|
Packit Service |
b23acc |
// SPDX-License-Identifier: LGPL-2.1+
|
|
Packit Service |
b23acc |
/*
|
|
Packit Service |
b23acc |
* Copyright (C) 2018 Red Hat, Inc.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#ifndef __NM_SECRET_UTILS_H__
|
|
Packit Service |
b23acc |
#define __NM_SECRET_UTILS_H__
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#include "nm-macros-internal.h"
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
void nm_explicit_bzero (void *s, gsize n);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
char *nm_secret_strchomp (char *secret);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
void nm_free_secret (char *secret);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
NM_AUTO_DEFINE_FCN0 (char *, _nm_auto_free_secret, nm_free_secret)
|
|
Packit Service |
b23acc |
/**
|
|
Packit Service |
b23acc |
* nm_auto_free_secret:
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Call g_free() on a variable location when it goes out of scope.
|
|
Packit Service |
b23acc |
* Also, previously, calls memset(loc, 0, strlen(loc)) to clear out
|
|
Packit Service |
b23acc |
* the secret.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
#define nm_auto_free_secret nm_auto(_nm_auto_free_secret)
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
GBytes *nm_secret_copy_to_gbytes (gconstpointer mem, gsize mem_len);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/* NMSecretPtr is a pair of malloc'ed data pointer and the length of the
|
|
Packit Service |
b23acc |
* data. The purpose is to use it in combination with nm_auto_clear_secret_ptr
|
|
Packit Service |
b23acc |
* which ensures that the data pointer (with all len bytes) is cleared upon
|
|
Packit Service |
b23acc |
* cleanup. */
|
|
Packit Service |
b23acc |
typedef struct {
|
|
Packit Service |
b23acc |
gsize len;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/* the data pointer. This pointer must be allocated with malloc (at least
|
|
Packit Service |
b23acc |
* when used with nm_secret_ptr_clear()). */
|
|
Packit Service |
b23acc |
union {
|
|
Packit Service |
b23acc |
char *str;
|
|
Packit Service |
b23acc |
void *ptr;
|
|
Packit Service |
b23acc |
guint8 *bin;
|
|
Packit Service |
b23acc |
};
|
|
Packit Service |
b23acc |
} NMSecretPtr;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static inline void
|
|
Packit Service |
b23acc |
nm_secret_ptr_bzero (NMSecretPtr *secret)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
if (secret) {
|
|
Packit Service |
b23acc |
if (secret->len > 0) {
|
|
Packit Service |
b23acc |
if (secret->ptr)
|
|
Packit Service |
b23acc |
nm_explicit_bzero (secret->ptr, secret->len);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define nm_auto_bzero_secret_ptr nm_auto(nm_secret_ptr_bzero)
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static inline void
|
|
Packit Service |
b23acc |
nm_secret_ptr_clear (NMSecretPtr *secret)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
if (secret) {
|
|
Packit Service |
b23acc |
if (secret->len > 0) {
|
|
Packit Service |
b23acc |
if (secret->ptr)
|
|
Packit Service |
b23acc |
nm_explicit_bzero (secret->ptr, secret->len);
|
|
Packit Service |
b23acc |
secret->len = 0;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
nm_clear_g_free (&secret->ptr);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define nm_auto_clear_secret_ptr nm_auto(nm_secret_ptr_clear)
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define NM_SECRET_PTR_INIT() \
|
|
Packit Service |
b23acc |
((const NMSecretPtr) { \
|
|
Packit Service |
b23acc |
.len = 0, \
|
|
Packit Service |
b23acc |
.ptr = NULL, \
|
|
Packit Service |
b23acc |
})
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define NM_SECRET_PTR_STATIC(_len) \
|
|
Packit Service |
b23acc |
((const NMSecretPtr) { \
|
|
Packit Service |
b23acc |
.len = _len, \
|
|
Packit Service |
b23acc |
.ptr = ((guint8 [_len]) { }), \
|
|
Packit Service |
b23acc |
})
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define NM_SECRET_PTR_ARRAY(_arr) \
|
|
Packit Service |
b23acc |
((const NMSecretPtr) { \
|
|
Packit Service |
b23acc |
.len = G_N_ELEMENTS (_arr) * sizeof ((_arr)[0]), \
|
|
Packit Service |
b23acc |
.ptr = &((_arr)[0]), \
|
|
Packit Service |
b23acc |
})
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static inline void
|
|
Packit Service |
b23acc |
nm_secret_ptr_clear_static (const NMSecretPtr *secret)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
if (secret) {
|
|
Packit Service |
b23acc |
if (secret->len > 0) {
|
|
Packit Service |
b23acc |
nm_assert (secret->ptr);
|
|
Packit Service |
b23acc |
nm_explicit_bzero (secret->ptr, secret->len);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#define nm_auto_clear_static_secret_ptr nm_auto(nm_secret_ptr_clear_static)
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static inline void
|
|
Packit Service |
b23acc |
nm_secret_ptr_move (NMSecretPtr *dst, NMSecretPtr *src)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
if (dst && dst != src) {
|
|
Packit Service |
b23acc |
*dst = *src;
|
|
Packit Service |
b23acc |
src->len = 0;
|
|
Packit Service |
b23acc |
src->ptr = NULL;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
typedef struct {
|
|
Packit Service |
b23acc |
const gsize len;
|
|
Packit Service |
b23acc |
union {
|
|
Packit Service |
b23acc |
char str[0];
|
|
Packit Service |
b23acc |
guint8 bin[0];
|
|
Packit Service |
b23acc |
};
|
|
Packit Service |
b23acc |
} NMSecretBuf;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
static inline void
|
|
Packit Service |
b23acc |
_nm_auto_free_secret_buf (NMSecretBuf **ptr)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
NMSecretBuf *b = *ptr;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if (b) {
|
|
Packit Service |
b23acc |
nm_assert (b->len > 0);
|
|
Packit Service |
b23acc |
nm_explicit_bzero (b->bin, b->len);
|
|
Packit Service |
b23acc |
g_free (b);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
#define nm_auto_free_secret_buf nm_auto(_nm_auto_free_secret_buf)
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
NMSecretBuf *nm_secret_buf_new (gsize len);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
GBytes *nm_secret_buf_to_gbytes_take (NMSecretBuf *secret, gssize actual_len);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
gboolean nm_utils_memeqzero_secret (gconstpointer data, gsize length);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/**
|
|
Packit Service |
b23acc |
* nm_secret_mem_realloc:
|
|
Packit Service |
b23acc |
* @m_old: the current buffer of length @cur_len.
|
|
Packit Service |
b23acc |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit Service |
b23acc |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit Service |
b23acc |
* @new_len: the desired new length
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* If @do_bzero_mem is false, this is like g_realloc().
|
|
Packit Service |
b23acc |
* Otherwise, this will allocate a new buffer of the desired size, copy over the
|
|
Packit Service |
b23acc |
* old data, and bzero the old buffer before freeing it. As such, it also behaves
|
|
Packit Service |
b23acc |
* similar to g_realloc(), with the overhead of nm_explicit_bzero() and using
|
|
Packit Service |
b23acc |
* malloc/free intead of realloc().
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Returns: the new allocated buffer. Think of it behaving like g_realloc().
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
static inline gpointer
|
|
Packit Service |
b23acc |
nm_secret_mem_realloc (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
gpointer m_new;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (m_old || cur_len == 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if ( do_bzero_mem
|
|
Packit Service |
b23acc |
&& G_LIKELY (cur_len > 0)) {
|
|
Packit Service |
b23acc |
m_new = g_malloc (new_len);
|
|
Packit Service |
b23acc |
if (G_LIKELY (new_len > 0))
|
|
Packit Service |
b23acc |
memcpy (m_new, m_old, NM_MIN (cur_len, new_len));
|
|
Packit Service |
b23acc |
nm_explicit_bzero (m_old, cur_len);
|
|
Packit Service |
b23acc |
g_free (m_old);
|
|
Packit Service |
b23acc |
} else
|
|
Packit Service |
b23acc |
m_new = g_realloc (m_old, new_len);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
return m_new;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/**
|
|
Packit Service |
b23acc |
* nm_secret_mem_try_realloc:
|
|
Packit Service |
b23acc |
* @m_old: the current buffer of length @cur_len.
|
|
Packit Service |
b23acc |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit Service |
b23acc |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit Service |
b23acc |
* @new_len: the desired new length
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* If @do_bzero_mem is false, this is like g_try_realloc().
|
|
Packit Service |
b23acc |
* Otherwise, this will try to allocate a new buffer of the desired size, copy over the
|
|
Packit Service |
b23acc |
* old data, and bzero the old buffer before freeing it. As such, it also behaves
|
|
Packit Service |
b23acc |
* similar to g_try_realloc(), with the overhead of nm_explicit_bzero() and using
|
|
Packit Service |
b23acc |
* malloc/free intead of realloc().
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc().
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
static inline gpointer
|
|
Packit Service |
b23acc |
nm_secret_mem_try_realloc (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
gpointer m_new;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (m_old || cur_len == 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if ( do_bzero_mem
|
|
Packit Service |
b23acc |
&& G_LIKELY (cur_len > 0)) {
|
|
Packit Service |
b23acc |
if (G_UNLIKELY (new_len == 0))
|
|
Packit Service |
b23acc |
m_new = NULL;
|
|
Packit Service |
b23acc |
else {
|
|
Packit Service |
b23acc |
m_new = g_try_malloc (new_len);
|
|
Packit Service |
b23acc |
if (!m_new)
|
|
Packit Service |
b23acc |
return NULL;
|
|
Packit Service |
b23acc |
memcpy (m_new, m_old, NM_MIN (cur_len, new_len));
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
nm_explicit_bzero (m_old, cur_len);
|
|
Packit Service |
b23acc |
g_free (m_old);
|
|
Packit Service |
b23acc |
return m_new;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
return g_try_realloc (m_old, new_len);
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/**
|
|
Packit Service |
b23acc |
* nm_secret_mem_try_realloc_take:
|
|
Packit Service |
b23acc |
* @m_old: the current buffer of length @cur_len.
|
|
Packit Service |
b23acc |
* @do_bzero_mem: if %TRUE, bzero the old buffer
|
|
Packit Service |
b23acc |
* @cur_len: the current buffer length of @m_old. It is necessary for bzero.
|
|
Packit Service |
b23acc |
* @new_len: the desired new length
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* This works like nm_secret_mem_try_realloc(), which is not unlike g_try_realloc().
|
|
Packit Service |
b23acc |
* The difference is, if we fail to allocate a new buffer, then @m_old will be
|
|
Packit Service |
b23acc |
* freed (and possibly cleared). This differs from plain realloc(), where the
|
|
Packit Service |
b23acc |
* old buffer is unchanged if the operation fails.
|
|
Packit Service |
b23acc |
*
|
|
Packit Service |
b23acc |
* Returns: the new allocated buffer or NULL. Think of it behaving like g_try_realloc()
|
|
Packit Service |
b23acc |
* but it will always free @m_old.
|
|
Packit Service |
b23acc |
*/
|
|
Packit Service |
b23acc |
static inline gpointer
|
|
Packit Service |
b23acc |
nm_secret_mem_try_realloc_take (gpointer m_old, gboolean do_bzero_mem, gsize cur_len, gsize new_len)
|
|
Packit Service |
b23acc |
{
|
|
Packit Service |
b23acc |
gpointer m_new;
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
nm_assert (m_old || cur_len == 0);
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
if ( do_bzero_mem
|
|
Packit Service |
b23acc |
&& G_LIKELY (cur_len > 0)) {
|
|
Packit Service |
b23acc |
if (G_UNLIKELY (new_len == 0))
|
|
Packit Service |
b23acc |
m_new = NULL;
|
|
Packit Service |
b23acc |
else {
|
|
Packit Service |
b23acc |
m_new = g_try_malloc (new_len);
|
|
Packit Service |
b23acc |
if (G_LIKELY (m_new))
|
|
Packit Service |
b23acc |
memcpy (m_new, m_old, NM_MIN (cur_len, new_len));
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
nm_explicit_bzero (m_old, cur_len);
|
|
Packit Service |
b23acc |
g_free (m_old);
|
|
Packit Service |
b23acc |
return m_new;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
m_new = g_try_realloc (m_old, new_len);
|
|
Packit Service |
b23acc |
if (G_UNLIKELY (!m_new && new_len > 0))
|
|
Packit Service |
b23acc |
g_free (m_old);
|
|
Packit Service |
b23acc |
return m_new;
|
|
Packit Service |
b23acc |
}
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
/*****************************************************************************/
|
|
Packit Service |
b23acc |
|
|
Packit Service |
b23acc |
#endif /* __NM_SECRET_UTILS_H__ */
|