|
Packit Service |
87a54e |
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
Packit |
5756e2 |
/*
|
|
Packit |
5756e2 |
* Copyright (C) 2018 Red Hat, Inc.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#ifndef __NM_SECRET_UTILS_H__
|
|
Packit |
5756e2 |
#define __NM_SECRET_UTILS_H__
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#include "nm-macros-internal.h"
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
void nm_explicit_bzero(void *s, gsize n);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
char *nm_secret_strchomp(char *secret);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
void nm_free_secret(char *secret);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
NM_AUTO_DEFINE_FCN0(char *, _nm_auto_free_secret, nm_free_secret);
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_auto_free_secret:
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Call g_free() on a variable location when it goes out of scope.
|
|
Packit |
5756e2 |
* Also, previously, calls memset(loc, 0, strlen(loc)) to clear out
|
|
Packit |
5756e2 |
* the secret.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
#define nm_auto_free_secret nm_auto(_nm_auto_free_secret)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
GBytes *nm_secret_copy_to_gbytes(gconstpointer mem, gsize mem_len);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/* NMSecretPtr is a pair of malloc'ed data pointer and the length of the
|
|
Packit |
5756e2 |
* data. The purpose is to use it in combination with nm_auto_clear_secret_ptr
|
|
Packit |
5756e2 |
* which ensures that the data pointer (with all len bytes) is cleared upon
|
|
Packit |
5756e2 |
* cleanup. */
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
gsize len;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
/* the data pointer. This pointer must be allocated with malloc (at least
|
|
Packit Service |
a1bd4f |
* when used with nm_secret_ptr_clear()). */
|
|
Packit Service |
a1bd4f |
union {
|
|
Packit Service |
a1bd4f |
char * str;
|
|
Packit Service |
a1bd4f |
void * ptr;
|
|
Packit Service |
a1bd4f |
guint8 *bin;
|
|
Packit Service |
a1bd4f |
};
|
|
Packit |
5756e2 |
} NMSecretPtr;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static inline void
|
|
Packit Service |
a1bd4f |
nm_secret_ptr_bzero(NMSecretPtr *secret)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
if (secret) {
|
|
Packit Service |
a1bd4f |
if (secret->len > 0) {
|
|
Packit Service |
a1bd4f |
if (secret->ptr)
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(secret->ptr, secret->len);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define nm_auto_bzero_secret_ptr nm_auto(nm_secret_ptr_bzero)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static inline void
|
|
Packit Service |
a1bd4f |
nm_secret_ptr_clear(NMSecretPtr *secret)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
if (secret) {
|
|
Packit Service |
a1bd4f |
if (secret->len > 0) {
|
|
Packit Service |
a1bd4f |
if (secret->ptr)
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(secret->ptr, secret->len);
|
|
Packit Service |
a1bd4f |
secret->len = 0;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
nm_clear_g_free(&secret->ptr);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define nm_auto_clear_secret_ptr nm_auto(nm_secret_ptr_clear)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define NM_SECRET_PTR_INIT() \
|
|
Packit Service |
a1bd4f |
((const NMSecretPtr){ \
|
|
Packit Service |
a1bd4f |
.len = 0, \
|
|
Packit Service |
a1bd4f |
.ptr = NULL, \
|
|
Packit Service |
a1bd4f |
})
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define NM_SECRET_PTR_STATIC(_len) \
|
|
Packit Service |
a1bd4f |
((const NMSecretPtr){ \
|
|
Packit Service |
a1bd4f |
.len = _len, \
|
|
Packit Service |
a1bd4f |
.ptr = ((guint8[_len]){}), \
|
|
Packit Service |
a1bd4f |
})
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
#define NM_SECRET_PTR_ARRAY(_arr) \
|
|
Packit Service |
a1bd4f |
((const NMSecretPtr){ \
|
|
Packit Service |
a1bd4f |
.len = G_N_ELEMENTS(_arr) * sizeof((_arr)[0]), \
|
|
Packit Service |
a1bd4f |
.ptr = &((_arr)[0]), \
|
|
Packit Service |
a1bd4f |
})
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static inline void
|
|
Packit Service |
a1bd4f |
nm_secret_ptr_clear_static(const NMSecretPtr *secret)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
if (secret) {
|
|
Packit Service |
a1bd4f |
if (secret->len > 0) {
|
|
Packit Service |
a1bd4f |
nm_assert(secret->ptr);
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(secret->ptr, secret->len);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#define nm_auto_clear_static_secret_ptr nm_auto(nm_secret_ptr_clear_static)
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static inline void
|
|
Packit Service |
a1bd4f |
nm_secret_ptr_move(NMSecretPtr *dst, NMSecretPtr *src)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
if (dst && dst != src) {
|
|
Packit Service |
a1bd4f |
*dst = *src;
|
|
Packit Service |
a1bd4f |
src->len = 0;
|
|
Packit Service |
a1bd4f |
src->ptr = NULL;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
typedef struct {
|
|
Packit Service |
a1bd4f |
const gsize len;
|
|
Packit Service |
a1bd4f |
union {
|
|
Packit Service |
a1bd4f |
char str[0];
|
|
Packit Service |
a1bd4f |
guint8 bin[0];
|
|
Packit Service |
a1bd4f |
};
|
|
Packit |
5756e2 |
} NMSecretBuf;
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
static inline void
|
|
Packit Service |
a1bd4f |
_nm_auto_free_secret_buf(NMSecretBuf **ptr)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
NMSecretBuf *b = *ptr;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (b) {
|
|
Packit Service |
a1bd4f |
nm_assert(b->len > 0);
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(b->bin, b->len);
|
|
Packit Service |
a1bd4f |
g_free(b);
|
|
Packit Service |
a1bd4f |
}
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
#define nm_auto_free_secret_buf nm_auto(_nm_auto_free_secret_buf)
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
NMSecretBuf *nm_secret_buf_new(gsize len);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
GBytes *nm_secret_buf_to_gbytes_take(NMSecretBuf *secret, gssize actual_len);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
gboolean nm_utils_memeqzero_secret(gconstpointer data, gsize length);
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_mem_realloc:
|
|
Packit |
5756e2 |
* @m_old: the current buffer of length @cur_len.
|
|
Packit |
5756e2 |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit |
5756e2 |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit |
5756e2 |
* @new_len: the desired new length
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* If @do_bzero_mem is false, this is like g_realloc().
|
|
Packit |
5756e2 |
* Otherwise, this will allocate a new buffer of the desired size, copy over the
|
|
Packit |
5756e2 |
* old data, and bzero the old buffer before freeing it. As such, it also behaves
|
|
Packit |
5756e2 |
* similar to g_realloc(), with the overhead of nm_explicit_bzero() and using
|
|
Packit |
5756e2 |
* malloc/free instead of realloc().
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new allocated buffer. Think of it behaving like g_realloc().
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
static inline gpointer
|
|
Packit Service |
a1bd4f |
nm_secret_mem_realloc(gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gpointer m_new;
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
nm_assert(m_old || cur_len == 0);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
if (do_bzero_mem && G_LIKELY(cur_len > 0)) {
|
|
Packit Service |
a1bd4f |
m_new = g_malloc(new_len);
|
|
Packit Service |
a1bd4f |
if (G_LIKELY(new_len > 0))
|
|
Packit Service |
a1bd4f |
memcpy(m_new, m_old, NM_MIN(cur_len, new_len));
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(m_old, cur_len);
|
|
Packit Service |
a1bd4f |
g_free(m_old);
|
|
Packit Service |
a1bd4f |
} else
|
|
Packit Service |
a1bd4f |
m_new = g_realloc(m_old, new_len);
|
|
Packit |
5756e2 |
|
|
Packit Service |
a1bd4f |
return m_new;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_mem_try_realloc:
|
|
Packit |
5756e2 |
* @m_old: the current buffer of length @cur_len.
|
|
Packit |
5756e2 |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit |
5756e2 |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit |
5756e2 |
* @new_len: the desired new length
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* If @do_bzero_mem is false, this is like g_try_realloc().
|
|
Packit |
5756e2 |
* Otherwise, this will try to allocate a new buffer of the desired size, copy over the
|
|
Packit |
5756e2 |
* old data, and bzero the old buffer before freeing it. As such, it also behaves
|
|
Packit |
5756e2 |
* similar to g_try_realloc(), with the overhead of nm_explicit_bzero() and using
|
|
Packit |
5756e2 |
* malloc/free instead of realloc().
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc().
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
static inline gpointer
|
|
Packit Service |
a1bd4f |
nm_secret_mem_try_realloc(gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gpointer m_new;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(m_old || cur_len == 0);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (do_bzero_mem && G_LIKELY(cur_len > 0)) {
|
|
Packit Service |
a1bd4f |
if (G_UNLIKELY(new_len == 0))
|
|
Packit Service |
a1bd4f |
m_new = NULL;
|
|
Packit Service |
a1bd4f |
else {
|
|
Packit Service |
a1bd4f |
m_new = g_try_malloc(new_len);
|
|
Packit Service |
a1bd4f |
if (!m_new)
|
|
Packit Service |
a1bd4f |
return NULL;
|
|
Packit Service |
a1bd4f |
memcpy(m_new, m_old, NM_MIN(cur_len, new_len));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(m_old, cur_len);
|
|
Packit Service |
a1bd4f |
g_free(m_old);
|
|
Packit Service |
a1bd4f |
return m_new;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
return g_try_realloc(m_old, new_len);
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/**
|
|
Packit |
5756e2 |
* nm_secret_mem_try_realloc_take:
|
|
Packit |
5756e2 |
* @m_old: the current buffer of length @cur_len.
|
|
Packit |
5756e2 |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit |
5756e2 |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit |
5756e2 |
* @new_len: the desired new length
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* This works like nm_secret_mem_try_realloc(), which is not unlike g_try_realloc().
|
|
Packit |
5756e2 |
* The difference is, if we fail to allocate a new buffer, then @m_old will be
|
|
Packit |
5756e2 |
* freed (and possibly cleared). This differs from plain realloc(), where the
|
|
Packit |
5756e2 |
* old buffer is unchanged if the operation fails.
|
|
Packit |
5756e2 |
*
|
|
Packit |
5756e2 |
* Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc()
|
|
Packit |
5756e2 |
* but it will always free @m_old.
|
|
Packit |
5756e2 |
*/
|
|
Packit |
5756e2 |
static inline gpointer
|
|
Packit Service |
a1bd4f |
nm_secret_mem_try_realloc_take(gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit |
5756e2 |
{
|
|
Packit Service |
a1bd4f |
gpointer m_new;
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
nm_assert(m_old || cur_len == 0);
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
if (do_bzero_mem && G_LIKELY(cur_len > 0)) {
|
|
Packit Service |
a1bd4f |
if (G_UNLIKELY(new_len == 0))
|
|
Packit Service |
a1bd4f |
m_new = NULL;
|
|
Packit Service |
a1bd4f |
else {
|
|
Packit Service |
a1bd4f |
m_new = g_try_malloc(new_len);
|
|
Packit Service |
a1bd4f |
if (G_LIKELY(m_new))
|
|
Packit Service |
a1bd4f |
memcpy(m_new, m_old, NM_MIN(cur_len, new_len));
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
nm_explicit_bzero(m_old, cur_len);
|
|
Packit Service |
a1bd4f |
g_free(m_old);
|
|
Packit Service |
a1bd4f |
return m_new;
|
|
Packit Service |
a1bd4f |
}
|
|
Packit Service |
a1bd4f |
|
|
Packit Service |
a1bd4f |
m_new = g_try_realloc(m_old, new_len);
|
|
Packit Service |
a1bd4f |
if (G_UNLIKELY(!m_new && new_len > 0))
|
|
Packit Service |
a1bd4f |
g_free(m_old);
|
|
Packit Service |
a1bd4f |
return m_new;
|
|
Packit |
5756e2 |
}
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
/*****************************************************************************/
|
|
Packit |
5756e2 |
|
|
Packit |
5756e2 |
#endif /* __NM_SECRET_UTILS_H__ */
|