/src/botan/build/include/botan/mem_ops.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Memory Operations |
3 | | * (C) 1999-2009,2012,2015 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_MEMORY_OPS_H_ |
9 | | #define BOTAN_MEMORY_OPS_H_ |
10 | | |
11 | | #include <botan/types.h> |
12 | | #include <cstring> |
13 | | #include <type_traits> |
14 | | #include <vector> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | /** |
19 | | * Allocate a memory buffer by some method. This should only be used for |
20 | | * primitive types (uint8_t, uint32_t, etc). |
21 | | * |
22 | | * @param elems the number of elements |
23 | | * @param elem_size the size of each element |
24 | | * @return pointer to allocated and zeroed memory, or throw std::bad_alloc on failure |
25 | | */ |
26 | | BOTAN_PUBLIC_API(2,3) BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size); |
27 | | |
28 | | /** |
29 | | * Free a pointer returned by allocate_memory |
30 | | * @param p the pointer returned by allocate_memory |
31 | | * @param elems the number of elements, as passed to allocate_memory |
32 | | * @param elem_size the size of each element, as passed to allocate_memory |
33 | | */ |
34 | | BOTAN_PUBLIC_API(2,3) void deallocate_memory(void* p, size_t elems, size_t elem_size); |
35 | | |
36 | | /** |
37 | | * Ensure the allocator is initialized |
38 | | */ |
39 | | void initialize_allocator(); |
40 | | |
41 | | class Allocator_Initializer |
42 | | { |
43 | | public: |
44 | 9 | Allocator_Initializer() { initialize_allocator(); } |
45 | | }; |
46 | | |
47 | | /** |
48 | | * Scrub memory contents in a way that a compiler should not elide, |
49 | | * using some system specific technique. Note that this function might |
50 | | * not zero the memory (for example, in some hypothetical |
51 | | * implementation it might combine the memory contents with the output |
52 | | * of a system PRNG), but if you can detect any difference in behavior |
53 | | * at runtime then the clearing is side-effecting and you can just |
54 | | * use `clear_mem`. |
55 | | * |
56 | | * Use this function to scrub memory just before deallocating it, or on |
57 | | * a stack buffer before returning from the function. |
58 | | * |
59 | | * @param ptr a pointer to memory to scrub |
60 | | * @param n the number of bytes pointed to by ptr |
61 | | */ |
62 | | BOTAN_PUBLIC_API(2,0) void secure_scrub_memory(void* ptr, size_t n); |
63 | | |
64 | | /** |
65 | | * Memory comparison, input insensitive |
66 | | * @param x a pointer to an array |
67 | | * @param y a pointer to another array |
68 | | * @param len the number of Ts in x and y |
69 | | * @return 0xFF iff x[i] == y[i] forall i in [0...n) or 0x00 otherwise |
70 | | */ |
71 | | BOTAN_PUBLIC_API(2,9) uint8_t ct_compare_u8(const uint8_t x[], |
72 | | const uint8_t y[], |
73 | | size_t len); |
74 | | |
75 | | /** |
76 | | * Memory comparison, input insensitive |
77 | | * @param x a pointer to an array |
78 | | * @param y a pointer to another array |
79 | | * @param len the number of Ts in x and y |
80 | | * @return true iff x[i] == y[i] forall i in [0...n) |
81 | | */ |
82 | | inline bool constant_time_compare(const uint8_t x[], |
83 | | const uint8_t y[], |
84 | | size_t len) |
85 | 1.01k | { |
86 | 1.01k | return ct_compare_u8(x, y, len) == 0xFF; |
87 | 1.01k | } |
88 | | |
89 | | /** |
90 | | * Zero out some bytes |
91 | | * @param ptr a pointer to memory to zero |
92 | | * @param bytes the number of bytes to zero in ptr |
93 | | */ |
94 | | inline void clear_bytes(void* ptr, size_t bytes) |
95 | 905M | { |
96 | 905M | if(bytes > 0) |
97 | 786M | { |
98 | 786M | std::memset(ptr, 0, bytes); |
99 | 786M | } |
100 | 905M | } |
101 | | |
102 | | /** |
103 | | * Zero memory before use. This simply calls memset and should not be |
104 | | * used in cases where the compiler cannot see the call as a |
105 | | * side-effecting operation (for example, if calling clear_mem before |
106 | | * deallocating memory, the compiler would be allowed to omit the call |
107 | | * to memset entirely under the as-if rule.) |
108 | | * |
109 | | * @param ptr a pointer to an array of Ts to zero |
110 | | * @param n the number of Ts pointed to by ptr |
111 | | */ |
112 | | template<typename T> inline void clear_mem(T* ptr, size_t n) |
113 | 905M | { |
114 | 905M | clear_bytes(ptr, sizeof(T)*n); |
115 | 905M | } void Botan::clear_mem<unsigned char>(unsigned char*, unsigned long) Line | Count | Source | 113 | 1.12M | { | 114 | 1.12M | clear_bytes(ptr, sizeof(T)*n); | 115 | 1.12M | } |
void Botan::clear_mem<unsigned long>(unsigned long*, unsigned long) Line | Count | Source | 113 | 903M | { | 114 | 903M | clear_bytes(ptr, sizeof(T)*n); | 115 | 903M | } |
void Botan::clear_mem<unsigned int>(unsigned int*, unsigned long) Line | Count | Source | 113 | 51.2k | { | 114 | 51.2k | clear_bytes(ptr, sizeof(T)*n); | 115 | 51.2k | } |
Unexecuted instantiation: void Botan::clear_mem<unsigned short>(unsigned short*, unsigned long) Unexecuted instantiation: void Botan::clear_mem<addrinfo>(addrinfo*, unsigned long) void Botan::clear_mem<int>(int*, unsigned long) Line | Count | Source | 113 | 151k | { | 114 | 151k | clear_bytes(ptr, sizeof(T)*n); | 115 | 151k | } |
|
116 | | |
117 | | |
118 | | |
119 | | // is_trivially_copyable is missing in g++ < 5.0 |
120 | | #if !__clang__ && __GNUG__ && __GNUC__ < 5 |
121 | | #define BOTAN_IS_TRIVIALLY_COPYABLE(T) true |
122 | | #else |
123 | | #define BOTAN_IS_TRIVIALLY_COPYABLE(T) std::is_trivially_copyable<T>::value |
124 | | #endif |
125 | | |
126 | | /** |
127 | | * Copy memory |
128 | | * @param out the destination array |
129 | | * @param in the source array |
130 | | * @param n the number of elements of in/out |
131 | | */ |
132 | | template<typename T> inline void copy_mem(T* out, const T* in, size_t n) |
133 | 282M | { |
134 | 282M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); |
135 | 282M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, |
136 | 282M | "If n > 0 then args are not null"); |
137 | 282M | |
138 | 282M | if(in != nullptr && out != nullptr && n > 0) |
139 | 281M | { |
140 | 281M | std::memmove(out, in, sizeof(T)*n); |
141 | 281M | } |
142 | 282M | } void Botan::copy_mem<unsigned long>(unsigned long*, unsigned long const*, unsigned long) Line | Count | Source | 133 | 249M | { | 134 | 249M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 135 | 249M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 136 | 249M | "If n > 0 then args are not null"); | 137 | 249M | | 138 | 249M | if(in != nullptr && out != nullptr && n > 0) | 139 | 248M | { | 140 | 248M | std::memmove(out, in, sizeof(T)*n); | 141 | 248M | } | 142 | 249M | } |
void Botan::copy_mem<unsigned char>(unsigned char*, unsigned char const*, unsigned long) Line | Count | Source | 133 | 32.6M | { | 134 | 32.6M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 135 | 32.6M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 136 | 32.6M | "If n > 0 then args are not null"); | 137 | 32.6M | | 138 | 32.6M | if(in != nullptr && out != nullptr && n > 0) | 139 | 32.2M | { | 140 | 32.2M | std::memmove(out, in, sizeof(T)*n); | 141 | 32.2M | } | 142 | 32.6M | } |
Unexecuted instantiation: void Botan::copy_mem<unsigned int>(unsigned int*, unsigned int const*, unsigned long) Unexecuted instantiation: void Botan::copy_mem<unsigned short>(unsigned short*, unsigned short const*, unsigned long) void Botan::copy_mem<int>(int*, int const*, unsigned long) Line | Count | Source | 133 | 9.24k | { | 134 | 9.24k | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 135 | 9.24k | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 136 | 9.24k | "If n > 0 then args are not null"); | 137 | 9.24k | | 138 | 9.24k | if(in != nullptr && out != nullptr && n > 0) | 139 | 9.24k | { | 140 | 9.24k | std::memmove(out, in, sizeof(T)*n); | 141 | 9.24k | } | 142 | 9.24k | } |
|
143 | | |
144 | | template<typename T> inline void typecast_copy(uint8_t out[], T in[], size_t N) |
145 | 4.98M | { |
146 | 4.98M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); |
147 | 4.98M | std::memcpy(out, in, sizeof(T)*N); |
148 | 4.98M | } void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long*, unsigned long) Line | Count | Source | 145 | 2.35M | { | 146 | 2.35M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 147 | 2.35M | std::memcpy(out, in, sizeof(T)*N); | 148 | 2.35M | } |
void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short*, unsigned long) Line | Count | Source | 145 | 13 | { | 146 | 13 | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 147 | 13 | std::memcpy(out, in, sizeof(T)*N); | 148 | 13 | } |
void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int*, unsigned long) Line | Count | Source | 145 | 2.63M | { | 146 | 2.63M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 147 | 2.63M | std::memcpy(out, in, sizeof(T)*N); | 148 | 2.63M | } |
|
149 | | |
150 | | template<typename T> inline void typecast_copy(T out[], const uint8_t in[], size_t N) |
151 | 20.9M | { |
152 | 20.9M | static_assert(std::is_trivial<T>::value, ""); |
153 | 20.9M | std::memcpy(out, in, sizeof(T)*N); |
154 | 20.9M | } void Botan::typecast_copy<unsigned long>(unsigned long*, unsigned char const*, unsigned long) Line | Count | Source | 151 | 7.84M | { | 152 | 7.84M | static_assert(std::is_trivial<T>::value, ""); | 153 | 7.84M | std::memcpy(out, in, sizeof(T)*N); | 154 | 7.84M | } |
void Botan::typecast_copy<unsigned short>(unsigned short*, unsigned char const*, unsigned long) Line | Count | Source | 151 | 109k | { | 152 | 109k | static_assert(std::is_trivial<T>::value, ""); | 153 | 109k | std::memcpy(out, in, sizeof(T)*N); | 154 | 109k | } |
void Botan::typecast_copy<unsigned int>(unsigned int*, unsigned char const*, unsigned long) Line | Count | Source | 151 | 12.9M | { | 152 | 12.9M | static_assert(std::is_trivial<T>::value, ""); | 153 | 12.9M | std::memcpy(out, in, sizeof(T)*N); | 154 | 12.9M | } |
|
155 | | |
156 | | template<typename T> inline void typecast_copy(uint8_t out[], T in) |
157 | 4.83M | { |
158 | 4.83M | typecast_copy(out, &in, 1); |
159 | 4.83M | } void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long) Line | Count | Source | 157 | 2.20M | { | 158 | 2.20M | typecast_copy(out, &in, 1); | 159 | 2.20M | } |
void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short) Line | Count | Source | 157 | 13 | { | 158 | 13 | typecast_copy(out, &in, 1); | 159 | 13 | } |
void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int) Line | Count | Source | 157 | 2.63M | { | 158 | 2.63M | typecast_copy(out, &in, 1); | 159 | 2.63M | } |
|
160 | | |
161 | | template<typename T> inline void typecast_copy(T& out, const uint8_t in[]) |
162 | 20.6M | { |
163 | 20.6M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); |
164 | 20.6M | typecast_copy(&out, in, 1); |
165 | 20.6M | } void Botan::typecast_copy<unsigned long>(unsigned long&, unsigned char const*) Line | Count | Source | 162 | 7.54M | { | 163 | 7.54M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 164 | 7.54M | typecast_copy(&out, in, 1); | 165 | 7.54M | } |
void Botan::typecast_copy<unsigned short>(unsigned short&, unsigned char const*) Line | Count | Source | 162 | 109k | { | 163 | 109k | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 164 | 109k | typecast_copy(&out, in, 1); | 165 | 109k | } |
void Botan::typecast_copy<unsigned int>(unsigned int&, unsigned char const*) Line | Count | Source | 162 | 12.9M | { | 163 | 12.9M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 164 | 12.9M | typecast_copy(&out, in, 1); | 165 | 12.9M | } |
|
166 | | |
167 | | template <class To, class From> inline To typecast_copy(const From *src) noexcept |
168 | | { |
169 | | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(From) && std::is_trivial<To>::value, ""); |
170 | | To dst; |
171 | | std::memcpy(&dst, src, sizeof(To)); |
172 | | return dst; |
173 | | } |
174 | | |
175 | | /** |
176 | | * Set memory to a fixed value |
177 | | * @param ptr a pointer to an array of bytes |
178 | | * @param n the number of Ts pointed to by ptr |
179 | | * @param val the value to set each byte to |
180 | | */ |
181 | | inline void set_mem(uint8_t* ptr, size_t n, uint8_t val) |
182 | 85.0k | { |
183 | 85.0k | if(n > 0) |
184 | 85.0k | { |
185 | 85.0k | std::memset(ptr, val, n); |
186 | 85.0k | } |
187 | 85.0k | } |
188 | | |
189 | | inline const uint8_t* cast_char_ptr_to_uint8(const char* s) |
190 | 92.1k | { |
191 | 92.1k | return reinterpret_cast<const uint8_t*>(s); |
192 | 92.1k | } |
193 | | |
194 | | inline const char* cast_uint8_ptr_to_char(const uint8_t* b) |
195 | 196k | { |
196 | 196k | return reinterpret_cast<const char*>(b); |
197 | 196k | } |
198 | | |
199 | | inline uint8_t* cast_char_ptr_to_uint8(char* s) |
200 | 0 | { |
201 | 0 | return reinterpret_cast<uint8_t*>(s); |
202 | 0 | } |
203 | | |
204 | | inline char* cast_uint8_ptr_to_char(uint8_t* b) |
205 | 46.2k | { |
206 | 46.2k | return reinterpret_cast<char*>(b); |
207 | 46.2k | } |
208 | | |
209 | | /** |
210 | | * Memory comparison, input insensitive |
211 | | * @param p1 a pointer to an array |
212 | | * @param p2 a pointer to another array |
213 | | * @param n the number of Ts in p1 and p2 |
214 | | * @return true iff p1[i] == p2[i] forall i in [0...n) |
215 | | */ |
216 | | template<typename T> inline bool same_mem(const T* p1, const T* p2, size_t n) |
217 | 665 | { |
218 | 665 | volatile T difference = 0; |
219 | 665 | |
220 | 30.1k | for(size_t i = 0; i != n; ++i) |
221 | 29.5k | difference |= (p1[i] ^ p2[i]); |
222 | 665 | |
223 | 665 | return difference == 0; |
224 | 665 | } bool Botan::same_mem<unsigned int>(unsigned int const*, unsigned int const*, unsigned long) Line | Count | Source | 217 | 20 | { | 218 | 20 | volatile T difference = 0; | 219 | 20 | | 220 | 80 | for(size_t i = 0; i != n; ++i) | 221 | 60 | difference |= (p1[i] ^ p2[i]); | 222 | 20 | | 223 | 20 | return difference == 0; | 224 | 20 | } |
bool Botan::same_mem<unsigned char>(unsigned char const*, unsigned char const*, unsigned long) Line | Count | Source | 217 | 645 | { | 218 | 645 | volatile T difference = 0; | 219 | 645 | | 220 | 30.1k | for(size_t i = 0; i != n; ++i) | 221 | 29.4k | difference |= (p1[i] ^ p2[i]); | 222 | 645 | | 223 | 645 | return difference == 0; | 224 | 645 | } |
|
225 | | |
226 | | /** |
227 | | * XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length |
228 | | * @param out the input/output buffer |
229 | | * @param in the read-only input buffer |
230 | | * @param length the length of the buffers |
231 | | */ |
232 | | inline void xor_buf(uint8_t out[], |
233 | | const uint8_t in[], |
234 | | size_t length) |
235 | 196k | { |
236 | 196k | const size_t blocks = length - (length % 32); |
237 | 196k | |
238 | 328k | for(size_t i = 0; i != blocks; i += 32) |
239 | 132k | { |
240 | 132k | uint64_t x[4]; |
241 | 132k | uint64_t y[4]; |
242 | 132k | |
243 | 132k | typecast_copy(x, out + i, 4); |
244 | 132k | typecast_copy(y, in + i, 4); |
245 | 132k | |
246 | 132k | x[0] ^= y[0]; |
247 | 132k | x[1] ^= y[1]; |
248 | 132k | x[2] ^= y[2]; |
249 | 132k | x[3] ^= y[3]; |
250 | 132k | |
251 | 132k | typecast_copy(out + i, x, 4); |
252 | 132k | } |
253 | 196k | |
254 | 2.70M | for(size_t i = blocks; i != length; ++i) |
255 | 2.50M | { |
256 | 2.50M | out[i] ^= in[i]; |
257 | 2.50M | } |
258 | 196k | } |
259 | | |
260 | | /** |
261 | | * XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length |
262 | | * @param out the output buffer |
263 | | * @param in the first input buffer |
264 | | * @param in2 the second output buffer |
265 | | * @param length the length of the three buffers |
266 | | */ |
267 | | inline void xor_buf(uint8_t out[], |
268 | | const uint8_t in[], |
269 | | const uint8_t in2[], |
270 | | size_t length) |
271 | 18.6k | { |
272 | 18.6k | const size_t blocks = length - (length % 32); |
273 | 18.6k | |
274 | 34.0k | for(size_t i = 0; i != blocks; i += 32) |
275 | 15.4k | { |
276 | 15.4k | uint64_t x[4]; |
277 | 15.4k | uint64_t y[4]; |
278 | 15.4k | |
279 | 15.4k | typecast_copy(x, in + i, 4); |
280 | 15.4k | typecast_copy(y, in2 + i, 4); |
281 | 15.4k | |
282 | 15.4k | x[0] ^= y[0]; |
283 | 15.4k | x[1] ^= y[1]; |
284 | 15.4k | x[2] ^= y[2]; |
285 | 15.4k | x[3] ^= y[3]; |
286 | 15.4k | |
287 | 15.4k | typecast_copy(out + i, x, 4); |
288 | 15.4k | } |
289 | 18.6k | |
290 | 209k | for(size_t i = blocks; i != length; ++i) |
291 | 191k | { |
292 | 191k | out[i] = in[i] ^ in2[i]; |
293 | 191k | } |
294 | 18.6k | } |
295 | | |
296 | | template<typename Alloc, typename Alloc2> |
297 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
298 | | const std::vector<uint8_t, Alloc2>& in, |
299 | | size_t n) |
300 | 0 | { |
301 | 0 | xor_buf(out.data(), in.data(), n); |
302 | 0 | } |
303 | | |
304 | | template<typename Alloc> |
305 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
306 | | const uint8_t* in, |
307 | | size_t n) |
308 | 62.0k | { |
309 | 62.0k | xor_buf(out.data(), in, n); |
310 | 62.0k | } void Botan::xor_buf<Botan::secure_allocator<unsigned char> >(std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >&, unsigned char const*, unsigned long) Line | Count | Source | 308 | 61.1k | { | 309 | 61.1k | xor_buf(out.data(), in, n); | 310 | 61.1k | } |
void Botan::xor_buf<std::__1::allocator<unsigned char> >(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >&, unsigned char const*, unsigned long) Line | Count | Source | 308 | 822 | { | 309 | 822 | xor_buf(out.data(), in, n); | 310 | 822 | } |
|
311 | | |
312 | | template<typename Alloc, typename Alloc2> |
313 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
314 | | const uint8_t* in, |
315 | | const std::vector<uint8_t, Alloc2>& in2, |
316 | | size_t n) |
317 | | { |
318 | | xor_buf(out.data(), in, in2.data(), n); |
319 | | } |
320 | | |
321 | | template<typename Alloc, typename Alloc2> |
322 | | std::vector<uint8_t, Alloc>& |
323 | | operator^=(std::vector<uint8_t, Alloc>& out, |
324 | | const std::vector<uint8_t, Alloc2>& in) |
325 | 2.57k | { |
326 | 2.57k | if(out.size() < in.size()) |
327 | 0 | out.resize(in.size()); |
328 | 2.57k | |
329 | 2.57k | xor_buf(out.data(), in.data(), in.size()); |
330 | 2.57k | return out; |
331 | 2.57k | } |
332 | | |
333 | | } |
334 | | |
335 | | #endif |