• Home
  • History
  • Annotate
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_
7 
8 #include <string>
9 #include <vector>
10 
11 #include <brillo/brillo_export.h>
12 
13 namespace brillo {
14 
15 using Blob = std::vector<uint8_t>;
16 
17 // SecureBlob erases the contents on destruction.  It does not guarantee erasure
18 // on resize, assign, etc.
19 class BRILLO_EXPORT SecureBlob : public Blob {
20  public:
21   SecureBlob() = default;
22   using Blob::vector;  // Inherit standard constructors from vector.
23   explicit SecureBlob(const std::string& data);
24   ~SecureBlob();
25 
26   void resize(size_type count);
27   void resize(size_type count, const value_type& value);
28   void clear();
29 
30   std::string to_string() const;
char_data()31   char* char_data() { return reinterpret_cast<char*>(data()); }
char_data()32   const char* char_data() const {
33     return reinterpret_cast<const char*>(data());
34   }
35   static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
36 };
37 
38 // Secure memset(). This function is guaranteed to fill in the whole buffer
39 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
40 // of C Standard [ISO/IEC 9899:2011] which states:
41 // In the abstract machine, all expressions are evaluated as specified by the
42 // semantics. An actual implementation need not evaluate part of an expression
43 // if it can deduce that its value is not used and that no needed side effects
44 // are produced (including any caused by calling a function or accessing
45 // a volatile object).
46 // While memset() can be optimized out in certain situations (since most
47 // compilers implement this function as intrinsic and know of its side effects),
48 // this function will not be optimized out.
49 BRILLO_EXPORT void* SecureMemset(void* v, int c, size_t n);
50 
51 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
52 // 1 if they don't. Time taken to perform the comparison is only dependent on
53 // [n] and not on the relationship of the match between [s1] and [s2].
54 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
55 
56 }  // namespace brillo
57 
58 #endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_
59