1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_
7 
8 #include <initializer_list>
9 #include <string>
10 #include <vector>
11 
12 #include <brillo/asan.h>
13 #include <brillo/brillo_export.h>
14 
15 namespace brillo {
16 
17 // TODO(sarthakkukreti): remove temp. SecureVector once we break SecureBlob's
18 // dependence on std::vector<uint8_t>
19 using Blob = std::vector<uint8_t>;
20 using SecureVector = std::vector<uint8_t>;
21 
22 // Conversion of Blob to/from std::string, where the string holds raw byte
23 // contents.
24 BRILLO_EXPORT std::string BlobToString(const Blob& blob);
25 BRILLO_EXPORT Blob BlobFromString(const std::string& bytes);
26 
27 // Returns a concatenation of given Blobs.
28 BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs);
29 
30 // SecureBlob erases the contents on destruction.  It does not guarantee erasure
31 // on resize, assign, etc.
32 class BRILLO_EXPORT SecureBlob : public Blob {
33  public:
34   SecureBlob() = default;
35   using Blob::vector;  // Inherit standard constructors from vector.
36   explicit SecureBlob(const Blob& blob);
37   explicit SecureBlob(const std::string& data);
38   ~SecureBlob();
39 
40   void resize(size_type count);
41   void resize(size_type count, const value_type& value);
42   void clear();
43 
44   std::string to_string() const;
char_data()45   char* char_data() { return reinterpret_cast<char*>(data()); }
char_data()46   const char* char_data() const {
47     return reinterpret_cast<const char*>(data());
48   }
49   static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
50   static bool HexStringToSecureBlob(const std::string& input,
51                                     SecureBlob* output);
52 };
53 
54 // Secure memset(). This function is guaranteed to fill in the whole buffer
55 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
56 // of C Standard [ISO/IEC 9899:2011] which states:
57 // In the abstract machine, all expressions are evaluated as specified by the
58 // semantics. An actual implementation need not evaluate part of an expression
59 // if it can deduce that its value is not used and that no needed side effects
60 // are produced (including any caused by calling a function or accessing
61 // a volatile object).
62 // While memset() can be optimized out in certain situations (since most
63 // compilers implement this function as intrinsic and know of its side effects),
64 // this function will not be optimized out.
65 //
66 // SecureMemset is used to write beyond the size() in several functions.
67 // Since this is intentional, disable address sanitizer from analying it.
68 BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n);
69 
70 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
71 // 1 if they don't. Time taken to perform the comparison is only dependent on
72 // [n] and not on the relationship of the match between [s1] and [s2].
73 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
74 
75 // Conversion of SecureBlob data to/from SecureBlob hex. This is useful
76 // for sensitive data like encryption keys, that should, in the ideal case never
77 // be exposed as strings in the first place. In case the existing data or hex
78 // string is already exposed as a std::string, it is preferable to use the
79 // BlobToString variant.
80 BRILLO_EXPORT SecureBlob SecureBlobToSecureHex(const SecureBlob& blob);
81 BRILLO_EXPORT SecureBlob SecureHexToSecureBlob(const SecureBlob& hex);
82 
83 }  // namespace brillo
84 
85 #endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_
86