1 // Copyright 2024 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/process_bound_string.h" 6 7 #include "base/containers/span.h" 8 #include "build/build_config.h" 9 10 #if BUILDFLAG(IS_WIN) 11 #include <windows.h> 12 13 #include <dpapi.h> 14 15 #include "base/process/memory.h" 16 #else 17 #include "third_party/boringssl/src/include/openssl/mem.h" 18 #endif // BUILDFLAG(IS_WIN) 19 20 namespace crypto::internal { 21 22 #if BUILDFLAG(IS_WIN) 23 static_assert(CRYPTPROTECTMEMORY_BLOCK_SIZE > 0 && 24 (CRYPTPROTECTMEMORY_BLOCK_SIZE & 25 (CRYPTPROTECTMEMORY_BLOCK_SIZE - 1)) == 0, 26 "CRYPTPROTECTMEMORY_BLOCK_SIZE must be a power of two"); 27 #endif // BUILDFLAG(IS_WIN) 28 MaybeRoundUp(size_t size)29size_t MaybeRoundUp(size_t size) { 30 #if BUILDFLAG(IS_WIN) 31 return (size + CRYPTPROTECTMEMORY_BLOCK_SIZE - 1u) & 32 ~(CRYPTPROTECTMEMORY_BLOCK_SIZE - 1u); 33 #else 34 return size; 35 #endif // BUILDFLAG(IS_WIN) 36 } 37 MaybeEncryptBuffer(base::span<uint8_t> buffer)38bool MaybeEncryptBuffer(base::span<uint8_t> buffer) { 39 #if BUILDFLAG(IS_WIN) 40 if (::CryptProtectMemory(buffer.data(), buffer.size(), 41 CRYPTPROTECTMEMORY_SAME_PROCESS)) { 42 return true; 43 } 44 #endif // BUILDFLAG(IS_WIN) 45 return false; 46 } 47 MaybeDecryptBuffer(base::span<uint8_t> buffer)48bool MaybeDecryptBuffer(base::span<uint8_t> buffer) { 49 #if BUILDFLAG(IS_WIN) 50 if (::CryptUnprotectMemory(buffer.data(), buffer.size(), 51 CRYPTPROTECTMEMORY_SAME_PROCESS)) { 52 return true; 53 } 54 if (::GetLastError() == ERROR_WORKING_SET_QUOTA) { 55 base::TerminateBecauseOutOfMemory(0); 56 } 57 #endif // BUILDFLAG(IS_WIN) 58 return false; 59 } 60 SecureZeroBuffer(base::span<uint8_t> buffer)61void SecureZeroBuffer(base::span<uint8_t> buffer) { 62 #if BUILDFLAG(IS_WIN) 63 ::SecureZeroMemory(buffer.data(), buffer.size()); 64 #else 65 OPENSSL_cleanse(buffer.data(), buffer.size()); 66 #endif // BUILDFLAG(IS_WIN) 67 } 68 69 } // namespace crypto::internal 70