|
Packit Service |
b23acc |
// SPDX-License-Identifier: LGPL-2.1+
|
|
Packit Service |
b23acc |
/*
|
|
Packit Service |
b23acc |
* Copyright (C) 2018 Red Hat, Inc.
|
|
Packit Service |
b23acc |
* Copyright (C) 2015 - 2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#include "nm-default.h"
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#include "nm-secret-utils.h"
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#include <malloc.h>
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
void
|
|
Packit Service |
b23acc |
nm_explicit_bzero (void *s, gsize n)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
/* gracefully handle n == 0. This is important, callers rely on it. */
|
|
Packit Service |
b23acc |
if (G_UNLIKELY (n == 0))
|
|
Packit Service |
b23acc |
return;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (s);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#if defined (HAVE_DECL_EXPLICIT_BZERO) && HAVE_DECL_EXPLICIT_BZERO
|
|
Packit Service |
b23acc |
explicit_bzero (s, n);
|
|
Packit Service |
b23acc |
#else
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
volatile guint8 *p = s;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
memset (s, '\0', n);
|
|
Packit Service |
b23acc |
while (n-- > 0)
|
|
Packit Service |
b23acc |
*(p++) = '\0';
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
#endif
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
void
|
|
Packit Service |
b23acc |
nm_free_secret (char *secret)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
gsize len;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if (!secret)
|
|
Packit Service |
b23acc |
return;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#if GLIB_CHECK_VERSION(2,44,0)
|
|
Packit Service |
b23acc |
/* Here we mix malloc() and g_malloc() API. Usually we avoid this,
|
|
Packit Service |
b23acc |
* however since glib 2.44.0 we are in fact guaranteed that g_malloc()/g_free()
|
|
Packit Service |
b23acc |
* just wraps malloc()/free(), so this is actually fine.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* See https://gitlab.gnome.org/GNOME/glib/commit/3be6ed60aa58095691bd697344765e715a327fc1
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
len = malloc_usable_size (secret);
|
|
Packit Service |
b23acc |
#else
|
|
Packit Service |
b23acc |
len = strlen (secret);
|
|
Packit Service |
b23acc |
#endif
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_explicit_bzero (secret, len);
|
|
Packit Service |
b23acc |
g_free (secret);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
char *
|
|
Packit Service |
b23acc |
nm_secret_strchomp (char *secret)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
gsize len;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
g_return_val_if_fail (secret, NULL);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/* it's actually identical to g_strchomp(). However,
|
|
Packit Service |
b23acc |
* the glib function does not document, that it clears the
|
|
Packit Service |
b23acc |
* memory. For @secret, we don't only want to truncate trailing
|
|
Packit Service |
b23acc |
* spaces, we want to overwrite them with NUL. */
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
len = strlen (secret);
|
|
Packit Service |
b23acc |
while (len--) {
|
|
Packit Service |
b23acc |
if (g_ascii_isspace ((guchar) secret[len]))
|
|
Packit Service |
b23acc |
secret[len] = '\0';
|
|
Packit Service |
b23acc |
else
|
|
Packit Service |
b23acc |
break;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
return secret;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
GBytes *
|
|
Packit Service |
b23acc |
nm_secret_copy_to_gbytes (gconstpointer mem, gsize mem_len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
NMSecretBuf *b;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if (mem_len == 0)
|
|
Packit Service |
b23acc |
return g_bytes_new_static ("", 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (mem);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/* NUL terminate the buffer.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* The entire buffer is already malloc'ed and likely has some room for padding.
|
|
Packit Service |
b23acc |
* Thus, in many situations, this additional byte will cause no overhead in
|
|
Packit Service |
b23acc |
* practice.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Even if it causes an overhead, do it just for safety. Yes, the returned
|
|
Packit Service |
b23acc |
* bytes is not a NUL terminated string and no user must rely on this. Do
|
|
Packit Service |
b23acc |
* not treat binary data as NUL terminated strings, unless you know what
|
|
Packit Service |
b23acc |
* you are doing. Anyway, defensive FTW.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
b = nm_secret_buf_new (mem_len + 1);
|
|
Packit Service |
b23acc |
memcpy (b->bin, mem, mem_len);
|
|
Packit Service |
b23acc |
b->bin[mem_len] = 0;
|
|
Packit Service |
b23acc |
return nm_secret_buf_to_gbytes_take (b, mem_len);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
NMSecretBuf *
|
|
Packit Service |
b23acc |
nm_secret_buf_new (gsize len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
NMSecretBuf *secret;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (len > 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
secret = g_malloc (sizeof (NMSecretBuf) + len);
|
|
Packit Service |
b23acc |
*((gsize *) &(secret->len)) = len;
|
|
Packit Service |
b23acc |
return secret;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static void
|
|
Packit Service |
b23acc |
_secret_buf_free (gpointer user_data)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
NMSecretBuf *secret = user_data;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (secret);
|
|
Packit Service |
b23acc |
nm_assert (secret->len > 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_explicit_bzero (secret->bin, secret->len);
|
|
Packit Service |
b23acc |
g_free (user_data);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
GBytes *
|
|
Packit Service |
b23acc |
nm_secret_buf_to_gbytes_take (NMSecretBuf *secret, gssize actual_len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
nm_assert (secret);
|
|
Packit Service |
b23acc |
nm_assert (secret->len > 0);
|
|
Packit Service |
b23acc |
nm_assert (actual_len == -1 || (actual_len >= 0 && actual_len <= secret->len));
|
|
Packit Service |
b23acc |
return g_bytes_new_with_free_func (secret->bin,
|
|
Packit Service |
b23acc |
actual_len >= 0 ? (gsize) actual_len : secret->len,
|
|
Packit Service |
b23acc |
_secret_buf_free,
|
|
Packit Service |
b23acc |
secret);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/**
|
|
Packit Service |
b23acc |
* nm_utils_memeqzero_secret:
|
|
Packit Service |
b23acc |
* @data: the data pointer to check (may be %NULL if @length is zero).
|
|
Packit Service |
b23acc |
* @length: the number of bytes to check.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Checks that all bytes are zero. This always takes the same amount
|
|
Packit Service |
b23acc |
* of time to prevent timing attacks.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Returns: whether all bytes are zero.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
gboolean
|
|
Packit Service |
b23acc |
nm_utils_memeqzero_secret (gconstpointer data, gsize length)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
const guint8 *const key = data;
|
|
Packit Service |
b23acc |
volatile guint8 acc = 0;
|
|
Packit Service |
b23acc |
gsize i;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
for (i = 0; i < length; i++) {
|
|
Packit Service |
b23acc |
acc |= key[i];
|
|
Packit Service |
b23acc |
asm volatile("" : "=r"(acc) : "0"(acc));
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
return 1 & ((acc - 1) >> 8);
|
|
Packit Service |
b23acc |
}
|