xref: /aosp_15_r20/system/keymaster/include/keymaster/mem.h (revision 789431f29546679ab5188a97751fb38e3018d44d) 
1*789431f2SAndroid Build Coastguard Worker /*
2*789431f2SAndroid Build Coastguard Worker  * Copyright 2021 The Android Open Source Project
3*789431f2SAndroid Build Coastguard Worker  *
4*789431f2SAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*789431f2SAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*789431f2SAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*789431f2SAndroid Build Coastguard Worker  *
8*789431f2SAndroid Build Coastguard Worker  *      http://www.apache.org/licenses/LICENSE-2.0
9*789431f2SAndroid Build Coastguard Worker  *
10*789431f2SAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*789431f2SAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*789431f2SAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*789431f2SAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*789431f2SAndroid Build Coastguard Worker  * limitations under the License.
15*789431f2SAndroid Build Coastguard Worker  */
16*789431f2SAndroid Build Coastguard Worker 
17*789431f2SAndroid Build Coastguard Worker #pragma once
18*789431f2SAndroid Build Coastguard Worker 
19*789431f2SAndroid Build Coastguard Worker namespace keymaster {
20*789431f2SAndroid Build Coastguard Worker 
21*789431f2SAndroid Build Coastguard Worker /*
22*789431f2SAndroid Build Coastguard Worker  * Array Manipulation functions.  This set of templated inline functions provides some nice tools
23*789431f2SAndroid Build Coastguard Worker  * for operating on c-style arrays.  C-style arrays actually do have a defined size associated with
24*789431f2SAndroid Build Coastguard Worker  * them, as long as they are not allowed to decay to a pointer.  These template methods exploit this
25*789431f2SAndroid Build Coastguard Worker  * to allow size-based array operations without explicitly specifying the size.  If passed a pointer
26*789431f2SAndroid Build Coastguard Worker  * rather than an array, they'll fail to compile.
27*789431f2SAndroid Build Coastguard Worker  */
28*789431f2SAndroid Build Coastguard Worker 
29*789431f2SAndroid Build Coastguard Worker /**
30*789431f2SAndroid Build Coastguard Worker  * Return the size in bytes of the array \p a.
31*789431f2SAndroid Build Coastguard Worker  */
array_size(const T (& a)[N])32*789431f2SAndroid Build Coastguard Worker template <typename T, size_t N> inline size_t array_size(const T (&a)[N]) {
33*789431f2SAndroid Build Coastguard Worker     return sizeof(a);
34*789431f2SAndroid Build Coastguard Worker }
35*789431f2SAndroid Build Coastguard Worker 
36*789431f2SAndroid Build Coastguard Worker /**
37*789431f2SAndroid Build Coastguard Worker  * Return the number of elements in array \p a.
38*789431f2SAndroid Build Coastguard Worker  */
array_length(const T (&)[N])39*789431f2SAndroid Build Coastguard Worker template <typename T, size_t N> inline size_t array_length(const T (&)[N]) {
40*789431f2SAndroid Build Coastguard Worker     return N;
41*789431f2SAndroid Build Coastguard Worker }
42*789431f2SAndroid Build Coastguard Worker 
43*789431f2SAndroid Build Coastguard Worker /**
44*789431f2SAndroid Build Coastguard Worker  * Duplicate the array \p a.  The memory for the new array is allocated and the caller takes
45*789431f2SAndroid Build Coastguard Worker  * responsibility.
46*789431f2SAndroid Build Coastguard Worker  */
dup_array(const T * a,size_t n)47*789431f2SAndroid Build Coastguard Worker template <typename T> inline T* dup_array(const T* a, size_t n) {
48*789431f2SAndroid Build Coastguard Worker     T* dup = new (std::nothrow) T[n];
49*789431f2SAndroid Build Coastguard Worker     if (dup)
50*789431f2SAndroid Build Coastguard Worker         for (size_t i = 0; i < n; ++i)
51*789431f2SAndroid Build Coastguard Worker             dup[i] = a[i];
52*789431f2SAndroid Build Coastguard Worker     return dup;
53*789431f2SAndroid Build Coastguard Worker }
54*789431f2SAndroid Build Coastguard Worker 
55*789431f2SAndroid Build Coastguard Worker /**
56*789431f2SAndroid Build Coastguard Worker  * Duplicate the array \p a.  The memory for the new array is allocated and the caller takes
57*789431f2SAndroid Build Coastguard Worker  * responsibility.  Note that the dup is necessarily returned as a pointer, so size is lost.  Call
58*789431f2SAndroid Build Coastguard Worker  * array_length() on the original array to discover the size.
59*789431f2SAndroid Build Coastguard Worker  */
dup_array(const T (& a)[N])60*789431f2SAndroid Build Coastguard Worker template <typename T, size_t N> inline T* dup_array(const T (&a)[N]) {
61*789431f2SAndroid Build Coastguard Worker     return dup_array(a, N);
62*789431f2SAndroid Build Coastguard Worker }
63*789431f2SAndroid Build Coastguard Worker 
64*789431f2SAndroid Build Coastguard Worker /**
65*789431f2SAndroid Build Coastguard Worker  * Duplicate the buffer \p buf.  The memory for the new buffer is allocated and the caller takes
66*789431f2SAndroid Build Coastguard Worker  * responsibility.
67*789431f2SAndroid Build Coastguard Worker  */
68*789431f2SAndroid Build Coastguard Worker uint8_t* dup_buffer(const void* buf, size_t size);
69*789431f2SAndroid Build Coastguard Worker 
70*789431f2SAndroid Build Coastguard Worker /**
71*789431f2SAndroid Build Coastguard Worker  * Copy the contents of array \p arr to \p dest.
72*789431f2SAndroid Build Coastguard Worker  */
copy_array(const T (& arr)[N],T * dest)73*789431f2SAndroid Build Coastguard Worker template <typename T, size_t N> inline void copy_array(const T (&arr)[N], T* dest) {
74*789431f2SAndroid Build Coastguard Worker     for (size_t i = 0; i < N; ++i)
75*789431f2SAndroid Build Coastguard Worker         dest[i] = arr[i];
76*789431f2SAndroid Build Coastguard Worker }
77*789431f2SAndroid Build Coastguard Worker 
78*789431f2SAndroid Build Coastguard Worker /**
79*789431f2SAndroid Build Coastguard Worker  * Search array \p a for value \p val, returning true if found.  Note that this function is
80*789431f2SAndroid Build Coastguard Worker  * early-exit, meaning that it should not be used in contexts where timing analysis attacks could be
81*789431f2SAndroid Build Coastguard Worker  * a concern.
82*789431f2SAndroid Build Coastguard Worker  */
array_contains(const T (& a)[N],T val)83*789431f2SAndroid Build Coastguard Worker template <typename T, size_t N> inline bool array_contains(const T (&a)[N], T val) {
84*789431f2SAndroid Build Coastguard Worker     for (size_t i = 0; i < N; ++i) {
85*789431f2SAndroid Build Coastguard Worker         if (a[i] == val) {
86*789431f2SAndroid Build Coastguard Worker             return true;
87*789431f2SAndroid Build Coastguard Worker         }
88*789431f2SAndroid Build Coastguard Worker     }
89*789431f2SAndroid Build Coastguard Worker     return false;
90*789431f2SAndroid Build Coastguard Worker }
91*789431f2SAndroid Build Coastguard Worker 
92*789431f2SAndroid Build Coastguard Worker /**
93*789431f2SAndroid Build Coastguard Worker  * Variant of memset() that uses GCC-specific pragmas to disable optimizations, so effect is not
94*789431f2SAndroid Build Coastguard Worker  * optimized away.  This is important because we often need to wipe blocks of sensitive data from
95*789431f2SAndroid Build Coastguard Worker  * memory.  As an additional convenience, this implementation avoids writing to NULL pointers.
96*789431f2SAndroid Build Coastguard Worker  */
97*789431f2SAndroid Build Coastguard Worker #ifdef __clang__
98*789431f2SAndroid Build Coastguard Worker #define OPTNONE __attribute__((optnone))
99*789431f2SAndroid Build Coastguard Worker #else  // not __clang__
100*789431f2SAndroid Build Coastguard Worker #define OPTNONE __attribute__((optimize("O0")))
101*789431f2SAndroid Build Coastguard Worker #endif  // not __clang__
memset_s(void * s,int c,size_t n)102*789431f2SAndroid Build Coastguard Worker inline OPTNONE void* memset_s(void* s, int c, size_t n) {
103*789431f2SAndroid Build Coastguard Worker     if (!s) return s;
104*789431f2SAndroid Build Coastguard Worker     return memset(s, c, n);
105*789431f2SAndroid Build Coastguard Worker }
106*789431f2SAndroid Build Coastguard Worker #undef OPTNONE
107*789431f2SAndroid Build Coastguard Worker 
108*789431f2SAndroid Build Coastguard Worker /**
109*789431f2SAndroid Build Coastguard Worker  * Variant of memcmp that has the same runtime regardless of whether the data matches (i.e. doesn't
110*789431f2SAndroid Build Coastguard Worker  * short-circuit).  Not an exact equivalent to memcmp because it doesn't return <0 if p1 < p2, just
111*789431f2SAndroid Build Coastguard Worker  * 0 for match and non-zero for non-match.
112*789431f2SAndroid Build Coastguard Worker  */
113*789431f2SAndroid Build Coastguard Worker int memcmp_s(const void* p1, const void* p2, size_t length);
114*789431f2SAndroid Build Coastguard Worker 
115*789431f2SAndroid Build Coastguard Worker /**
116*789431f2SAndroid Build Coastguard Worker  * Eraser clears buffers.  Construct it with a buffer or object and the destructor will ensure that
117*789431f2SAndroid Build Coastguard Worker  * it is zeroed.
118*789431f2SAndroid Build Coastguard Worker  */
119*789431f2SAndroid Build Coastguard Worker class Eraser {
120*789431f2SAndroid Build Coastguard Worker   public:
121*789431f2SAndroid Build Coastguard Worker     /* Not implemented.  If this gets used, we want a link error. */
122*789431f2SAndroid Build Coastguard Worker     template <typename T> explicit Eraser(T* t);
123*789431f2SAndroid Build Coastguard Worker 
124*789431f2SAndroid Build Coastguard Worker     template <typename T>
Eraser(T & t)125*789431f2SAndroid Build Coastguard Worker     explicit Eraser(T& t) : buf_(reinterpret_cast<uint8_t*>(&t)), size_(sizeof(t)) {}
126*789431f2SAndroid Build Coastguard Worker 
Eraser(uint8_t (& arr)[N])127*789431f2SAndroid Build Coastguard Worker     template <size_t N> explicit Eraser(uint8_t (&arr)[N]) : buf_(arr), size_(N) {}
128*789431f2SAndroid Build Coastguard Worker 
Eraser(void * buf,size_t size)129*789431f2SAndroid Build Coastguard Worker     Eraser(void* buf, size_t size) : buf_(static_cast<uint8_t*>(buf)), size_(size) {}
~Eraser()130*789431f2SAndroid Build Coastguard Worker     ~Eraser() { memset_s(buf_, 0, size_); }
131*789431f2SAndroid Build Coastguard Worker 
132*789431f2SAndroid Build Coastguard Worker   private:
133*789431f2SAndroid Build Coastguard Worker     Eraser(const Eraser&);
134*789431f2SAndroid Build Coastguard Worker     void operator=(const Eraser&);
135*789431f2SAndroid Build Coastguard Worker 
136*789431f2SAndroid Build Coastguard Worker     uint8_t* buf_;
137*789431f2SAndroid Build Coastguard Worker     size_t size_;
138*789431f2SAndroid Build Coastguard Worker };
139*789431f2SAndroid Build Coastguard Worker 
140*789431f2SAndroid Build Coastguard Worker /**
141*789431f2SAndroid Build Coastguard Worker  * ArrayWrapper is a trivial wrapper around a C-style array that provides begin() and end()
142*789431f2SAndroid Build Coastguard Worker  * methods. This is primarily to facilitate range-based iteration on arrays.  It does not copy, nor
143*789431f2SAndroid Build Coastguard Worker  * does it take ownership; it just holds pointers.
144*789431f2SAndroid Build Coastguard Worker  */
145*789431f2SAndroid Build Coastguard Worker template <typename T> class ArrayWrapper {
146*789431f2SAndroid Build Coastguard Worker   public:
ArrayWrapper(T * array,size_t size)147*789431f2SAndroid Build Coastguard Worker     ArrayWrapper(T* array, size_t size) : begin_(array), end_(array + size) {}
148*789431f2SAndroid Build Coastguard Worker 
begin()149*789431f2SAndroid Build Coastguard Worker     T* begin() { return begin_; }
end()150*789431f2SAndroid Build Coastguard Worker     T* end() { return end_; }
151*789431f2SAndroid Build Coastguard Worker 
152*789431f2SAndroid Build Coastguard Worker   private:
153*789431f2SAndroid Build Coastguard Worker     T* begin_;
154*789431f2SAndroid Build Coastguard Worker     T* end_;
155*789431f2SAndroid Build Coastguard Worker };
156*789431f2SAndroid Build Coastguard Worker 
array_range(T * begin,size_t length)157*789431f2SAndroid Build Coastguard Worker template <typename T> ArrayWrapper<T> array_range(T* begin, size_t length) {
158*789431f2SAndroid Build Coastguard Worker     return ArrayWrapper<T>(begin, length);
159*789431f2SAndroid Build Coastguard Worker }
160*789431f2SAndroid Build Coastguard Worker 
array_range(T (& a)[n])161*789431f2SAndroid Build Coastguard Worker template <typename T, size_t n> ArrayWrapper<T> array_range(T (&a)[n]) {
162*789431f2SAndroid Build Coastguard Worker     return ArrayWrapper<T>(a, n);
163*789431f2SAndroid Build Coastguard Worker }
164*789431f2SAndroid Build Coastguard Worker 
165*789431f2SAndroid Build Coastguard Worker struct Malloc_Delete {
operatorMalloc_Delete166*789431f2SAndroid Build Coastguard Worker     void operator()(void* p) { free(p); }
167*789431f2SAndroid Build Coastguard Worker };
168*789431f2SAndroid Build Coastguard Worker 
169*789431f2SAndroid Build Coastguard Worker }  // namespace keymaster
170