// Copyright (c) 2012 The Chromium OS Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_ #define LIBBRILLO_BRILLO_SECURE_BLOB_H_ #include #include #include #include #include namespace brillo { // TODO(sarthakkukreti): remove temp. SecureVector once we break SecureBlob's // dependence on std::vector using Blob = std::vector; using SecureVector = std::vector; // Conversion of Blob to/from std::string, where the string holds raw byte // contents. BRILLO_EXPORT std::string BlobToString(const Blob& blob); BRILLO_EXPORT Blob BlobFromString(const std::string& bytes); // Returns a concatenation of given Blobs. BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list& blobs); // SecureBlob erases the contents on destruction. It does not guarantee erasure // on resize, assign, etc. class BRILLO_EXPORT SecureBlob : public Blob { public: SecureBlob() = default; using Blob::vector; // Inherit standard constructors from vector. explicit SecureBlob(const Blob& blob); explicit SecureBlob(const std::string& data); ~SecureBlob(); void resize(size_type count); void resize(size_type count, const value_type& value); void clear(); std::string to_string() const; char* char_data() { return reinterpret_cast(data()); } const char* char_data() const { return reinterpret_cast(data()); } static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2); static bool HexStringToSecureBlob(const std::string& input, SecureBlob* output); }; // Secure memset(). This function is guaranteed to fill in the whole buffer // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3 // of C Standard [ISO/IEC 9899:2011] which states: // In the abstract machine, all expressions are evaluated as specified by the // semantics. An actual implementation need not evaluate part of an expression // if it can deduce that its value is not used and that no needed side effects // are produced (including any caused by calling a function or accessing // a volatile object). // While memset() can be optimized out in certain situations (since most // compilers implement this function as intrinsic and know of its side effects), // this function will not be optimized out. // // SecureMemset is used to write beyond the size() in several functions. // Since this is intentional, disable address sanitizer from analying it. BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n); // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match, // 1 if they don't. Time taken to perform the comparison is only dependent on // [n] and not on the relationship of the match between [s1] and [s2]. BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n); // Conversion of SecureBlob data to/from SecureBlob hex. This is useful // for sensitive data like encryption keys, that should, in the ideal case never // be exposed as strings in the first place. In case the existing data or hex // string is already exposed as a std::string, it is preferable to use the // BlobToString variant. BRILLO_EXPORT SecureBlob SecureBlobToSecureHex(const SecureBlob& blob); BRILLO_EXPORT SecureBlob SecureHexToSecureBlob(const SecureBlob& hex); } // namespace brillo #endif // LIBBRILLO_BRILLO_SECURE_BLOB_H_