source-git / NetworkManager

Clone
Source Code
GIT

Blame shared/nm-glib-aux/nm-secret-utils.c

c8 c8s master
  1.   89a31f889c933764095e257439b582c33f085b72
  2.   shared
  3.   nm-glib-aux
  4.   nm-secret-utils.c
Blob History Raw
Packit Service b23acc 
// SPDX-License-Identifier: LGPL-2.1+
Packit Service b23acc 
/*
Packit Service b23acc 
 * Copyright (C) 2018 Red Hat, Inc.
Packit Service b23acc 
 * Copyright (C) 2015 - 2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
Packit Service b23acc 
 */
Packit Service b23acc
Packit Service b23acc 
#include "nm-default.h"
Packit Service b23acc
Packit Service b23acc 
#include "nm-secret-utils.h"
Packit Service b23acc
Packit Service b23acc 
#include <malloc.h>
Packit Service b23acc
Packit Service b23acc 
/*****************************************************************************/
Packit Service b23acc
Packit Service b23acc 
void
Packit Service b23acc 
nm_explicit_bzero (void *s, gsize n)
Packit Service b23acc 
{
Packit Service b23acc 
	/* gracefully handle n == 0. This is important, callers rely on it. */
Packit Service b23acc 
	if (G_UNLIKELY (n == 0))
Packit Service b23acc 
		return;
Packit Service b23acc
Packit Service b23acc 
	nm_assert (s);
Packit Service b23acc
Packit Service b23acc 
#if defined (HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
Packit Service b23acc 
	explicit_bzero (s, n);
Packit Service b23acc 
#else
Packit Service b23acc 
	{
Packit Service b23acc 
		volatile guint8 *p = s;
Packit Service b23acc
Packit Service b23acc 
		memset (s, '\0', n);
Packit Service b23acc 
		while (n-- > 0)
Packit Service b23acc 
			*(p++) = '\0';
Packit Service b23acc 
	}
Packit Service b23acc 
#endif
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
void
Packit Service b23acc 
nm_free_secret (char *secret)
Packit Service b23acc 
{
Packit Service b23acc 
	gsize len;
Packit Service b23acc
Packit Service b23acc 
	if (!secret)
Packit Service b23acc 
		return;
Packit Service b23acc
Packit Service b23acc 
#if GLIB_CHECK_VERSION(2,44,0)
Packit Service b23acc 
	/* Here we mix malloc() and g_malloc() API. Usually we avoid this,
Packit Service b23acc 
	 * however since glib 2.44.0 we are in fact guaranteed that g_malloc()/g_free()
Packit Service b23acc 
	 * just wraps malloc()/free(), so this is actually fine.
Packit Service b23acc 
	 *
Packit Service b23acc 
	 * See https://gitlab.gnome.org/GNOME/glib/commit/3be6ed60aa58095691bd697344765e715a327fc1
Packit Service b23acc 
	 */
Packit Service b23acc 
	len = malloc_usable_size (secret);
Packit Service b23acc 
#else
Packit Service b23acc 
	len = strlen (secret);
Packit Service b23acc 
#endif
Packit Service b23acc
Packit Service b23acc 
	nm_explicit_bzero (secret, len);
Packit Service b23acc 
	g_free (secret);
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
/*****************************************************************************/
Packit Service b23acc
Packit Service b23acc 
char *
Packit Service b23acc 
nm_secret_strchomp (char *secret)
Packit Service b23acc 
{
Packit Service b23acc 
	gsize len;
Packit Service b23acc
Packit Service b23acc 
	g_return_val_if_fail (secret, NULL);
Packit Service b23acc
Packit Service b23acc 
	/* it's actually identical to g_strchomp(). However,
Packit Service b23acc 
	 * the glib function does not document, that it clears the
Packit Service b23acc 
	 * memory. For @secret, we don't only want to truncate trailing
Packit Service b23acc 
	 * spaces, we want to overwrite them with NUL. */
Packit Service b23acc
Packit Service b23acc 
	len = strlen (secret);
Packit Service b23acc 
	while (len--) {
Packit Service b23acc 
		if (g_ascii_isspace ((guchar) secret[len]))
Packit Service b23acc 
			secret[len] = '\0';
Packit Service b23acc 
		else
Packit Service b23acc 
			break;
Packit Service b23acc 
	}
Packit Service b23acc
Packit Service b23acc 
	return secret;
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
/*****************************************************************************/
Packit Service b23acc
Packit Service b23acc 
GBytes *
Packit Service b23acc 
nm_secret_copy_to_gbytes (gconstpointer mem, gsize mem_len)
Packit Service b23acc 
{
Packit Service b23acc 
	NMSecretBuf *b;
Packit Service b23acc
Packit Service b23acc 
	if (mem_len == 0)
Packit Service b23acc 
		return g_bytes_new_static ("", 0);
Packit Service b23acc
Packit Service b23acc 
	nm_assert (mem);
Packit Service b23acc
Packit Service b23acc 
	/* NUL terminate the buffer.
Packit Service b23acc 
	 *
Packit Service b23acc 
	 * The entire buffer is already malloc'ed and likely has some room for padding.
Packit Service b23acc 
	 * Thus, in many situations, this additional byte will cause no overhead in
Packit Service b23acc 
	 * practice.
Packit Service b23acc 
	 *
Packit Service b23acc 
	 * Even if it causes an overhead, do it just for safety. Yes, the returned
Packit Service b23acc 
	 * bytes is not a NUL terminated string and no user must rely on this. Do
Packit Service b23acc 
	 * not treat binary data as NUL terminated strings, unless you know what
Packit Service b23acc 
	 * you are doing. Anyway, defensive FTW.
Packit Service b23acc 
	 */
Packit Service b23acc
Packit Service b23acc 
	b = nm_secret_buf_new (mem_len + 1);
Packit Service b23acc 
	memcpy (b->bin, mem, mem_len);
Packit Service b23acc 
	b->bin[mem_len] = 0;
Packit Service b23acc 
	return nm_secret_buf_to_gbytes_take (b, mem_len);
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
/*****************************************************************************/
Packit Service b23acc
Packit Service b23acc 
NMSecretBuf *
Packit Service b23acc 
nm_secret_buf_new (gsize len)
Packit Service b23acc 
{
Packit Service b23acc 
	NMSecretBuf *secret;
Packit Service b23acc
Packit Service b23acc 
	nm_assert (len > 0);
Packit Service b23acc
Packit Service b23acc 
	secret = g_malloc (sizeof (NMSecretBuf) + len);
Packit Service b23acc 
	*((gsize *) &(secret->len)) = len;
Packit Service b23acc 
	return secret;
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
static void
Packit Service b23acc 
_secret_buf_free (gpointer user_data)
Packit Service b23acc 
{
Packit Service b23acc 
	NMSecretBuf *secret = user_data;
Packit Service b23acc
Packit Service b23acc 
	nm_assert (secret);
Packit Service b23acc 
	nm_assert (secret->len > 0);
Packit Service b23acc
Packit Service b23acc 
	nm_explicit_bzero (secret->bin, secret->len);
Packit Service b23acc 
	g_free (user_data);
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
GBytes *
Packit Service b23acc 
nm_secret_buf_to_gbytes_take (NMSecretBuf *secret, gssize actual_len)
Packit Service b23acc 
{
Packit Service b23acc 
	nm_assert (secret);
Packit Service b23acc 
	nm_assert (secret->len > 0);
Packit Service b23acc 
	nm_assert (actual_len == -1 || (actual_len >= 0 && actual_len <= secret->len));
Packit Service b23acc 
	return g_bytes_new_with_free_func (secret->bin,
Packit Service b23acc 
	                                   actual_len >= 0 ? (gsize) actual_len : secret->len,
Packit Service b23acc 
	                                   _secret_buf_free,
Packit Service b23acc 
	                                   secret);
Packit Service b23acc 
}
Packit Service b23acc
Packit Service b23acc 
/*****************************************************************************/
Packit Service b23acc
Packit Service b23acc 
/**
Packit Service b23acc 
 * nm_utils_memeqzero_secret:
Packit Service b23acc 
 * @data: the data pointer to check (may be %NULL if @length is zero).
Packit Service b23acc 
 * @length: the number of bytes to check.
Packit Service b23acc 
 *
Packit Service b23acc 
 * Checks that all bytes are zero. This always takes the same amount
Packit Service b23acc 
 * of time to prevent timing attacks.
Packit Service b23acc 
 *
Packit Service b23acc 
 * Returns: whether all bytes are zero.
Packit Service b23acc 
 */
Packit Service b23acc 
gboolean
Packit Service b23acc 
nm_utils_memeqzero_secret (gconstpointer data, gsize length)
Packit Service b23acc 
{
Packit Service b23acc 
	const guint8 *const key = data;
Packit Service b23acc 
	volatile guint8 acc = 0;
Packit Service b23acc 
	gsize i;
Packit Service b23acc
Packit Service b23acc 
	for (i = 0; i < length; i++) {
Packit Service b23acc 
		acc |= key[i];
Packit Service b23acc 
		asm volatile("" : "=r"(acc) : "0"(acc));
Packit Service b23acc 
	}
Packit Service b23acc 
	return 1 & ((acc - 1) >> 8);
Packit Service b23acc 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation