doxygen/secmem_8h_source.html

/*

* Secure Memory Buffers

* (C) 1999-2007,2012 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#ifndef BOTAN_SECURE_MEMORY_BUFFERS_H_

#define BOTAN_SECURE_MEMORY_BUFFERS_H_


#include <botan/allocator.h>

#include <botan/types.h>  // IWYU pragma: export

#include <span>

#include <type_traits>

#include <vector>  // IWYU pragma: export


#if !defined(BOTAN_IS_BEING_BUILT) && !defined(BOTAN_DISABLE_DEPRECATED_FEATURES)

   // TODO(Botan4) remove this

   #include <deque>

#endif


namespace Botan {


template <typename T>

#if !defined(_ITERATOR_DEBUG_LEVEL) || _ITERATOR_DEBUG_LEVEL == 0

/*

  * Check exists to prevent someone from doing something that will

  * probably crash anyway (like secure_vector<non_POD_t> where ~non_POD_t

  * deletes a member pointer which was zeroed before it ran).

  * MSVC in debug mode uses non-integral proxy types in container types

  * like std::vector, thus we disable the check there.

 */

   requires std::is_integral_v<T> || std::is_enum_v<T>

#endif


class secure_allocator {


   public:

      typedef T value_type;

      typedef std::size_t size_type;


      secure_allocator() noexcept = default;

      secure_allocator(const secure_allocator&) noexcept = default;

      secure_allocator& operator=(const secure_allocator&) noexcept = default;

      secure_allocator(secure_allocator&&) noexcept = default;

      secure_allocator& operator=(secure_allocator&&) noexcept = default;


      ~secure_allocator() noexcept = default;


      template <typename U>

      explicit secure_allocator(const secure_allocator<U>& /*other*/) noexcept {}


      T* allocate(std::size_t n) { return static_cast<T*>(allocate_memory(n, sizeof(T))); }


      void deallocate(T* p, std::size_t n) { deallocate_memory(p, n, sizeof(T)); }

};


template <typename T, typename U>


inline bool operator==(const secure_allocator<T>& /*a*/, const secure_allocator<U>& /*b*/) {

   return true;

}


template <typename T, typename U>


inline bool operator!=(const secure_allocator<T>& /*a*/, const secure_allocator<U>& /*b*/) {

   return false;

}


template <typename T>

using secure_vector = std::vector<T, secure_allocator<T>>;


#if !defined(BOTAN_IS_BEING_BUILT) && !defined(BOTAN_DISABLE_DEPRECATED_FEATURES)

template <typename T>

using secure_deque = std::deque<T, secure_allocator<T>>;

#endif


// For better compatibility with 1.10 API

template <typename T>

using SecureVector = secure_vector<T>;


template <typename T>


secure_vector<T> lock(const std::vector<T>& in) {

   return secure_vector<T>(in.begin(), in.end());

}


template <typename T>


std::vector<T> unlock(const secure_vector<T>& in) {

   return std::vector<T>(in.begin(), in.end());

}


// TODO(Botan4) remove these += operators entirely


template <typename T, typename Alloc, typename Alloc2>


std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, const std::vector<T, Alloc2>& in) {

   out.insert(out.end(), in.begin(), in.end());

   return out;

}


template <typename T, typename Alloc>


std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, std::span<const T> in) {

   out.insert(out.end(), in.begin(), in.end());

   return out;

}


template <typename T, typename Alloc>


std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, T in) {

   out.push_back(in);

   return out;

}


template <typename T, typename Alloc, typename L>


std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, const std::pair<const T*, L>& in) {

   out.insert(out.end(), in.first, in.first + in.second);

   return out;

}


template <typename T, typename Alloc, typename L>


std::vector<T, Alloc>& operator+=(std::vector<T, Alloc>& out, const std::pair<T*, L>& in) {

   out.insert(out.end(), in.first, in.first + in.second);

   return out;

}


/**

* Zeroise the values; length remains unchanged

*

* Note this is not intended for cases where the compiler might elide

* the writes as being without side-effects; use secure_scrub_memory

* for that.

*

* TODO(Botan4): make these not-inlined and only for secure_vector, eg declare

*  void zeroize(secure_vector<uint8_t>& v);

*  void zeroize(secure_vector<uint16_t>& v);

*  void zeroize(secure_vector<uint32_t>& v);

*  void zeroize(secure_vector<uint64_t>& v);

*

* @param vec the vector to zeroise

*/

template <typename T, typename Alloc>


void zeroise(std::vector<T, Alloc>& vec) {

   for(size_t i = 0; i != vec.size(); ++i) {

      vec[i] = static_cast<T>(0);

   }

}


/**

* Zeroise the values then free the memory

*

* TODO(Botan4): make these not-inlined and only for secure_vector, eg declare

*  void zap(secure_vector<uint8_t>& v);

*  void zap(secure_vector<uint16_t>& v);

*  void zap(secure_vector<uint32_t>& v);

*  void zap(secure_vector<uint64_t>& v);

*

* [And maybe rename as well]

*

* @param vec the vector to zeroise and free

*/

template <typename T, typename Alloc>


void zap(std::vector<T, Alloc>& vec) {

   zeroise(vec);

   vec.clear();

   vec.shrink_to_fit();

}


}  // namespace Botan


#endif

Botan::secure_allocator
Definition secmem.h:35

Botan::secure_allocator::allocate
T * allocate(std::size_t n)
Definition secmem.h:52

Botan::secure_allocator::deallocate
void deallocate(T *p, std::size_t n)
Definition secmem.h:54

Botan::secure_allocator::value_type
T value_type
Definition secmem.h:38

Botan::secure_allocator::secure_allocator
secure_allocator() noexcept=default

Botan::secure_allocator::size_type
std::size_t size_type
Definition secmem.h:39

Botan
Definition alg_id.cpp:13

Botan::zeroise
void zeroise(std::vector< T, Alloc > &vec)
Definition secmem.h:137

Botan::zap
void zap(std::vector< T, Alloc > &vec)
Definition secmem.h:157

Botan::deallocate_memory
void deallocate_memory(void *p, size_t elems, size_t elem_size)
Definition allocator.cpp:50

Botan::lock
secure_vector< T > lock(const std::vector< T > &in)
Definition secmem.h:80

Botan::operator!=
bool operator!=(const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
Definition alg_id.cpp:68

Botan::unlock
std::vector< T > unlock(const secure_vector< T > &in)
Definition secmem.h:85

Botan::operator==
bool operator==(const AlgorithmIdentifier &a1, const AlgorithmIdentifier &a2)
Definition alg_id.cpp:53

Botan::secure_deque
std::deque< T, secure_allocator< T > > secure_deque
Definition secmem.h:72

Botan::operator+=
std::vector< T, Alloc > & operator+=(std::vector< T, Alloc > &out, const std::vector< T, Alloc2 > &in)
Definition secmem.h:92

Botan::allocate_memory
BOTAN_MALLOC_FN void * allocate_memory(size_t elems, size_t elem_size)
Definition allocator.cpp:21

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:68

Botan::SecureVector
secure_vector< T > SecureVector
Definition secmem.h:77