You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
86 lines
3.5 KiB
86 lines
3.5 KiB
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
|
|
#define LIBBRILLO_BRILLO_SECURE_BLOB_H_
|
|
|
|
#include <initializer_list>
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <brillo/asan.h>
|
|
#include <brillo/brillo_export.h>
|
|
|
|
namespace brillo {
|
|
|
|
// TODO(sarthakkukreti): remove temp. SecureVector once we break SecureBlob's
|
|
// dependence on std::vector<uint8_t>
|
|
using Blob = std::vector<uint8_t>;
|
|
using SecureVector = std::vector<uint8_t>;
|
|
|
|
// Conversion of Blob to/from std::string, where the string holds raw byte
|
|
// contents.
|
|
BRILLO_EXPORT std::string BlobToString(const Blob& blob);
|
|
BRILLO_EXPORT Blob BlobFromString(const std::string& bytes);
|
|
|
|
// Returns a concatenation of given Blobs.
|
|
BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs);
|
|
|
|
// SecureBlob erases the contents on destruction. It does not guarantee erasure
|
|
// on resize, assign, etc.
|
|
class BRILLO_EXPORT SecureBlob : public Blob {
|
|
public:
|
|
SecureBlob() = default;
|
|
using Blob::vector; // Inherit standard constructors from vector.
|
|
explicit SecureBlob(const Blob& blob);
|
|
explicit SecureBlob(const std::string& data);
|
|
~SecureBlob();
|
|
|
|
void resize(size_type count);
|
|
void resize(size_type count, const value_type& value);
|
|
void clear();
|
|
|
|
std::string to_string() const;
|
|
char* char_data() { return reinterpret_cast<char*>(data()); }
|
|
const char* char_data() const {
|
|
return reinterpret_cast<const char*>(data());
|
|
}
|
|
static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
|
|
static bool HexStringToSecureBlob(const std::string& input,
|
|
SecureBlob* output);
|
|
};
|
|
|
|
// Secure memset(). This function is guaranteed to fill in the whole buffer
|
|
// and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
|
|
// of C Standard [ISO/IEC 9899:2011] which states:
|
|
// In the abstract machine, all expressions are evaluated as specified by the
|
|
// semantics. An actual implementation need not evaluate part of an expression
|
|
// if it can deduce that its value is not used and that no needed side effects
|
|
// are produced (including any caused by calling a function or accessing
|
|
// a volatile object).
|
|
// While memset() can be optimized out in certain situations (since most
|
|
// compilers implement this function as intrinsic and know of its side effects),
|
|
// this function will not be optimized out.
|
|
//
|
|
// SecureMemset is used to write beyond the size() in several functions.
|
|
// Since this is intentional, disable address sanitizer from analying it.
|
|
BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n);
|
|
|
|
// Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
|
|
// 1 if they don't. Time taken to perform the comparison is only dependent on
|
|
// [n] and not on the relationship of the match between [s1] and [s2].
|
|
BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
|
|
|
|
// Conversion of SecureBlob data to/from SecureBlob hex. This is useful
|
|
// for sensitive data like encryption keys, that should, in the ideal case never
|
|
// be exposed as strings in the first place. In case the existing data or hex
|
|
// string is already exposed as a std::string, it is preferable to use the
|
|
// BlobToString variant.
|
|
BRILLO_EXPORT SecureBlob SecureBlobToSecureHex(const SecureBlob& blob);
|
|
BRILLO_EXPORT SecureBlob SecureHexToSecureBlob(const SecureBlob& hex);
|
|
|
|
} // namespace brillo
|
|
|
|
#endif // LIBBRILLO_BRILLO_SECURE_BLOB_H_
|