cc/util/secret_proto.h

*e7b1675dSTing-Kang Chang// Copyright 2021 Google LLC
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Licensed under the Apache License, Version 2.0 (the "License");
*e7b1675dSTing-Kang Chang// you may not use this file except in compliance with the License.
*e7b1675dSTing-Kang Chang// You may obtain a copy of the License at
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang//     http://www.apache.org/licenses/LICENSE-2.0
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Unless required by applicable law or agreed to in writing, software
*e7b1675dSTing-Kang Chang// distributed under the License is distributed on an "AS IS" BASIS,
*e7b1675dSTing-Kang Chang// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
*e7b1675dSTing-Kang Chang// See the License for the specific language governing permissions and
*e7b1675dSTing-Kang Chang// limitations under the License.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang///////////////////////////////////////////////////////////////////////////////
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#ifndef TINK_UTIL_SECRET_PROTO_H_
*e7b1675dSTing-Kang Chang#define TINK_UTIL_SECRET_PROTO_H_
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include <memory>
*e7b1675dSTing-Kang Chang#include <utility>
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#include "google/protobuf/arena.h"
*e7b1675dSTing-Kang Chang#include "absl/memory/memory.h"
*e7b1675dSTing-Kang Chang#include "tink/util/secret_data.h"
*e7b1675dSTing-Kang Chang#include "tink/util/status.h"
*e7b1675dSTing-Kang Chang#include "tink/util/statusor.h"
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changnamespace crypto {
*e7b1675dSTing-Kang Changnamespace tink {
*e7b1675dSTing-Kang Changnamespace util {
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changnamespace internal {
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Changinline google::protobuf::ArenaOptions SecretArenaOptions() {
*e7b1675dSTing-Kang Chang  google::protobuf::ArenaOptions options;
*e7b1675dSTing-Kang Chang  options.block_alloc = [](size_t sz) {
*e7b1675dSTing-Kang Chang    return SanitizingAllocator<void>().allocate(sz);
*e7b1675dSTing-Kang Chang  };
*e7b1675dSTing-Kang Chang  options.block_dealloc = [](void* ptr, size_t sz) {
*e7b1675dSTing-Kang Chang    return SanitizingAllocator<void>().deallocate(ptr, sz);
*e7b1675dSTing-Kang Chang  };
*e7b1675dSTing-Kang Chang  return options;
*e7b1675dSTing-Kang Chang}
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang}  // namespace internal
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang// Stores secret (sensitive) protobuf and makes sure it's marked as such and
*e7b1675dSTing-Kang Chang// destroyed in a safe way.
*e7b1675dSTing-Kang Chang//
*e7b1675dSTing-Kang Chang// Note: Currently does not protect fields of type "string" and "bytes"
*e7b1675dSTing-Kang Chang// (depends on https://github.com/protocolbuffers/protobuf/issues/1896)
*e7b1675dSTing-Kang Changtemplate <typename T>
*e7b1675dSTing-Kang Changclass SecretProto {
*e7b1675dSTing-Kang Chang public:
*e7b1675dSTing-Kang Chang  static StatusOr<SecretProto<T>> ParseFromSecretData(const SecretData& data) {
*e7b1675dSTing-Kang Chang    SecretProto<T> proto;
*e7b1675dSTing-Kang Chang    if (!proto->ParseFromArray(data.data(), data.size())) {
*e7b1675dSTing-Kang Chang      return Status(absl::StatusCode::kInternal, "Could not parse proto");
*e7b1675dSTing-Kang Chang    }
*e7b1675dSTing-Kang Chang    return proto;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  SecretProto() = default;
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  SecretProto(const SecretProto& other) { *value_ = *other.value_; }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  SecretProto(SecretProto&& other) { *this = std::move(other); }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  explicit SecretProto(const T& value) { *value_ = value; }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  SecretProto& operator=(const SecretProto& other) {
*e7b1675dSTing-Kang Chang    *value_ = *other.value_;
*e7b1675dSTing-Kang Chang    return *this;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  SecretProto& operator=(SecretProto&& other) {
*e7b1675dSTing-Kang Chang    using std::swap;
*e7b1675dSTing-Kang Chang    swap(arena_, other.arena_);
*e7b1675dSTing-Kang Chang    swap(value_, other.value_);
*e7b1675dSTing-Kang Chang    return *this;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  inline T* get() { return value_; }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  // Accessors to the underlying message.
*e7b1675dSTing-Kang Chang  inline T* operator->() { return value_; }
*e7b1675dSTing-Kang Chang  inline const T* operator->() const { return value_; }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  inline T& operator*() { return *value_; }
*e7b1675dSTing-Kang Chang  inline const T& operator*() const { return *value_; }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang  StatusOr<SecretData> SerializeAsSecretData() const {
*e7b1675dSTing-Kang Chang    SecretData data(value_->ByteSizeLong());
*e7b1675dSTing-Kang Chang    if (!value_->SerializeToArray(data.data(), data.size())) {
*e7b1675dSTing-Kang Chang      return Status(absl::StatusCode::kInternal, "Could not serialize proto");
*e7b1675dSTing-Kang Chang    }
*e7b1675dSTing-Kang Chang    return data;
*e7b1675dSTing-Kang Chang  }
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang private:
*e7b1675dSTing-Kang Chang  std::unique_ptr<google::protobuf::Arena> arena_ =
*e7b1675dSTing-Kang Chang      absl::make_unique<google::protobuf::Arena>(internal::SecretArenaOptions());
*e7b1675dSTing-Kang Chang  T* value_ = google::protobuf::Arena::CreateMessage<T>(arena_.get());
*e7b1675dSTing-Kang Chang};
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang}  // namespace util
*e7b1675dSTing-Kang Chang}  // namespace tink
*e7b1675dSTing-Kang Chang}  // namespace crypto
*e7b1675dSTing-Kang Chang
*e7b1675dSTing-Kang Chang#endif  // TINK_UTIL_SECRET_PROTO_H_