Commit f1e2ca80 authored by Kuan-Wei Chiu's avatar Kuan-Wei Chiu Committed by Andrew Morton
Browse files

lib/base64: add support for multiple variants 

Patch series " lib/base64: add generic encoder/decoder, migrate users", v5.

This series introduces a generic Base64 encoder/decoder to the kernel
library, eliminating duplicated implementations and delivering significant
performance improvements.

The Base64 API has been extended to support multiple variants (Standard,
URL-safe, and IMAP) as defined in RFC 4648 and RFC 3501.  The API now
takes a variant parameter and an option to control padding.  As part of
this series, users are migrated to the new interface while preserving
their specific formats: fscrypt now uses BASE64_URLSAFE, Ceph uses
BASE64_IMAP, and NVMe is updated to BASE64_STD.

On the encoder side, the implementation processes input in 3-byte blocks,
mapping 24 bits directly to 4 output symbols.  This avoids bit-by-bit
streaming and reduces loop overhead, achieving about a 2.7x speedup
compared to previous implementations.

On the decoder side, replace strchr() lookups with per-variant reverse
tables and process input in 4-character groups.  Each group is mapped to
numeric values and combined into 3 bytes.  Padded and unpadded forms are
validated explicitly, rejecting invalid '=' usage and enforcing tail
rules.  This improves throughput by ~43-52x.


This patch (of 6):

Extend the base64 API to support multiple variants (standard, URL-safe,
and IMAP) as defined in RFC 4648 and RFC 3501.  The API now takes a
variant parameter and an option to control padding.  Update NVMe auth code
to use the new interface with BASE64_STD.

Link: https://lkml.kernel.org/r/20251114055829.87814-1-409411716@gms.tku.edu.tw
Link: https://lkml.kernel.org/r/20251114060045.88792-1-409411716@gms.tku.edu.tw


Signed-off-by: default avatarKuan-Wei Chiu <visitorckw@gmail.com>
Co-developed-by: default avatarGuan-Chun Wu <409411716@gms.tku.edu.tw>
Signed-off-by: default avatarGuan-Chun Wu <409411716@gms.tku.edu.tw>
Reviewed-by: default avatarDavid Laight <david.laight.linux@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Eric Biggers <ebiggers@kernel.org>
Cc: Ilya Dryomov <idryomov@gmail.com>
Cc: Jaegeuk Kim <jaegeuk@kernel.org>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Keith Busch <kbusch@kernel.org>
Cc: Sagi Grimberg <sagi@grimberg.me>
Cc: "Theodore Y. Ts'o" <tytso@mit.edu>
Cc: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Cc: Xiubo Li <xiubli@redhat.com>
Cc: Yu-Sheng Huang <home7438072@gmail.com>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 03ef32d6

drivers/nvme/common/auth.c

+2 −2
Original line number Diff line number Diff line
@@ -178,7 +178,7 @@ struct nvme_dhchap_key *nvme_auth_extract_key(unsigned char *secret, 
	if (!key)

		return ERR_PTR(-ENOMEM);



	key_len = base64_decode(secret, allocated_len, key->key);

	key_len = base64_decode(secret, allocated_len, key->key, true, BASE64_STD);

	if (key_len < 0) {

		pr_debug("base64 key decoding error %d\n",

			 key_len);
@@ -663,7 +663,7 @@ int nvme_auth_generate_digest(u8 hmac_id, u8 *psk, size_t psk_len, 
	if (ret)

		goto out_free_digest;



	ret = base64_encode(digest, digest_len, enc);

	ret = base64_encode(digest, digest_len, enc, true, BASE64_STD);

	if (ret < hmac_len) {

		ret = -ENOKEY;

		goto out_free_digest;

include/linux/base64.h

+8 −2
Original line number Diff line number Diff line
@@ -8,9 +8,15 @@ 


#include <linux/types.h>



enum base64_variant {

	BASE64_STD,       /* RFC 4648 (standard) */

	BASE64_URLSAFE,   /* RFC 4648 (base64url) */

	BASE64_IMAP,      /* RFC 3501 */

};



#define BASE64_CHARS(nbytes)   DIV_ROUND_UP((nbytes) * 4, 3)



int base64_encode(const u8 *src, int len, char *dst);

int base64_decode(const char *src, int len, u8 *dst);

int base64_encode(const u8 *src, int len, char *dst, bool padding, enum base64_variant variant);

int base64_decode(const char *src, int len, u8 *dst, bool padding, enum base64_variant variant);



#endif /* _LINUX_BASE64_H */

lib/base64.c

+36 −26
Original line number Diff line number Diff line 
// SPDX-License-Identifier: GPL-2.0

/*

 * base64.c - RFC4648-compliant base64 encoding

 * base64.c - Base64 with support for multiple variants

 *

 * Copyright (c) 2020 Hannes Reinecke, SUSE

 *

 * Based on the base64url routines from fs/crypto/fname.c

 * (which are using the URL-safe base64 encoding),

 * modified to use the standard coding table from RFC4648 section 4.

 * (which are using the URL-safe Base64 encoding),

 * modified to support multiple Base64 variants.

 */



#include <linux/kernel.h>
@@ -15,26 +15,31 @@ 
#include <linux/string.h>

#include <linux/base64.h>



static const char base64_table[65] =

	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";

static const char base64_tables[][65] = {

	[BASE64_STD] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",

	[BASE64_URLSAFE] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",

	[BASE64_IMAP] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,",

};



/**

 * base64_encode() - base64-encode some binary data

 * base64_encode() - Base64-encode some binary data

 * @src: the binary data to encode

 * @srclen: the length of @src in bytes

 * @dst: (output) the base64-encoded string.  Not NUL-terminated.

 * @dst: (output) the Base64-encoded string.  Not NUL-terminated.

 * @padding: whether to append '=' padding characters

 * @variant: which base64 variant to use

 *

 * Encodes data using base64 encoding, i.e. the "Base 64 Encoding" specified

 * by RFC 4648, including the  '='-padding.

 * Encodes data using the selected Base64 variant.

 *

 * Return: the length of the resulting base64-encoded string in bytes.

 * Return: the length of the resulting Base64-encoded string in bytes.

 */

int base64_encode(const u8 *src, int srclen, char *dst)

int base64_encode(const u8 *src, int srclen, char *dst, bool padding, enum base64_variant variant)

{

	u32 ac = 0;

	int bits = 0;

	int i;

	char *cp = dst;

	const char *base64_table = base64_tables[variant];



	for (i = 0; i < srclen; i++) {

		ac = (ac << 8) | src[i];
@@ -48,38 +53,42 @@ int base64_encode(const u8 *src, int srclen, char *dst) 
		*cp++ = base64_table[(ac << (6 - bits)) & 0x3f];

		bits -= 6;

	}

	if (padding) {

		while (bits < 0) {

			*cp++ = '=';

			bits += 2;

		}

	}

	return cp - dst;

}

EXPORT_SYMBOL_GPL(base64_encode);



/**

 * base64_decode() - base64-decode a string

 * base64_decode() - Base64-decode a string

 * @src: the string to decode.  Doesn't need to be NUL-terminated.

 * @srclen: the length of @src in bytes

 * @dst: (output) the decoded binary data

 * @padding: whether to append '=' padding characters

 * @variant: which base64 variant to use

 *

 * Decodes a string using base64 encoding, i.e. the "Base 64 Encoding"

 * specified by RFC 4648, including the  '='-padding.

 * Decodes a string using the selected Base64 variant.

 *

 * This implementation hasn't been optimized for performance.

 *

 * Return: the length of the resulting decoded binary data in bytes,

 *	   or -1 if the string isn't a valid base64 string.

 *	   or -1 if the string isn't a valid Base64 string.

 */

int base64_decode(const char *src, int srclen, u8 *dst)

int base64_decode(const char *src, int srclen, u8 *dst, bool padding, enum base64_variant variant)

{

	u32 ac = 0;

	int bits = 0;

	int i;

	u8 *bp = dst;

	const char *base64_table = base64_tables[variant];



	for (i = 0; i < srclen; i++) {

		const char *p = strchr(base64_table, src[i]);



		if (padding) {

			if (src[i] == '=') {

				ac = (ac << 6);

				bits += 6;
@@ -87,6 +96,7 @@ int base64_decode(const char *src, int srclen, u8 *dst) 
					bits -= 8;

				continue;

			}

		}

		if (p == NULL || src[i] == 0)

			return -1;

		ac = (ac << 6) | (p - base64_table);