1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_
7 
8 #include <initializer_list>
9 #include <string>
10 #include <vector>
11 
12 #include <brillo/asan.h>
13 #include <brillo/brillo_export.h>
14 
15 namespace brillo {
16 
17 using Blob = std::vector<uint8_t>;
18 
19 // Conversion of Blob to/from std::string, where the string holds raw byte
20 // contents.
21 BRILLO_EXPORT std::string BlobToString(const Blob& blob);
22 BRILLO_EXPORT Blob BlobFromString(const std::string& bytes);
23 
24 // Returns a concatenation of given Blobs.
25 BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs);
26 
27 // SecureBlob erases the contents on destruction.  It does not guarantee erasure
28 // on resize, assign, etc.
29 class BRILLO_EXPORT SecureBlob : public Blob {
30  public:
31   SecureBlob() = default;
32   using Blob::vector;  // Inherit standard constructors from vector.
33   explicit SecureBlob(const Blob& blob);
34   explicit SecureBlob(const std::string& data);
35   ~SecureBlob();
36 
37   void resize(size_type count);
38   void resize(size_type count, const value_type& value);
39   void clear();
40 
41   std::string to_string() const;
char_data()42   char* char_data() { return reinterpret_cast<char*>(data()); }
char_data()43   const char* char_data() const {
44     return reinterpret_cast<const char*>(data());
45   }
46   static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
47   static bool HexStringToSecureBlob(const std::string& input,
48                                     SecureBlob* output);
49 };
50 
51 // Secure memset(). This function is guaranteed to fill in the whole buffer
52 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
53 // of C Standard [ISO/IEC 9899:2011] which states:
54 // In the abstract machine, all expressions are evaluated as specified by the
55 // semantics. An actual implementation need not evaluate part of an expression
56 // if it can deduce that its value is not used and that no needed side effects
57 // are produced (including any caused by calling a function or accessing
58 // a volatile object).
59 // While memset() can be optimized out in certain situations (since most
60 // compilers implement this function as intrinsic and know of its side effects),
61 // this function will not be optimized out.
62 //
63 // SecureMemset is used to write beyond the size() in several functions.
64 // Since this is intentional, disable address sanitizer from analying it.
65 BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n);
66 
67 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
68 // 1 if they don't. Time taken to perform the comparison is only dependent on
69 // [n] and not on the relationship of the match between [s1] and [s2].
70 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
71 
72 }  // namespace brillo
73 
74 #endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_
75