jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
222 Commits
2 Branches
1.6 MiB
 
 
 
 
 
Tree: ba9f201901
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ba9f201901'
${ noResults }
ed448goldilocks/include/secure_buffer.hxx

303 lines
8.8 KiB
Raw Blame History 

  1. /**

  2.  * @file secure_buffer.hxx

  3.  * @author Mike Hamburg

  4.  *

  5.  * @copyright

  6.  *   Copyright (c) 2015 Cryptography Research, Inc.  \n

  7.  *   Released under the MIT License.  See LICENSE.txt for license information.

  8.  *

  9.  * @brief C++ self-zeroizing buffer.

  10.  */

  11. #ifndef __DECAF_SECURE_BUFFER_HXX__

  12. #define __DECAF_SECURE_BUFFER_HXX__ 1

  13. 

  14. #include <string>

  15. #include <sys/types.h>

  16. 

  17. /** @cond internal */

  18. #if __cplusplus >= 201103L

  19. #define NOEXCEPT noexcept

  20. #define DELETE = delete

  21. #else

  22. #define NOEXCEPT throw()

  23. #define DELETE

  24. #endif

  25. /** @endcond */

  26. 

  27. namespace decaf {

  28. 

  29. /**@cond internal*/

  30. /** Forward-declare sponge RNG object */

  31. class Buffer;

  32. class TmpBuffer;

  33. class SecureBuffer;

  34. /**@endcond*/

  35.     

  36. /** @brief An exception for when crypto (ie point decode) has failed. */

  37. class CryptoException : public std::exception {

  38. public:

  39.     /** @return "CryptoException" */

  40.     virtual const char * what() const NOEXCEPT { return "CryptoException"; }

  41. };

  42. 

  43. /** @brief An exception for when crypto (ie point decode) has failed. */

  44. class LengthException : public std::exception {

  45. public:

  46.     /** @return "CryptoException" */

  47.     virtual const char * what() const NOEXCEPT { return "LengthException"; }

  48. };

  49. 

  50. /** @brief Passed to constructors to avoid (conservative) initialization */

  51. struct NOINIT {};

  52. 

  53. /** @brief Prototype of a random number generator.

  54.  * FUTURE: Are the noexcept methods really noexcept?  What about self-reseeding RNGs?

  55.  */

  56. class Rng {

  57. protected:

  58.     /** Empty initializer */

  59.     Rng() {}

  60.     

  61.     /** Not copyable */

  62.     Rng(const Rng &) DELETE;

  63.     

  64.     /** Not copyable */

  65.     Rng &operator=(const Rng &) DELETE;

  66.     

  67. public:

  68.     /** @brief Read into a Buffer */

  69.     virtual inline void read(Buffer &buffer) NOEXCEPT = 0;

  70.     

  71.     /** @brief Read into a value-passed (eg temporary) TmpBuffer. */

  72.     inline void read(TmpBuffer buffer) NOEXCEPT;

  73. 

  74.     /** @brief Read into a SecureBuffer. */

  75.     inline SecureBuffer read(size_t length) throw(std::bad_alloc);

  76. };

  77. 

  78. /**

  79.  * Securely zeorize contents of memory.

  80.  */

  81. static inline void really_bzero(void *data, size_t size) { decaf_bzero(data,size); }

  82. 

  83. /** A reference to a block of data, which (when accessed through this base class) is const. */

  84. class Block {

  85. protected:

  86.     unsigned char *data_;

  87.     size_t size_;

  88. 

  89. public:

  90.     /** Empty init */

  91.     inline Block() NOEXCEPT : data_(NULL), size_(0) {}

  92.     

  93.     /** Init from C string */

  94.     inline Block(const char *data) NOEXCEPT : data_((unsigned char *)data), size_(strlen(data)) {}

  95. 

  96.     /** Unowned init */

  97.     inline Block(const unsigned char *data, size_t size) NOEXCEPT : data_((unsigned char *)data), size_(size) {}

  98.     

  99.     /** Block from std::string */

  100.     inline Block(const std::string &s) : data_(

  101.     #if __cplusplus >= 201103L

  102.         ((unsigned char *)&(s)[0])

  103.     #else

  104.         ((unsigned char *)(s.data()))

  105.     #endif

  106.     ), size_(s.size()) {}

  107. 

  108.     /** Get const data */

  109.     inline const unsigned char *data() const NOEXCEPT { return data_; }

  110. 

  111.     /** Get the size */

  112.     inline size_t size() const NOEXCEPT { return size_; }

  113. 

  114.     /** Autocast to const unsigned char * */

  115.     inline operator const unsigned char*() const NOEXCEPT { return data_; }

  116. 

  117.     /** Convert to C++ string */

  118.     inline std::string get_string() const {

  119.         return std::string((const char *)data_,size_);

  120.     }

  121. 

  122.     /** Slice the buffer*/

  123.     inline Block slice(size_t off, size_t length) const throw(LengthException) {

  124.         if (off > size() || length > size() - off)

  125.             throw LengthException();

  126.         return Block(data()+off, length);

  127.     }

  128.     

  129.     /** @cond internal */

  130.     inline decaf_bool_t operator>=(const Block &b) const NOEXCEPT DELETE;

  131.     inline decaf_bool_t operator<=(const Block &b) const NOEXCEPT DELETE;

  132.     inline decaf_bool_t operator> (const Block &b) const NOEXCEPT DELETE;

  133.     inline decaf_bool_t operator< (const Block &b) const NOEXCEPT DELETE;

  134.     /** @endcond */

  135.     

  136.     /* Content-wise comparison; constant-time if they are the same length. */ 

  137.     inline decaf_bool_t operator!=(const Block &b) const NOEXCEPT {

  138.         if (b.size() != size()) return true;

  139.         return ~decaf_memeq(b,*this,size());

  140.     }

  141.     

  142.     /* Content-wise comparison; constant-time if they are the same length. */ 

  143.     inline decaf_bool_t operator==(const Block &b) const NOEXCEPT {

  144.         return ~(*this == b);

  145.     }

  146. 

  147.     /** Virtual destructor for SecureBlock. TODO: probably means vtable?  Make bool? */

  148.     inline virtual ~Block() {};

  149. };

  150. 

  151. /** A reference to a writable block of data */

  152. class Buffer : public Block {

  153. public:

  154.     /** Null init */

  155.     inline Buffer() NOEXCEPT : Block() {}

  156. 

  157.     /** Unowned init */

  158.     inline Buffer(unsigned char *data, size_t size) NOEXCEPT : Block(data,size) {}

  159. 

  160.     /** Get unconst data */

  161.     inline unsigned char *data() NOEXCEPT { return data_; }

  162. 

  163.     /** Get const data */

  164.     inline const unsigned char *data() const NOEXCEPT { return data_; }

  165. 

  166.     /** Autocast to const unsigned char * */

  167.     inline operator const unsigned char*() const NOEXCEPT { return data_; }

  168. 

  169.     /** Autocast to unsigned char */

  170.     inline operator unsigned char*() NOEXCEPT { return data_; }

  171. 

  172.     /** Slice the buffer*/

  173.     inline TmpBuffer slice(size_t off, size_t length) throw(LengthException);

  174.     

  175.     /** Securely set the buffer to 0. */

  176.     inline void zeorize() NOEXCEPT { really_bzero(data(),size()); }

  177. };

  178. 

  179. /** A temporary reference to a writeable buffer, for converting C to C++. */

  180. class TmpBuffer : public Buffer {

  181. public:

  182.     /** Unowned init */

  183.     inline TmpBuffer(unsigned char *data, size_t size) NOEXCEPT : Buffer(data,size) {}

  184. };

  185. 

  186. /** A fixed-size stack-allocated buffer (for NOEXCEPT semantics) */

  187. template<size_t Size> class StackBuffer : public Buffer {

  188. private:

  189.     uint8_t storage[Size];

  190. public:

  191.     /** New buffer initialized to zero. */

  192.     inline StackBuffer() NOEXCEPT : Buffer(storage, Size) { memset(storage,0,Size); }

  193. 

  194.     /** New uninitialized buffer. */

  195.     inline StackBuffer(const NOINIT &) NOEXCEPT : Buffer(storage, Size) { }

  196.     

  197.     /** New random buffer */

  198.     inline StackBuffer(Rng &r) NOEXCEPT  : Buffer(storage, Size) { r.read(*this); }

  199.     

  200.     /** Destroy the buffer */

  201.     ~StackBuffer() NOEXCEPT { zeorize(); }

  202. };

  203. 

  204. /** @cond internal */

  205. inline void Rng::read(TmpBuffer buffer) NOEXCEPT { read((Buffer &)buffer); }

  206. /** @endcond */

  207. 

  208. /** A self-erasing block of data */

  209. class SecureBuffer : public Buffer {

  210. public:

  211.     /** Null secure block */

  212.     inline SecureBuffer() NOEXCEPT : Buffer() {}

  213. 

  214.     /** Construct empty from size */

  215.     inline SecureBuffer(size_t size) {

  216.         data_ = new unsigned char[size_ = size];

  217.         memset(data_,0,size);

  218.     }

  219. 

  220.     /** Construct from data */

  221.     inline SecureBuffer(const unsigned char *data, size_t size) {

  222.         data_ = new unsigned char[size_ = size];

  223.         memcpy(data_, data, size);

  224.     }

  225.     

  226.     /** Construct from random */

  227.     inline SecureBuffer(Rng &r, size_t size) NOEXCEPT {

  228.         data_ = new unsigned char[size_ = size];

  229.         r.read(*this);

  230.     }

  231. 

  232.     /** Copy constructor */

  233.     inline SecureBuffer(const Block &copy) : Buffer() { *this = copy; }

  234. 

  235.     /** Copy-assign constructor */

  236.     inline SecureBuffer& operator=(const Block &copy) throw(std::bad_alloc) {

  237.         if (&copy == this) return *this;

  238.         clear();

  239.         data_ = new unsigned char[size_ = copy.size()];

  240.         memcpy(data_,copy.data(),size_);

  241.         return *this;

  242.     }

  243. 

  244.     /** Copy-assign constructor */

  245.     inline SecureBuffer& operator=(const SecureBuffer &copy) throw(std::bad_alloc) {

  246.         if (&copy == this) return *this;

  247.         clear();

  248.         data_ = new unsigned char[size_ = copy.size()];

  249.         memcpy(data_,copy.data(),size_);

  250.         return *this;

  251.     }

  252. 

  253.     /** Destructor zeorizes data */

  254.     ~SecureBuffer() NOEXCEPT { clear(); }

  255. 

  256.     /** Clear data */

  257.     inline void clear() NOEXCEPT {

  258.         if (data_ == NULL) return;

  259.         zeorize();

  260.         delete[] data_;

  261.         data_ = NULL;

  262.         size_ = 0;

  263.     }

  264. 

  265. #if __cplusplus >= 201103L

  266.     /** Move constructor */

  267.     inline SecureBuffer(SecureBuffer &&move) { *this = move; }

  268. 

  269.     /** Move non-constructor */

  270.     inline SecureBuffer(Block &&move) { *this = (Block &)move; }

  271. 

  272.     /** Move-assign constructor. TODO: check that this actually gets used.*/ 

  273.     inline SecureBuffer& operator=(SecureBuffer &&move) {

  274.         clear();

  275.         data_ = move.data_; move.data_ = NULL;

  276.         size_ = move.size_; move.size_ = 0;

  277.         return *this;

  278.     }

  279. 

  280.     /** C++11-only explicit cast */

  281.     inline explicit operator std::string() const { return get_string(); }

  282. #endif

  283. };

  284. 

  285. /** @cond internal */

  286. TmpBuffer Buffer::slice(size_t off, size_t length) throw(LengthException) {

  287.     if (off > size() || length > size() - off) throw LengthException();

  288.     return TmpBuffer(data()+off, length);

  289. }

  290. 

  291. inline SecureBuffer Rng::read(size_t length) throw(std::bad_alloc) {

  292.     SecureBuffer out(length); read(out); return out;

  293. }

  294. /** @endcond */

  295. 

  296. } /* namespace decaf */

  297. 

  298. 

  299. #undef NOEXCEPT

  300. #undef DELETE

  301. 

  302. #endif /* __DECAF_SECURE_BUFFER_HXX__ */