| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Mar 2022 11:01:01 +0000
From: Luís Henriques <lhenriques@...e.de>
To: Xiubo Li <xiubli@...hat.com>
Cc: Jeff Layton <jlayton@...nel.org>,
Ilya Dryomov <idryomov@...il.com>, ceph-devel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v3 4/4] ceph: replace base64url by the encoding used
for mailbox names
Xiubo Li <xiubli@...hat.com> writes:
> On 3/17/22 11:45 PM, Luís Henriques wrote:
>> The base64url encoding includes the '_' character, which may cause problems
>> in snapshot names (if the name starts with '_'). Thus, use the base64
>> encoding defined for IMAP mailbox names (RFC 3501), which uses '+' and ','
>> instead of '-' and '_'.
>>
>> Signed-off-by: Luís Henriques <lhenriques@...e.de>
>> ---
>> fs/ceph/crypto.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++--
>> fs/ceph/crypto.h | 3 +++
>> fs/ceph/dir.c | 2 +-
>> fs/ceph/inode.c | 2 +-
>> 4 files changed, 54 insertions(+), 4 deletions(-)
>>
>> diff --git a/fs/ceph/crypto.c b/fs/ceph/crypto.c
>> index caa9863dee93..d6f1c444ce91 100644
>> --- a/fs/ceph/crypto.c
>> +++ b/fs/ceph/crypto.c
>> @@ -7,6 +7,53 @@
>> #include "mds_client.h"
>> #include "crypto.h"
>> +static const char base64_table[65] =
>> + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
>> +
>> +int ceph_base64_encode(const u8 *src, int srclen, char *dst)
>> +{
>> + u32 ac = 0;
>> + int bits = 0;
>> + int i;
>> + char *cp = dst;
>> +
>> + for (i = 0; i < srclen; i++) {
>> + ac = (ac << 8) | src[i];
>> + bits += 8;
>> + do {
>> + bits -= 6;
>> + *cp++ = base64_table[(ac >> bits) & 0x3f];
>> + } while (bits >= 6);
>> + }
>> + if (bits)
>> + *cp++ = base64_table[(ac << (6 - bits)) & 0x3f];
>> + return cp - dst;
>> +}
>> +
>> +int ceph_base64_decode(const char *src, int srclen, u8 *dst)
>> +{
>> + u32 ac = 0;
>> + int bits = 0;
>> + int i;
>> + u8 *bp = dst;
>> +
>> + for (i = 0; i < srclen; i++) {
>> + const char *p = strchr(base64_table, src[i]);
>> +
>> + if (p == NULL || src[i] == 0)
>> + return -1;
>> + ac = (ac << 6) | (p - base64_table);
>> + bits += 6;
>> + if (bits >= 8) {
>> + bits -= 8;
>> + *bp++ = (u8)(ac >> bits);
>> + }
>> + }
>> + if (ac & ((1 << bits) - 1))
>> + return -1;
>> + return bp - dst;
>> +}
>
> Maybe this should be in fs/crypto.c ?
Yeah, if the solution is to modify the base64 encoding, that's my
preference too (in the series cover-letter this would correspond to
alternative #3).
[ In fact, I've probably done something very wrong here, as I didn't even
mentioned that this patch is basically a copy of someone else's code; I
simply modified the table used. So, please do *not* consider merging
this patch. ]
Cheers,
--
Luís
>
> -- Xiubo
>
>> +
>> static int ceph_crypt_get_context(struct inode *inode, void *ctx, size_t len)
>> {
>> struct ceph_inode_info *ci = ceph_inode(inode);
>> @@ -260,7 +307,7 @@ int ceph_encode_encrypted_dname(struct inode *parent, struct qstr *d_name, char
>> }
>> /* base64 encode the encrypted name */
>> - elen = fscrypt_base64url_encode(cryptbuf, len, buf);
>> + elen = ceph_base64_encode(cryptbuf, len, buf);
>> dout("base64-encoded ciphertext name = %.*s\n", elen, buf);
>> WARN_ON(elen > (CEPH_NOHASH_NAME_MAX + SHA256_DIGEST_SIZE));
>> @@ -365,7 +412,7 @@ int ceph_fname_to_usr(const struct ceph_fname *fname, struct fscrypt_str *tname,
>> tname = &_tname;
>> }
>> - declen = fscrypt_base64url_decode(name, name_len, tname->name);
>> + declen = ceph_base64_decode(name, name_len, tname->name);
>> if (declen <= 0) {
>> ret = -EIO;
>> goto out;
>> diff --git a/fs/ceph/crypto.h b/fs/ceph/crypto.h
>> index 3273d076a9e5..d22316011810 100644
>> --- a/fs/ceph/crypto.h
>> +++ b/fs/ceph/crypto.h
>> @@ -93,6 +93,9 @@ static inline u32 ceph_fscrypt_auth_len(struct ceph_fscrypt_auth *fa)
>> */
>> #define CEPH_NOHASH_NAME_MAX (180 - SHA256_DIGEST_SIZE)
>> +int ceph_base64_encode(const u8 *src, int srclen, char *dst);
>> +int ceph_base64_decode(const char *src, int srclen, u8 *dst);
>> +
>> void ceph_fscrypt_set_ops(struct super_block *sb);
>> void ceph_fscrypt_free_dummy_policy(struct ceph_fs_client *fsc);
>> diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
>> index 5ae5cb778389..417d8c3a7edd 100644
>> --- a/fs/ceph/dir.c
>> +++ b/fs/ceph/dir.c
>> @@ -960,7 +960,7 @@ static int prep_encrypted_symlink_target(struct ceph_mds_request *req, const cha
>> goto out;
>> }
>> - len = fscrypt_base64url_encode(osd_link.name, osd_link.len,
>> req->r_path2);
>> + len = ceph_base64_encode(osd_link.name, osd_link.len, req->r_path2);
>> req->r_path2[len] = '\0';
>> out:
>> fscrypt_fname_free_buffer(&osd_link);
>> diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
>> index 359e29896f16..8fd493257e0b 100644
>> --- a/fs/ceph/inode.c
>> +++ b/fs/ceph/inode.c
>> @@ -875,7 +875,7 @@ static int decode_encrypted_symlink(const char *encsym, int enclen, u8 **decsym)
>> if (!sym)
>> return -ENOMEM;
>> - declen = fscrypt_base64url_decode(encsym, enclen, sym);
>> + declen = ceph_base64_decode(encsym, enclen, sym);
>> if (declen < 0) {
>> pr_err("%s: can't decode symlink (%d). Content: %.*s\n", __func__, declen, enclen, encsym);
>> kfree(sym);
>>
>
Powered by blists - more mailing lists