/*

* Memory Operations

* (C) 1999-2009,2012,2015 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/

#ifndef BOTAN_MEMORY_OPS_H_

#define BOTAN_MEMORY_OPS_H_

#include <botan/types.h>

#include <cstring>

#include <span>

#include <type_traits>

#include <vector>

namespace Botan {

/**

* Allocate a memory buffer by some method. This should only be used for

* primitive types (uint8_t, uint32_t, etc).

*

* @param elems the number of elements

* @param elem_size the size of each element

* @return pointer to allocated and zeroed memory, or throw std::bad_alloc on failure

*/

BOTAN_PUBLIC_API(2, 3) BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size);

/**

* Free a pointer returned by allocate_memory

* @param p the pointer returned by allocate_memory

* @param elems the number of elements, as passed to allocate_memory

* @param elem_size the size of each element, as passed to allocate_memory

*/

BOTAN_PUBLIC_API(2, 3) void deallocate_memory(void* p, size_t elems, size_t elem_size);

/**

* Ensure the allocator is initialized

*/

void BOTAN_UNSTABLE_API initialize_allocator();

class Allocator_Initializer final {

   public:

      Allocator_Initializer() { initialize_allocator(); }

};

/**

* Scrub memory contents in a way that a compiler should not elide,

* using some system specific technique. Note that this function might

* not zero the memory (for example, in some hypothetical

* implementation it might combine the memory contents with the output

* of a system PRNG), but if you can detect any difference in behavior

* at runtime then the clearing is side-effecting and you can just

* use `clear_mem`.

*

* Use this function to scrub memory just before deallocating it, or on

* a stack buffer before returning from the function.

*

* @param ptr a pointer to memory to scrub

* @param n the number of bytes pointed to by ptr

*/

BOTAN_PUBLIC_API(2, 0) void secure_scrub_memory(void* ptr, size_t n);

/**

* Memory comparison, input insensitive

* @param x a pointer to an array

* @param y a pointer to another array

* @param len the number of Ts in x and y

* @return 0xFF iff x[i] == y[i] forall i in [0...n) or 0x00 otherwise

*/

BOTAN_PUBLIC_API(2, 9) uint8_t ct_compare_u8(const uint8_t x[], const uint8_t y[], size_t len);

/**

* Memory comparison, input insensitive

* @param x a pointer to an array

* @param y a pointer to another array

* @param len the number of Ts in x and y

* @return true iff x[i] == y[i] forall i in [0...n)

*/

inline bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len) {

   return ct_compare_u8(x, y, len) == 0xFF;

}

/**

* Zero out some bytes. Warning: use secure_scrub_memory instead if the

* memory is about to be freed or otherwise the compiler thinks it can

* elide the writes.

*

* @param ptr a pointer to memory to zero

* @param bytes the number of bytes to zero in ptr

*/

inline constexpr void clear_bytes(void* ptr, size_t bytes) {

   if(bytes > 0) {

      std::memset(ptr, 0, bytes);

   }

}

/**

* Zero memory before use. This simply calls memset and should not be

* used in cases where the compiler cannot see the call as a

* side-effecting operation (for example, if calling clear_mem before

* deallocating memory, the compiler would be allowed to omit the call

* to memset entirely under the as-if rule.)

*

* @param ptr a pointer to an array of Ts to zero

* @param n the number of Ts pointed to by ptr

*/

template <typename T>

inline constexpr void clear_mem(T* ptr, size_t n) {

   clear_bytes(ptr, sizeof(T) * n);

}

void Botan::clear_mem<unsigned char>(unsigned char*, unsigned long)

Line

Count

Source

109

25

inline constexpr void clear_mem(T* ptr, size_t n) {

110

25

   clear_bytes(ptr, sizeof(T) * n);

111

25

}

void Botan::clear_mem<unsigned long>(unsigned long*, unsigned long)

Line

Count

Source

109

146M

inline constexpr void clear_mem(T* ptr, size_t n) {

110

146M

   clear_bytes(ptr, sizeof(T) * n);

111

146M

}

void Botan::clear_mem<unsigned int>(unsigned int*, unsigned long)

Line

Count

Source

109

1

inline constexpr void clear_mem(T* ptr, size_t n) {

110

1

   clear_bytes(ptr, sizeof(T) * n);

111

1

}

Unexecuted instantiation: void Botan::clear_mem<unsigned short>(unsigned short*, unsigned long)

/**

* Copy memory

* @param out the destination array

* @param in the source array

* @param n the number of elements of in/out

*/

template <typename T>

inline constexpr void copy_mem(T* out, const T* in, size_t n)

   requires std::is_trivial<typename std::decay<T>::type>::value

{

   BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null");

   if(in != nullptr && out != nullptr && n > 0) {

      std::memmove(out, in, sizeof(T) * n);

   }

}

void Botan::copy_mem<unsigned long>(unsigned long*, unsigned long const*, unsigned long)

Line

Count

Source

122

1.43M

{

123

1.43M

   BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null");

124

125

1.43M

   if(in != nullptr && out != nullptr && n > 0) {

126

1.42M

      std::memmove(out, in, sizeof(T) * n);

127

1.42M

   }

128

1.43M

}

void Botan::copy_mem<unsigned char>(unsigned char*, unsigned char const*, unsigned long)

Line

Count

Source

122

101k

{

123

101k

   BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, "If n > 0 then args are not null");

124

125

101k

   if(in != nullptr && out != nullptr && n > 0) {

126

99.6k

      std::memmove(out, in, sizeof(T) * n);

127

99.6k

   }

128

101k

}

Unexecuted instantiation: void Botan::copy_mem<unsigned int>(unsigned int*, unsigned int const*, unsigned long)

template <typename T>

inline constexpr void typecast_copy(uint8_t out[], T in[], size_t N)

   requires std::is_trivially_copyable<T>::value

{

   std::memcpy(out, in, sizeof(T) * N);

}

void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long*, unsigned long)

Line

Count

Source

133

4

{

134

4

   std::memcpy(out, in, sizeof(T) * N);

135

4

}

Unexecuted instantiation: void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short*, unsigned long)

void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int*, unsigned long)

Line

Count

Source

133

32

{

134

32

   std::memcpy(out, in, sizeof(T) * N);

135

32

}

template <typename T>

inline constexpr void typecast_copy(T out[], const uint8_t in[], size_t N)

   requires std::is_trivial<T>::value

{

   std::memcpy(out, in, sizeof(T) * N);

}

void Botan::typecast_copy<unsigned long>(unsigned long*, unsigned char const*, unsigned long)

Line

Count

Source

140

531k

{

141

531k

   std::memcpy(out, in, sizeof(T) * N);

142

531k

}

Unexecuted instantiation: void Botan::typecast_copy<unsigned short>(unsigned short*, unsigned char const*, unsigned long)

void Botan::typecast_copy<unsigned int>(unsigned int*, unsigned char const*, unsigned long)

Line

Count

Source

140

162

{

141

162

   std::memcpy(out, in, sizeof(T) * N);

142

162

}

template <typename T>

inline constexpr void typecast_copy(uint8_t out[], T in) {

   typecast_copy(out, &in, 1);

}

void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long)

Line

Count

Source

145

4

inline constexpr void typecast_copy(uint8_t out[], T in) {

146

4

   typecast_copy(out, &in, 1);

147

4

}

Unexecuted instantiation: void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short)

void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int)

Line

Count

Source

145

32

inline constexpr void typecast_copy(uint8_t out[], T in) {

146

32

   typecast_copy(out, &in, 1);

147

32

}

template <typename T>

inline constexpr void typecast_copy(T& out, const uint8_t in[])

   requires std::is_trivial<typename std::decay<T>::type>::value

{

   typecast_copy(&out, in, 1);

}

void Botan::typecast_copy<unsigned long>(unsigned long&, unsigned char const*)

Line

Count

Source

152

531k

{

153

531k

   typecast_copy(&out, in, 1);

154

531k

}

Unexecuted instantiation: void Botan::typecast_copy<unsigned short>(unsigned short&, unsigned char const*)

void Botan::typecast_copy<unsigned int>(unsigned int&, unsigned char const*)

Line

Count

Source

152

160

{

153

160

   typecast_copy(&out, in, 1);

154

160

}

template <class To, class FromT>

inline constexpr To typecast_copy(const FromT* src) noexcept

   requires std::is_trivially_copyable<FromT>::value && std::is_trivial<To>::value

{

   To dst;

   std::memcpy(&dst, src, sizeof(To));

   return dst;

}

/**

* Set memory to a fixed value

* @param ptr a pointer to an array of bytes

* @param n the number of Ts pointed to by ptr

* @param val the value to set each byte to

*/

inline constexpr void set_mem(uint8_t* ptr, size_t n, uint8_t val) {

   if(n > 0) {

      std::memset(ptr, val, n);

   }

}

inline const uint8_t* cast_char_ptr_to_uint8(const char* s) { return reinterpret_cast<const uint8_t*>(s); }

inline const char* cast_uint8_ptr_to_char(const uint8_t* b) { return reinterpret_cast<const char*>(b); }

inline uint8_t* cast_char_ptr_to_uint8(char* s) { return reinterpret_cast<uint8_t*>(s); }

inline char* cast_uint8_ptr_to_char(uint8_t* b) { return reinterpret_cast<char*>(b); }

/**

* Memory comparison, input insensitive

* @param p1 a pointer to an array

* @param p2 a pointer to another array

* @param n the number of Ts in p1 and p2

* @return true iff p1[i] == p2[i] forall i in [0...n)

*/

template <typename T>

inline bool same_mem(const T* p1, const T* p2, size_t n) {

   volatile T difference = 0;

   for(size_t i = 0; i != n; ++i)

      difference = difference | (p1[i] ^ p2[i]);

   return difference == 0;

}

template <typename T, typename Alloc>

size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, const T input[], size_t input_length) {

   BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());

   const size_t to_copy = std::min(input_length, buf.size() - buf_offset);

   if(to_copy > 0) {

      copy_mem(&buf[buf_offset], input, to_copy);

   }

   return to_copy;

}

unsigned long Botan::buffer_insert<unsigned char, Botan::secure_allocator<unsigned char> >(std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >&, unsigned long, unsigned char const*, unsigned long)

Line

Count

Source

203

9

size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, const T input[], size_t input_length) {

204

9

   BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());

205

9

   const size_t to_copy = std::min(input_length, buf.size() - buf_offset);

206

9

   if(to_copy > 0) {

207

3

      copy_mem(&buf[buf_offset], input, to_copy);

208

3

   }

209

9

   return to_copy;

210

9

}

Unexecuted instantiation: unsigned long Botan::buffer_insert<unsigned char, std::__1::allocator<unsigned char> >(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >&, unsigned long, unsigned char const*, unsigned long)

template <typename T, typename Alloc, typename Alloc2>

size_t buffer_insert(std::vector<T, Alloc>& buf, size_t buf_offset, const std::vector<T, Alloc2>& input) {

   BOTAN_ASSERT_NOMSG(buf_offset <= buf.size());

   const size_t to_copy = std::min(input.size(), buf.size() - buf_offset);

   if(to_copy > 0) {

      copy_mem(&buf[buf_offset], input.data(), to_copy);

   }

   return to_copy;

}

/**

* XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length

* @param out the input/output buffer

* @param in the read-only input buffer

* @param length the length of the buffers

*/

inline void xor_buf(uint8_t out[], const uint8_t in[], size_t length) {

   const size_t blocks = length - (length % 32);

   for(size_t i = 0; i != blocks; i += 32) {

      uint64_t x[4];

      uint64_t y[4];

      typecast_copy(x, out + i, 4);

      typecast_copy(y, in + i, 4);

      x[0] ^= y[0];

      x[1] ^= y[1];

      x[2] ^= y[2];

      x[3] ^= y[3];

      typecast_copy(out + i, x, 4);

   }

   for(size_t i = blocks; i != length; ++i) {

      out[i] ^= in[i];

   }

}

/**

* XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length

* @param out the output buffer

* @param in the first input buffer

* @param in2 the second output buffer

* @param length the length of the three buffers

*/

inline void xor_buf(uint8_t out[], const uint8_t in[], const uint8_t in2[], size_t length) {

   const size_t blocks = length - (length % 32);

   for(size_t i = 0; i != blocks; i += 32) {

      uint64_t x[4];

      uint64_t y[4];

      typecast_copy(x, in + i, 4);

      typecast_copy(y, in2 + i, 4);

      x[0] ^= y[0];

      x[1] ^= y[1];

      x[2] ^= y[2];

      x[3] ^= y[3];

      typecast_copy(out + i, x, 4);

   }

   for(size_t i = blocks; i != length; ++i) {

      out[i] = in[i] ^ in2[i];

   }

}

inline void xor_buf(std::span<uint8_t> out, std::span<const uint8_t> in, size_t n) {

   xor_buf(out.data(), in.data(), n);

}

template <typename Alloc>

void xor_buf(std::vector<uint8_t, Alloc>& out, const uint8_t* in, size_t n) {

   xor_buf(out.data(), in, n);

}

template <typename Alloc, typename Alloc2>

void xor_buf(std::vector<uint8_t, Alloc>& out, const uint8_t* in, const std::vector<uint8_t, Alloc2>& in2, size_t n) {

   xor_buf(out.data(), in, in2.data(), n);

}

template <typename Alloc, typename Alloc2>

std::vector<uint8_t, Alloc>& operator^=(std::vector<uint8_t, Alloc>& out, const std::vector<uint8_t, Alloc2>& in) {

   if(out.size() < in.size())

      out.resize(in.size());

   xor_buf(out.data(), in.data(), in.size());

   return out;

}

}  // namespace Botan

#endif