/src/botan/build/include/botan/mem_ops.h
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Memory Operations |
3 | | * (C) 1999-2009,2012,2015 Jack Lloyd |
4 | | * |
5 | | * Botan is released under the Simplified BSD License (see license.txt) |
6 | | */ |
7 | | |
8 | | #ifndef BOTAN_MEMORY_OPS_H_ |
9 | | #define BOTAN_MEMORY_OPS_H_ |
10 | | |
11 | | #include <botan/types.h> |
12 | | #include <cstring> |
13 | | #include <type_traits> |
14 | | #include <vector> |
15 | | |
16 | | namespace Botan { |
17 | | |
18 | | /** |
19 | | * Allocate a memory buffer by some method. This should only be used for |
20 | | * primitive types (uint8_t, uint32_t, etc). |
21 | | * |
22 | | * @param elems the number of elements |
23 | | * @param elem_size the size of each element |
24 | | * @return pointer to allocated and zeroed memory, or throw std::bad_alloc on failure |
25 | | */ |
26 | | BOTAN_PUBLIC_API(2,3) BOTAN_MALLOC_FN void* allocate_memory(size_t elems, size_t elem_size); |
27 | | |
28 | | /** |
29 | | * Free a pointer returned by allocate_memory |
30 | | * @param p the pointer returned by allocate_memory |
31 | | * @param elems the number of elements, as passed to allocate_memory |
32 | | * @param elem_size the size of each element, as passed to allocate_memory |
33 | | */ |
34 | | BOTAN_PUBLIC_API(2,3) void deallocate_memory(void* p, size_t elems, size_t elem_size); |
35 | | |
36 | | /** |
37 | | * Ensure the allocator is initialized |
38 | | */ |
39 | | void BOTAN_UNSTABLE_API initialize_allocator(); |
40 | | |
41 | | class Allocator_Initializer |
42 | | { |
43 | | public: |
44 | 9 | Allocator_Initializer() { initialize_allocator(); } |
45 | | }; |
46 | | |
47 | | /** |
48 | | * Scrub memory contents in a way that a compiler should not elide, |
49 | | * using some system specific technique. Note that this function might |
50 | | * not zero the memory (for example, in some hypothetical |
51 | | * implementation it might combine the memory contents with the output |
52 | | * of a system PRNG), but if you can detect any difference in behavior |
53 | | * at runtime then the clearing is side-effecting and you can just |
54 | | * use `clear_mem`. |
55 | | * |
56 | | * Use this function to scrub memory just before deallocating it, or on |
57 | | * a stack buffer before returning from the function. |
58 | | * |
59 | | * @param ptr a pointer to memory to scrub |
60 | | * @param n the number of bytes pointed to by ptr |
61 | | */ |
62 | | BOTAN_PUBLIC_API(2,0) void secure_scrub_memory(void* ptr, size_t n); |
63 | | |
64 | | /** |
65 | | * Memory comparison, input insensitive |
66 | | * @param x a pointer to an array |
67 | | * @param y a pointer to another array |
68 | | * @param len the number of Ts in x and y |
69 | | * @return 0xFF iff x[i] == y[i] forall i in [0...n) or 0x00 otherwise |
70 | | */ |
71 | | BOTAN_PUBLIC_API(2,9) uint8_t ct_compare_u8(const uint8_t x[], |
72 | | const uint8_t y[], |
73 | | size_t len); |
74 | | |
75 | | /** |
76 | | * Memory comparison, input insensitive |
77 | | * @param x a pointer to an array |
78 | | * @param y a pointer to another array |
79 | | * @param len the number of Ts in x and y |
80 | | * @return true iff x[i] == y[i] forall i in [0...n) |
81 | | */ |
82 | | inline bool constant_time_compare(const uint8_t x[], |
83 | | const uint8_t y[], |
84 | | size_t len) |
85 | 912 | { |
86 | 912 | return ct_compare_u8(x, y, len) == 0xFF; |
87 | 912 | } |
88 | | |
89 | | /** |
90 | | * Zero out some bytes. Warning: use secure_scrub_memory instead if the |
91 | | * memory is about to be freed or otherwise the compiler thinks it can |
92 | | * elide the writes. |
93 | | * |
94 | | * @param ptr a pointer to memory to zero |
95 | | * @param bytes the number of bytes to zero in ptr |
96 | | */ |
97 | | inline void clear_bytes(void* ptr, size_t bytes) |
98 | 919M | { |
99 | 919M | if(bytes > 0) |
100 | 813M | { |
101 | 813M | std::memset(ptr, 0, bytes); |
102 | 813M | } |
103 | 919M | } |
104 | | |
105 | | /** |
106 | | * Zero memory before use. This simply calls memset and should not be |
107 | | * used in cases where the compiler cannot see the call as a |
108 | | * side-effecting operation (for example, if calling clear_mem before |
109 | | * deallocating memory, the compiler would be allowed to omit the call |
110 | | * to memset entirely under the as-if rule.) |
111 | | * |
112 | | * @param ptr a pointer to an array of Ts to zero |
113 | | * @param n the number of Ts pointed to by ptr |
114 | | */ |
115 | | template<typename T> inline void clear_mem(T* ptr, size_t n) |
116 | 919M | { |
117 | 919M | clear_bytes(ptr, sizeof(T)*n); |
118 | 919M | } void Botan::clear_mem<unsigned char>(unsigned char*, unsigned long) Line | Count | Source | 116 | 1.06M | { | 117 | 1.06M | clear_bytes(ptr, sizeof(T)*n); | 118 | 1.06M | } |
void Botan::clear_mem<unsigned long>(unsigned long*, unsigned long) Line | Count | Source | 116 | 918M | { | 117 | 918M | clear_bytes(ptr, sizeof(T)*n); | 118 | 918M | } |
void Botan::clear_mem<unsigned int>(unsigned int*, unsigned long) Line | Count | Source | 116 | 44.5k | { | 117 | 44.5k | clear_bytes(ptr, sizeof(T)*n); | 118 | 44.5k | } |
Unexecuted instantiation: void Botan::clear_mem<addrinfo>(addrinfo*, unsigned long) Unexecuted instantiation: void Botan::clear_mem<unsigned short>(unsigned short*, unsigned long) void Botan::clear_mem<int>(int*, unsigned long) Line | Count | Source | 116 | 119k | { | 117 | 119k | clear_bytes(ptr, sizeof(T)*n); | 118 | 119k | } |
|
119 | | |
120 | | // is_trivially_copyable is missing in g++ < 5.0 |
121 | | #if (BOTAN_GCC_VERSION > 0 && BOTAN_GCC_VERSION < 500) |
122 | | #define BOTAN_IS_TRIVIALLY_COPYABLE(T) true |
123 | | #else |
124 | | #define BOTAN_IS_TRIVIALLY_COPYABLE(T) std::is_trivially_copyable<T>::value |
125 | | #endif |
126 | | |
127 | | /** |
128 | | * Copy memory |
129 | | * @param out the destination array |
130 | | * @param in the source array |
131 | | * @param n the number of elements of in/out |
132 | | */ |
133 | | template<typename T> inline void copy_mem(T* out, const T* in, size_t n) |
134 | 283M | { |
135 | 283M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); |
136 | 283M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, |
137 | 283M | "If n > 0 then args are not null"); |
138 | 283M | |
139 | 283M | if(in != nullptr && out != nullptr && n > 0) |
140 | 282M | { |
141 | 282M | std::memmove(out, in, sizeof(T)*n); |
142 | 282M | } |
143 | 283M | } void Botan::copy_mem<unsigned char>(unsigned char*, unsigned char const*, unsigned long) Line | Count | Source | 134 | 29.7M | { | 135 | 29.7M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 136 | 29.7M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 137 | 29.7M | "If n > 0 then args are not null"); | 138 | 29.7M | | 139 | 29.7M | if(in != nullptr && out != nullptr && n > 0) | 140 | 29.2M | { | 141 | 29.2M | std::memmove(out, in, sizeof(T)*n); | 142 | 29.2M | } | 143 | 29.7M | } |
void Botan::copy_mem<unsigned long>(unsigned long*, unsigned long const*, unsigned long) Line | Count | Source | 134 | 253M | { | 135 | 253M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 136 | 253M | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 137 | 253M | "If n > 0 then args are not null"); | 138 | 253M | | 139 | 253M | if(in != nullptr && out != nullptr && n > 0) | 140 | 253M | { | 141 | 253M | std::memmove(out, in, sizeof(T)*n); | 142 | 253M | } | 143 | 253M | } |
Unexecuted instantiation: void Botan::copy_mem<unsigned short>(unsigned short*, unsigned short const*, unsigned long) Unexecuted instantiation: void Botan::copy_mem<unsigned int>(unsigned int*, unsigned int const*, unsigned long) void Botan::copy_mem<int>(int*, int const*, unsigned long) Line | Count | Source | 134 | 9.24k | { | 135 | 9.24k | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 136 | 9.24k | BOTAN_ASSERT_IMPLICATION(n > 0, in != nullptr && out != nullptr, | 137 | 9.24k | "If n > 0 then args are not null"); | 138 | 9.24k | | 139 | 9.24k | if(in != nullptr && out != nullptr && n > 0) | 140 | 9.24k | { | 141 | 9.24k | std::memmove(out, in, sizeof(T)*n); | 142 | 9.24k | } | 143 | 9.24k | } |
|
144 | | |
145 | | template<typename T> inline void typecast_copy(uint8_t out[], T in[], size_t N) |
146 | 4.69M | { |
147 | 4.69M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); |
148 | 4.69M | std::memcpy(out, in, sizeof(T)*N); |
149 | 4.69M | } void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long*, unsigned long) Line | Count | Source | 146 | 2.22M | { | 147 | 2.22M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 148 | 2.22M | std::memcpy(out, in, sizeof(T)*N); | 149 | 2.22M | } |
void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int*, unsigned long) Line | Count | Source | 146 | 2.47M | { | 147 | 2.47M | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 148 | 2.47M | std::memcpy(out, in, sizeof(T)*N); | 149 | 2.47M | } |
void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short*, unsigned long) Line | Count | Source | 146 | 13 | { | 147 | 13 | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(T), ""); | 148 | 13 | std::memcpy(out, in, sizeof(T)*N); | 149 | 13 | } |
|
150 | | |
151 | | template<typename T> inline void typecast_copy(T out[], const uint8_t in[], size_t N) |
152 | 19.5M | { |
153 | 19.5M | static_assert(std::is_trivial<T>::value, ""); |
154 | 19.5M | std::memcpy(out, in, sizeof(T)*N); |
155 | 19.5M | } void Botan::typecast_copy<unsigned long>(unsigned long*, unsigned char const*, unsigned long) Line | Count | Source | 152 | 7.33M | { | 153 | 7.33M | static_assert(std::is_trivial<T>::value, ""); | 154 | 7.33M | std::memcpy(out, in, sizeof(T)*N); | 155 | 7.33M | } |
void Botan::typecast_copy<unsigned short>(unsigned short*, unsigned char const*, unsigned long) Line | Count | Source | 152 | 125k | { | 153 | 125k | static_assert(std::is_trivial<T>::value, ""); | 154 | 125k | std::memcpy(out, in, sizeof(T)*N); | 155 | 125k | } |
void Botan::typecast_copy<unsigned int>(unsigned int*, unsigned char const*, unsigned long) Line | Count | Source | 152 | 12.1M | { | 153 | 12.1M | static_assert(std::is_trivial<T>::value, ""); | 154 | 12.1M | std::memcpy(out, in, sizeof(T)*N); | 155 | 12.1M | } |
|
156 | | |
157 | | template<typename T> inline void typecast_copy(uint8_t out[], T in) |
158 | 4.55M | { |
159 | 4.55M | typecast_copy(out, &in, 1); |
160 | 4.55M | } void Botan::typecast_copy<unsigned int>(unsigned char*, unsigned int) Line | Count | Source | 158 | 2.47M | { | 159 | 2.47M | typecast_copy(out, &in, 1); | 160 | 2.47M | } |
void Botan::typecast_copy<unsigned short>(unsigned char*, unsigned short) Line | Count | Source | 158 | 13 | { | 159 | 13 | typecast_copy(out, &in, 1); | 160 | 13 | } |
void Botan::typecast_copy<unsigned long>(unsigned char*, unsigned long) Line | Count | Source | 158 | 2.08M | { | 159 | 2.08M | typecast_copy(out, &in, 1); | 160 | 2.08M | } |
|
161 | | |
162 | | template<typename T> inline void typecast_copy(T& out, const uint8_t in[]) |
163 | 19.2M | { |
164 | 19.2M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); |
165 | 19.2M | typecast_copy(&out, in, 1); |
166 | 19.2M | } void Botan::typecast_copy<unsigned short>(unsigned short&, unsigned char const*) Line | Count | Source | 163 | 125k | { | 164 | 125k | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 165 | 125k | typecast_copy(&out, in, 1); | 166 | 125k | } |
void Botan::typecast_copy<unsigned int>(unsigned int&, unsigned char const*) Line | Count | Source | 163 | 12.1M | { | 164 | 12.1M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 165 | 12.1M | typecast_copy(&out, in, 1); | 166 | 12.1M | } |
void Botan::typecast_copy<unsigned long>(unsigned long&, unsigned char const*) Line | Count | Source | 163 | 7.04M | { | 164 | 7.04M | static_assert(std::is_trivial<typename std::decay<T>::type>::value, ""); | 165 | 7.04M | typecast_copy(&out, in, 1); | 166 | 7.04M | } |
|
167 | | |
168 | | template <class To, class From> inline To typecast_copy(const From *src) noexcept |
169 | | { |
170 | | static_assert(BOTAN_IS_TRIVIALLY_COPYABLE(From) && std::is_trivial<To>::value, ""); |
171 | | To dst; |
172 | | std::memcpy(&dst, src, sizeof(To)); |
173 | | return dst; |
174 | | } |
175 | | |
176 | | /** |
177 | | * Set memory to a fixed value |
178 | | * @param ptr a pointer to an array of bytes |
179 | | * @param n the number of Ts pointed to by ptr |
180 | | * @param val the value to set each byte to |
181 | | */ |
182 | | inline void set_mem(uint8_t* ptr, size_t n, uint8_t val) |
183 | 80.1k | { |
184 | 80.1k | if(n > 0) |
185 | 80.1k | { |
186 | 80.1k | std::memset(ptr, val, n); |
187 | 80.1k | } |
188 | 80.1k | } |
189 | | |
190 | | inline const uint8_t* cast_char_ptr_to_uint8(const char* s) |
191 | 89.1k | { |
192 | 89.1k | return reinterpret_cast<const uint8_t*>(s); |
193 | 89.1k | } |
194 | | |
195 | | inline const char* cast_uint8_ptr_to_char(const uint8_t* b) |
196 | 178k | { |
197 | 178k | return reinterpret_cast<const char*>(b); |
198 | 178k | } |
199 | | |
200 | | inline uint8_t* cast_char_ptr_to_uint8(char* s) |
201 | 0 | { |
202 | 0 | return reinterpret_cast<uint8_t*>(s); |
203 | 0 | } |
204 | | |
205 | | inline char* cast_uint8_ptr_to_char(uint8_t* b) |
206 | 44.3k | { |
207 | 44.3k | return reinterpret_cast<char*>(b); |
208 | 44.3k | } |
209 | | |
210 | | /** |
211 | | * Memory comparison, input insensitive |
212 | | * @param p1 a pointer to an array |
213 | | * @param p2 a pointer to another array |
214 | | * @param n the number of Ts in p1 and p2 |
215 | | * @return true iff p1[i] == p2[i] forall i in [0...n) |
216 | | */ |
217 | | template<typename T> inline bool same_mem(const T* p1, const T* p2, size_t n) |
218 | 488 | { |
219 | 488 | volatile T difference = 0; |
220 | 488 | |
221 | 21.4k | for(size_t i = 0; i != n; ++i) |
222 | 20.9k | difference |= (p1[i] ^ p2[i]); |
223 | 488 | |
224 | 488 | return difference == 0; |
225 | 488 | } bool Botan::same_mem<unsigned int>(unsigned int const*, unsigned int const*, unsigned long) Line | Count | Source | 218 | 20 | { | 219 | 20 | volatile T difference = 0; | 220 | 20 | | 221 | 80 | for(size_t i = 0; i != n; ++i) | 222 | 60 | difference |= (p1[i] ^ p2[i]); | 223 | 20 | | 224 | 20 | return difference == 0; | 225 | 20 | } |
bool Botan::same_mem<unsigned char>(unsigned char const*, unsigned char const*, unsigned long) Line | Count | Source | 218 | 468 | { | 219 | 468 | volatile T difference = 0; | 220 | 468 | | 221 | 21.3k | for(size_t i = 0; i != n; ++i) | 222 | 20.8k | difference |= (p1[i] ^ p2[i]); | 223 | 468 | | 224 | 468 | return difference == 0; | 225 | 468 | } |
|
226 | | |
227 | | /** |
228 | | * XOR arrays. Postcondition out[i] = in[i] ^ out[i] forall i = 0...length |
229 | | * @param out the input/output buffer |
230 | | * @param in the read-only input buffer |
231 | | * @param length the length of the buffers |
232 | | */ |
233 | | inline void xor_buf(uint8_t out[], |
234 | | const uint8_t in[], |
235 | | size_t length) |
236 | 186k | { |
237 | 186k | const size_t blocks = length - (length % 32); |
238 | 186k | |
239 | 313k | for(size_t i = 0; i != blocks; i += 32) |
240 | 126k | { |
241 | 126k | uint64_t x[4]; |
242 | 126k | uint64_t y[4]; |
243 | 126k | |
244 | 126k | typecast_copy(x, out + i, 4); |
245 | 126k | typecast_copy(y, in + i, 4); |
246 | 126k | |
247 | 126k | x[0] ^= y[0]; |
248 | 126k | x[1] ^= y[1]; |
249 | 126k | x[2] ^= y[2]; |
250 | 126k | x[3] ^= y[3]; |
251 | 126k | |
252 | 126k | typecast_copy(out + i, x, 4); |
253 | 126k | } |
254 | 186k | |
255 | 2.55M | for(size_t i = blocks; i != length; ++i) |
256 | 2.37M | { |
257 | 2.37M | out[i] ^= in[i]; |
258 | 2.37M | } |
259 | 186k | } |
260 | | |
261 | | /** |
262 | | * XOR arrays. Postcondition out[i] = in[i] ^ in2[i] forall i = 0...length |
263 | | * @param out the output buffer |
264 | | * @param in the first input buffer |
265 | | * @param in2 the second output buffer |
266 | | * @param length the length of the three buffers |
267 | | */ |
268 | | inline void xor_buf(uint8_t out[], |
269 | | const uint8_t in[], |
270 | | const uint8_t in2[], |
271 | | size_t length) |
272 | 18.5k | { |
273 | 18.5k | const size_t blocks = length - (length % 32); |
274 | 18.5k | |
275 | 32.7k | for(size_t i = 0; i != blocks; i += 32) |
276 | 14.1k | { |
277 | 14.1k | uint64_t x[4]; |
278 | 14.1k | uint64_t y[4]; |
279 | 14.1k | |
280 | 14.1k | typecast_copy(x, in + i, 4); |
281 | 14.1k | typecast_copy(y, in2 + i, 4); |
282 | 14.1k | |
283 | 14.1k | x[0] ^= y[0]; |
284 | 14.1k | x[1] ^= y[1]; |
285 | 14.1k | x[2] ^= y[2]; |
286 | 14.1k | x[3] ^= y[3]; |
287 | 14.1k | |
288 | 14.1k | typecast_copy(out + i, x, 4); |
289 | 14.1k | } |
290 | 18.5k | |
291 | 215k | for(size_t i = blocks; i != length; ++i) |
292 | 196k | { |
293 | 196k | out[i] = in[i] ^ in2[i]; |
294 | 196k | } |
295 | 18.5k | } |
296 | | |
297 | | template<typename Alloc, typename Alloc2> |
298 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
299 | | const std::vector<uint8_t, Alloc2>& in, |
300 | | size_t n) |
301 | 0 | { |
302 | 0 | xor_buf(out.data(), in.data(), n); |
303 | 0 | } |
304 | | |
305 | | template<typename Alloc> |
306 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
307 | | const uint8_t* in, |
308 | | size_t n) |
309 | 57.9k | { |
310 | 57.9k | xor_buf(out.data(), in, n); |
311 | 57.9k | } void Botan::xor_buf<Botan::secure_allocator<unsigned char> >(std::__1::vector<unsigned char, Botan::secure_allocator<unsigned char> >&, unsigned char const*, unsigned long) Line | Count | Source | 309 | 57.1k | { | 310 | 57.1k | xor_buf(out.data(), in, n); | 311 | 57.1k | } |
void Botan::xor_buf<std::__1::allocator<unsigned char> >(std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >&, unsigned char const*, unsigned long) Line | Count | Source | 309 | 793 | { | 310 | 793 | xor_buf(out.data(), in, n); | 311 | 793 | } |
|
312 | | |
313 | | template<typename Alloc, typename Alloc2> |
314 | | void xor_buf(std::vector<uint8_t, Alloc>& out, |
315 | | const uint8_t* in, |
316 | | const std::vector<uint8_t, Alloc2>& in2, |
317 | | size_t n) |
318 | | { |
319 | | xor_buf(out.data(), in, in2.data(), n); |
320 | | } |
321 | | |
322 | | template<typename Alloc, typename Alloc2> |
323 | | std::vector<uint8_t, Alloc>& |
324 | | operator^=(std::vector<uint8_t, Alloc>& out, |
325 | | const std::vector<uint8_t, Alloc2>& in) |
326 | 2.48k | { |
327 | 2.48k | if(out.size() < in.size()) |
328 | 0 | out.resize(in.size()); |
329 | 2.48k | |
330 | 2.48k | xor_buf(out.data(), in.data(), in.size()); |
331 | 2.48k | return out; |
332 | 2.48k | } |
333 | | |
334 | | } |
335 | | |
336 | | #endif |