1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_ 6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_ 7 8 #include <string> 9 #include <vector> 10 11 #include <brillo/brillo_export.h> 12 13 namespace brillo { 14 15 using Blob = std::vector<uint8_t>; 16 17 // SecureBlob erases the contents on destruction. It does not guarantee erasure 18 // on resize, assign, etc. 19 class BRILLO_EXPORT SecureBlob : public Blob { 20 public: 21 SecureBlob() = default; 22 using Blob::vector; // Inherit standard constructors from vector. 23 explicit SecureBlob(const std::string& data); 24 ~SecureBlob(); 25 26 void resize(size_type count); 27 void resize(size_type count, const value_type& value); 28 void clear(); 29 30 std::string to_string() const; char_data()31 char* char_data() { return reinterpret_cast<char*>(data()); } char_data()32 const char* char_data() const { 33 return reinterpret_cast<const char*>(data()); 34 } 35 static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2); 36 }; 37 38 // Secure memset(). This function is guaranteed to fill in the whole buffer 39 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3 40 // of C Standard [ISO/IEC 9899:2011] which states: 41 // In the abstract machine, all expressions are evaluated as specified by the 42 // semantics. An actual implementation need not evaluate part of an expression 43 // if it can deduce that its value is not used and that no needed side effects 44 // are produced (including any caused by calling a function or accessing 45 // a volatile object). 46 // While memset() can be optimized out in certain situations (since most 47 // compilers implement this function as intrinsic and know of its side effects), 48 // this function will not be optimized out. 49 BRILLO_EXPORT void* SecureMemset(void* v, int c, size_t n); 50 51 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match, 52 // 1 if they don't. Time taken to perform the comparison is only dependent on 53 // [n] and not on the relationship of the match between [s1] and [s2]. 54 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n); 55 56 } // namespace brillo 57 58 #endif // LIBBRILLO_BRILLO_SECURE_BLOB_H_ 59