Botan: src/alloc/secmem.h Source File

00001 /*
00002 * Secure Memory Buffers
00003 * (C) 1999-2007 Jack Lloyd
00004 *
00005 * Distributed under the terms of the Botan license
00006 */
00007 
00008 #ifndef BOTAN_SECURE_MEMORY_BUFFERS_H__
00009 #define BOTAN_SECURE_MEMORY_BUFFERS_H__
00010 
00011 #include <botan/allocate.h>
00012 #include <botan/mem_ops.h>
00013 #include <algorithm>
00014 
00015 namespace Botan {
00016 
00017 /**
00018 * This class represents variable length memory buffers.
00019 */
00020 template<typename T>
00021 class MemoryRegion
00022    {
00023    public:
00024       /**
00025       * Find out the size of the buffer, i.e. how many objects of type T it
00026       * contains.
00027       * @return size of the buffer
00028       */
00029       u32bit size() const { return used; }
00030 
00031       /**
00032       * Find out whether this buffer is empty.
00033       * @return true if the buffer is empty, false otherwise
00034       */
00035       bool empty() const { return (used == 0); }
00036 
00037       /**
00038       * Get a pointer to the first element in the buffer.
00039       * @return pointer to the first element in the buffer
00040       */
00041       operator T* () { return buf; }
00042 
00043       /**
00044       * Get a constant pointer to the first element in the buffer.
00045       * @return constant pointer to the first element in the buffer
00046       */
00047       operator const T* () const { return buf; }
00048 
00049       /**
00050       * Get a pointer to the first element in the buffer.
00051       * @return pointer to the first element in the buffer
00052       */
00053       T* begin() { return buf; }
00054 
00055       /**
00056       * Get a constant pointer to the first element in the buffer.
00057       * @return constant pointer to the first element in the buffer
00058       */
00059       const T* begin() const { return buf; }
00060 
00061       /**
00062       * Get a pointer to the last element in the buffer.
00063       * @return pointer to the last element in the buffer
00064       */
00065       T* end() { return (buf + size()); }
00066 
00067       /**
00068       * Get a constant pointer to the last element in the buffer.
00069       * @return constant pointer to the last element in the buffer
00070       */
00071       const T* end() const { return (buf + size()); }
00072 
00073       /**
00074       * Check two buffers for equality.
00075       * @return true iff the content of both buffers is byte-wise equal
00076       */
00077       bool operator==(const MemoryRegion<T>& other) const
00078          {
00079          return (size() == other.size() &&
00080                  same_mem(buf, other.buf, size()));
00081          }
00082 
00083       /**
00084       * Compare two buffers lexicographically.
00085       * @return true if this buffer is lexicographically smaller than other.
00086       */
00087       bool operator<(const MemoryRegion<T>& other) const;
00088 
00089       /**
00090       * Check two buffers for inequality.
00091       * @return false if the content of both buffers is byte-wise equal, true
00092       * otherwise.
00093       */
00094       bool operator!=(const MemoryRegion<T>& other) const
00095          { return (!(*this == other)); }
00096 
00097       /**
00098       * Copy the contents of another buffer into this buffer.
00099       * The former contents of *this are discarded.
00100       * @param other the buffer to copy the contents from.
00101       * @return reference to *this
00102       */
00103       MemoryRegion<T>& operator=(const MemoryRegion<T>& other)
00104          { if(this != &other) set(other); return (*this); }
00105 
00106       /**
00107       * Copy the contents of an array of objects of type T into this buffer.
00108       * The former contents of *this are discarded.
00109       * The length of *this must be at least n, otherwise memory errors occur.
00110       * @param in the array to copy the contents from
00111       * @param n the length of in
00112       */
00113       void copy(const T in[], u32bit n)
00114          { copy(0, in, n); }
00115 
00116       /**
00117       * Copy the contents of an array of objects of type T into this buffer.
00118       * The former contents of *this are discarded.
00119       * The length of *this must be at least n, otherwise memory errors occur.
00120       * @param off the offset position inside this buffer to start inserting
00121       * the copied bytes
00122       * @param in the array to copy the contents from
00123       * @param n the length of in
00124       */
00125       void copy(u32bit off, const T in[], u32bit n)
00126          { copy_mem(buf + off, in, (n > size() - off) ? (size() - off) : n); }
00127 
00128       /**
00129       * Set the contents of this according to the argument. The size of
00130       * *this is increased if necessary.
00131       * @param in the array of objects of type T to copy the contents from
00132       * @param n the size of array in
00133       */
00134       void set(const T in[], u32bit n)    { resize(n); copy(in, n); }
00135 
00136       /**
00137       * Set the contents of this according to the argument. The size of
00138       * *this is increased if necessary.
00139       * @param in the buffer to copy the contents from
00140       */
00141       void set(const MemoryRegion<T>& in) { set(in.begin(), in.size()); }
00142 
00143       /**
00144       * Append data to the end of this buffer.
00145       * @param data the array containing the data to append
00146       * @param n the size of the array data
00147       */
00148       void append(const T data[], u32bit n)
00149          { grow_to(size()+n); copy(size() - n, data, n); }
00150 
00151       /**
00152       * Append a single element.
00153       * @param x the element to append
00154       */
00155       void append(T x) { append(&x, 1); }
00156 
00157       /**
00158       * Append data to the end of this buffer.
00159       * @param other the buffer containing the data to append
00160       */
00161       void append(const MemoryRegion<T>& other)
00162          { append(other.begin(), other.size()); }
00163 
00164       /**
00165       * Zeroise the bytes of this buffer. The length remains unchanged.
00166       */
00167       void clear() { clear_mem(buf, allocated); }
00168 
00169       /**
00170       * Reset this buffer to an empty buffer with size zero.
00171       */
00172       void destroy() { resize(0); }
00173 
00174       /**
00175       * Reset this buffer to a buffer of specified length. The content will be
00176       * initialized to zero bytes.
00177       * @param n the new length of the buffer
00178       */
00179       void resize(u32bit n);
00180 
00181       /**
00182       * Change the size to n elements. If n is >= size(), preexisting
00183       * elements remain unchanged, with later elements
00184       * zero-initialized.  If n < size(), then the last (size() - N)
00185       * elements are removed.
00186       * @param n the new size
00187       */
00188       void grow_to(u32bit n);
00189 
00190       /**
00191       * Swap this buffer with another object.
00192       */
00193       void swap(MemoryRegion<T>& other);
00194 
00195       ~MemoryRegion() { deallocate(buf, allocated); }
00196    protected:
00197       MemoryRegion() { buf = 0; alloc = 0; used = allocated = 0; }
00198 
00199       /**
00200       * Copy constructor
00201       * @param other the other region to copy
00202       */
00203       MemoryRegion(const MemoryRegion<T>& other)
00204          {
00205          buf = 0;
00206          used = allocated = 0;
00207          alloc = other.alloc;
00208          set(other.buf, other.used);
00209          }
00210 
00211       /**
00212       * @param locking should we use a locking allocator
00213       * @param length the initial length to use
00214       */
00215       void init(bool locking, u32bit length = 0)
00216          { alloc = Allocator::get(locking); resize(length); }
00217    private:
00218       T* allocate(u32bit n)
00219          {
00220          return static_cast<T*>(alloc->allocate(sizeof(T)*n));
00221          }
00222 
00223       void deallocate(T* p, u32bit n)
00224          { if(alloc && p && n) alloc->deallocate(p, sizeof(T)*n); }
00225 
00226       T* buf;
00227       u32bit used;
00228       u32bit allocated;
00229       Allocator* alloc;
00230    };
00231 
00232 /*
00233 * Create a new buffer
00234 */
00235 template<typename T>
00236 void MemoryRegion<T>::resize(u32bit n)
00237    {
00238    if(n <= allocated) { clear(); used = n; return; }
00239    deallocate(buf, allocated);
00240    buf = allocate(n);
00241    allocated = used = n;
00242    }
00243 
00244 /*
00245 * Increase the size of the buffer
00246 */
00247 template<typename T>
00248 void MemoryRegion<T>::grow_to(u32bit n)
00249    {
00250    if(n > used && n <= allocated)
00251       {
00252       clear_mem(buf + used, n - used);
00253       used = n;
00254       return;
00255       }
00256    else if(n > allocated)
00257       {
00258       T* new_buf = allocate(n);
00259       copy_mem(new_buf, buf, used);
00260       deallocate(buf, allocated);
00261       buf = new_buf;
00262       allocated = used = n;
00263       }
00264    }
00265 
00266 /*
00267 * Compare this buffer with another one
00268 */
00269 template<typename T>
00270 bool MemoryRegion<T>::operator<(const MemoryRegion<T>& other) const
00271    {
00272    if(size() < other.size()) return true;
00273    if(size() > other.size()) return false;
00274 
00275    for(u32bit j = 0; j != size(); j++)
00276       {
00277       if(buf[j] < other[j]) return true;
00278       if(buf[j] > other[j]) return false;
00279       }
00280 
00281    return false;
00282    }
00283 
00284 /*
00285 * Swap this buffer with another one
00286 */
00287 template<typename T>
00288 void MemoryRegion<T>::swap(MemoryRegion<T>& x)
00289    {
00290    std::swap(buf, x.buf);
00291    std::swap(used, x.used);
00292    std::swap(allocated, x.allocated);
00293    std::swap(alloc, x.alloc);
00294    }
00295 
00296 /**
00297 * This class represents variable length buffers that do not
00298 * make use of memory locking.
00299 */
00300 template<typename T>
00301 class MemoryVector : public MemoryRegion<T>
00302    {
00303    public:
00304       using MemoryRegion<T>::set;
00305       using MemoryRegion<T>::init;
00306       using MemoryRegion<T>::append;
00307 
00308       /**
00309       * Copy the contents of another buffer into this buffer.
00310       * @param in the buffer to copy the contents from
00311       * @return reference to *this
00312       */
00313       MemoryVector<T>& operator=(const MemoryRegion<T>& in)
00314          { if(this != &in) set(in); return (*this); }
00315 
00316       /**
00317       * Create a buffer of the specified length.
00318       * @param n the length of the buffer to create.
00319       */
00320       MemoryVector(u32bit n = 0) { init(false, n); }
00321 
00322       /**
00323       * Create a buffer with the specified contents.
00324       * @param in the array containing the data to be initially copied
00325       * into the newly created buffer
00326       * @param n the size of the arry in
00327       */
00328       MemoryVector(const T in[], u32bit n)
00329          { init(false); set(in, n); }
00330 
00331       /**
00332       * Copy constructor.
00333       */
00334       MemoryVector(const MemoryRegion<T>& in)
00335          { init(false); set(in); }
00336 
00337       /**
00338       * Create a buffer whose content is the concatenation of two other
00339       * buffers.
00340       * @param in1 the first part of the new contents
00341       * @param in2 the contents to be appended to in1
00342       */
00343       MemoryVector(const MemoryRegion<T>& in1, const MemoryRegion<T>& in2)
00344          { init(false); set(in1); append(in2); }
00345    };
00346 
00347 /**
00348 * This class represents variable length buffers using the operating
00349 * systems capability to lock memory, i.e. keeping it from being
00350 * swapped out to disk. In this way, a security hole allowing attackers
00351 * to find swapped out secret keys is closed.
00352 */
00353 template<typename T, u32bit INITIAL_LEN = 0>
00354 class SecureVector : public MemoryRegion<T>
00355    {
00356    public:
00357       using MemoryRegion<T>::copy;
00358       using MemoryRegion<T>::set;
00359       using MemoryRegion<T>::init;
00360       using MemoryRegion<T>::append;
00361 
00362       /**
00363       * Copy the contents of another buffer into this buffer.
00364       * @param in the buffer to copy the contents from
00365       * @return reference to *this
00366       */
00367       SecureVector<T>& operator=(const MemoryRegion<T>& in)
00368          { if(this != &in) set(in); return (*this); }
00369 
00370       /**
00371       * Create a buffer of the specified length.
00372       * @param n the length of the buffer to create.
00373       */
00374       SecureVector(u32bit n = INITIAL_LEN)
00375          { init(true, n); }
00376 
00377       /**
00378       * Create a buffer with the specified contents.
00379       * @param in the array containing the data to be initially copied
00380       * into the newly created buffer
00381       * @param n the size of the array in
00382       */
00383       SecureVector(const T in[], u32bit n)
00384          {
00385          init(true, INITIAL_LEN);
00386          if(INITIAL_LEN)
00387             copy(in, n);
00388          else
00389             set(in, n);
00390          }
00391 
00392       /**
00393       * Create a buffer with contents specified contents.
00394       * @param in the buffer holding the contents that will be
00395       * copied into the newly created buffer.
00396       */
00397       SecureVector(const MemoryRegion<T>& in)
00398          {
00399          init(true, INITIAL_LEN);
00400          if(INITIAL_LEN)
00401             copy(in, in.size());
00402          else
00403             set(in);
00404          }
00405 
00406       /**
00407       * Create a buffer whose content is the concatenation of two other
00408       * buffers.
00409       * @param in1 the first part of the new contents
00410       * @param in2 the contents to be appended to in1
00411       */
00412       SecureVector(const MemoryRegion<T>& in1, const MemoryRegion<T>& in2)
00413          { init(true); set(in1); append(in2); }
00414    };
00415 
00416 }
00417 
00418 #endif