ceph: add encrypted fname handling to ceph_mdsc_build_path Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 12/14] ceph: make d_revalidate call fscrypt revalidator for encrypted dentries Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 13/14] ceph: add support to readdir for encrypted filenames Jeff Layton
2020-08-21 18:28 ` [RFC PATCH 14/14] ceph: add fscrypt support to ceph_fill_trace Jeff Layton
2020-08-22 0:23 ` [RFC PATCH 00/14] ceph+fscrypt: together at last (contexts and filenames) Eric Biggers
2020-08-22 0:58 ` Jeff Layton
2020-08-22 2:34 ` Eric Biggers
2020-08-24 12:03 ` Jeff Layton
2020-08-24 16:55 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3787ef6b2a6c7aefab07fc81d8b2c5da6ce12a13.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=ceph-devel@vger.kernel.org \
--cc=ebiggers@kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox