1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_ 6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_ 7 8 #include <initializer_list> 9 #include <string> 10 #include <vector> 11 12 #include <brillo/asan.h> 13 #include <brillo/brillo_export.h> 14 15 namespace brillo { 16 17 // TODO(sarthakkukreti): remove temp. SecureVector once we break SecureBlob's 18 // dependence on std::vector<uint8_t> 19 using Blob = std::vector<uint8_t>; 20 using SecureVector = std::vector<uint8_t>; 21 22 // Conversion of Blob to/from std::string, where the string holds raw byte 23 // contents. 24 BRILLO_EXPORT std::string BlobToString(const Blob& blob); 25 BRILLO_EXPORT Blob BlobFromString(const std::string& bytes); 26 27 // Returns a concatenation of given Blobs. 28 BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs); 29 30 // SecureBlob erases the contents on destruction. It does not guarantee erasure 31 // on resize, assign, etc. 32 class BRILLO_EXPORT SecureBlob : public Blob { 33 public: 34 SecureBlob() = default; 35 using Blob::vector; // Inherit standard constructors from vector. 36 explicit SecureBlob(const Blob& blob); 37 explicit SecureBlob(const std::string& data); 38 ~SecureBlob(); 39 40 void resize(size_type count); 41 void resize(size_type count, const value_type& value); 42 void clear(); 43 44 std::string to_string() const; char_data()45 char* char_data() { return reinterpret_cast<char*>(data()); } char_data()46 const char* char_data() const { 47 return reinterpret_cast<const char*>(data()); 48 } 49 static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2); 50 static bool HexStringToSecureBlob(const std::string& input, 51 SecureBlob* output); 52 }; 53 54 // Secure memset(). This function is guaranteed to fill in the whole buffer 55 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3 56 // of C Standard [ISO/IEC 9899:2011] which states: 57 // In the abstract machine, all expressions are evaluated as specified by the 58 // semantics. An actual implementation need not evaluate part of an expression 59 // if it can deduce that its value is not used and that no needed side effects 60 // are produced (including any caused by calling a function or accessing 61 // a volatile object). 62 // While memset() can be optimized out in certain situations (since most 63 // compilers implement this function as intrinsic and know of its side effects), 64 // this function will not be optimized out. 65 // 66 // SecureMemset is used to write beyond the size() in several functions. 67 // Since this is intentional, disable address sanitizer from analying it. 68 BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n); 69 70 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match, 71 // 1 if they don't. Time taken to perform the comparison is only dependent on 72 // [n] and not on the relationship of the match between [s1] and [s2]. 73 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n); 74 75 // Conversion of SecureBlob data to/from SecureBlob hex. This is useful 76 // for sensitive data like encryption keys, that should, in the ideal case never 77 // be exposed as strings in the first place. In case the existing data or hex 78 // string is already exposed as a std::string, it is preferable to use the 79 // BlobToString variant. 80 BRILLO_EXPORT SecureBlob SecureBlobToSecureHex(const SecureBlob& blob); 81 BRILLO_EXPORT SecureBlob SecureHexToSecureBlob(const SecureBlob& hex); 82 83 } // namespace brillo 84 85 #endif // LIBBRILLO_BRILLO_SECURE_BLOB_H_ 86