xref: /aosp_15_r20/external/libbrillo/brillo/secure_blob.h (revision 1a96fba65179ea7d3f56207137718607415c5953)

// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef LIBBRILLO_BRILLO_SECURE_BLOB_H_
#define LIBBRILLO_BRILLO_SECURE_BLOB_H_

#include <initializer_list>
#include <string>
#include <vector>

#include <brillo/asan.h>
#include <brillo/brillo_export.h>

namespace brillo {

// TODO(sarthakkukreti): remove temp. SecureVector once we break SecureBlob's
// dependence on std::vector<uint8_t>
using Blob = std::vector<uint8_t>;
using SecureVector = std::vector<uint8_t>;

// Conversion of Blob to/from std::string, where the string holds raw byte
// contents.
BRILLO_EXPORT std::string BlobToString(const Blob& blob);
BRILLO_EXPORT Blob BlobFromString(const std::string& bytes);

// Returns a concatenation of given Blobs.
BRILLO_EXPORT Blob CombineBlobs(const std::initializer_list<Blob>& blobs);

// SecureBlob erases the contents on destruction.  It does not guarantee erasure
// on resize, assign, etc.
class BRILLO_EXPORT SecureBlob : public Blob {
 public:
  SecureBlob() = default;
  using Blob::vector;  // Inherit standard constructors from vector.
  explicit SecureBlob(const Blob& blob);
  explicit SecureBlob(const std::string& data);
  ~SecureBlob();

  void resize(size_type count);
  void resize(size_type count, const value_type& value);
  void clear();

  std::string to_string() const;
  char* char_data() { return reinterpret_cast<char*>(data()); }
  const char* char_data() const {
    return reinterpret_cast<const char*>(data());
  }
  static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
  static bool HexStringToSecureBlob(const std::string& input,
                                    SecureBlob* output);
};

// Secure memset(). This function is guaranteed to fill in the whole buffer
// and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
// of C Standard [ISO/IEC 9899:2011] which states:
// In the abstract machine, all expressions are evaluated as specified by the
// semantics. An actual implementation need not evaluate part of an expression
// if it can deduce that its value is not used and that no needed side effects
// are produced (including any caused by calling a function or accessing
// a volatile object).
// While memset() can be optimized out in certain situations (since most
// compilers implement this function as intrinsic and know of its side effects),
// this function will not be optimized out.
//
// SecureMemset is used to write beyond the size() in several functions.
// Since this is intentional, disable address sanitizer from analying it.
BRILLO_EXPORT BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n);

// Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
// 1 if they don't. Time taken to perform the comparison is only dependent on
// [n] and not on the relationship of the match between [s1] and [s2].
BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);

// Conversion of SecureBlob data to/from SecureBlob hex. This is useful
// for sensitive data like encryption keys, that should, in the ideal case never
// be exposed as strings in the first place. In case the existing data or hex
// string is already exposed as a std::string, it is preferable to use the
// BlobToString variant.
BRILLO_EXPORT SecureBlob SecureBlobToSecureHex(const SecureBlob& blob);
BRILLO_EXPORT SecureBlob SecureHexToSecureBlob(const SecureBlob& hex);

}  // namespace brillo

#endif  // LIBBRILLO_BRILLO_SECURE_BLOB_H_