blob: dec9444aab70f9a684c0fe07edc32e3750bea909 [file] [log] [blame]
// Copyright (c) 2012 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef LIBCHROMEOS_BRILLO_SECURE_BLOB_H_
#define LIBCHROMEOS_BRILLO_SECURE_BLOB_H_
#include <string>
#include <vector>
#include <brillo/brillo_export.h>
namespace brillo {
using Blob = std::vector<uint8_t>;
// SecureBlob erases the contents on destruction. It does not guarantee erasure
// on resize, assign, etc.
class BRILLO_EXPORT SecureBlob : public Blob {
public:
SecureBlob() = default;
using Blob::vector; // Inherit standard constructors from vector.
explicit SecureBlob(const std::string& data);
~SecureBlob();
void resize(size_type count);
void resize(size_type count, const value_type& value);
void clear();
std::string to_string() const;
char* char_data() { return reinterpret_cast<char*>(data()); }
const char* char_data() const {
return reinterpret_cast<const char*>(data());
}
static SecureBlob Combine(const SecureBlob& blob1, const SecureBlob& blob2);
};
// Secure memset(). This function is guaranteed to fill in the whole buffer
// and is not subject to compiler optimization as allowed by Sub-clause 5.1.2.3
// of C Standard [ISO/IEC 9899:2011] which states:
// In the abstract machine, all expressions are evaluated as specified by the
// semantics. An actual implementation need not evaluate part of an expression
// if it can deduce that its value is not used and that no needed side effects
// are produced (including any caused by calling a function or accessing
// a volatile object).
// While memset() can be optimized out in certain situations (since most
// compilers implement this function as intrinsic and know of its side effects),
// this function will not be optimized out.
BRILLO_EXPORT void* SecureMemset(void* v, int c, size_t n);
// Compare [n] bytes starting at [s1] with [s2] and return 0 if they match,
// 1 if they don't. Time taken to perform the comparison is only dependent on
// [n] and not on the relationship of the match between [s1] and [s2].
BRILLO_EXPORT int SecureMemcmp(const void* s1, const void* s2, size_t n);
} // namespace brillo
#endif // LIBCHROMEOS_BRILLO_SECURE_BLOB_H_