Home | History | Annotate | Download | only in brillo 
      1 // Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
      6 #define LIBBRILLO_BRILLO_SECURE_BLOB_H_
      7 
      8 #include <string>
      9 #include <vector>
     10 
     11 #include <brillo/brillo_export.h>
     12 
     13 namespace brillo {
     14 
     15 using Blob = std::vector<uint8_t>;
     16 
     17 // SecureBlob erases the contents on destruction.  It does not guarantee erasure
     18 // on resize, assign, etc.
     19 class BRILLO_EXPORT SecureBlob : public Blob {
     20  public:
     21   SecureBlob() = default;
     22   using Blob::vector;  // Inherit standard constructors from vector.
     23   explicit SecureBlob(const std::string& data);
     24   ~SecureBlob();
     25 
     26   void resize(size_type count);
     27   void resize(size_type count, const value_type& value);
     28   void clear();
     29 
     30   std::string to_string() const;
     31   char* char_data() { return reinterpret_cast<char*>(data()); }
     32   const char* char_data() const {
     33     return reinterpret_cast<const char*>(data());
     34   }
     35   static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
     36 };
     37 
     38 // Secure memset(). This function is guaranteed to fill in the whole buffer
     39 // and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
     40 // of C Standard [ISO/IEC 9899:2011] which states:
     41 // In the abstract machine, all expressions are evaluated as specified by the
     42 // semantics. An actual implementation need not evaluate part of an expression
     43 // if it can deduce that its value is not used and that no needed side effects
     44 // are produced (including any caused by calling a function or accessing
     45 // a volatile object).
     46 // While memset() can be optimized out in certain situations (since most
     47 // compilers implement this function as intrinsic and know of its side effects),
     48 // this function will not be optimized out.
     49 BRILLO_EXPORT void* SecureMemset(void* v, int c, size_t n);
     50 
     51 // Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
     52 // 1 if they don't. Time taken to perform the comparison is only dependent on
     53 // [n] and not on the relationship of the match between [s1] and [s2].
     54 BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
     55 
     56 }  // namespace brillo
     57 
     58 #endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_
     59