VirtualBox

source: vbox/trunk/include/iprt/memsafer.h

Last change on this file was 106061, checked in by vboxsync, 2 months ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 10.2 KB
Line 
1/** @file
2 * IPRT - Memory Allocate for Sensitive Data.
3 */
4
5/*
6 * Copyright (C) 2006-2024 Oracle and/or its affiliates.
7 *
8 * This file is part of VirtualBox base platform packages, as
9 * available from https://www.virtualbox.org.
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation, in version 3 of the
14 * License.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <https://www.gnu.org/licenses>.
23 *
24 * The contents of this file may alternatively be used under the terms
25 * of the Common Development and Distribution License Version 1.0
26 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
27 * in the VirtualBox distribution, in which case the provisions of the
28 * CDDL are applicable instead of those of the GPL.
29 *
30 * You may elect to license modified versions of this file under the
31 * terms and conditions of either the GPL or the CDDL or both.
32 *
33 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
34 */
35
36#ifndef IPRT_INCLUDED_memsafer_h
37#define IPRT_INCLUDED_memsafer_h
38#ifndef RT_WITHOUT_PRAGMA_ONCE
39# pragma once
40#endif
41
42#include <iprt/mem.h> /* RTMEM_TAG */
43
44RT_C_DECLS_BEGIN
45
46
47/** @defgroup grp_rt_memsafer RTMemSafer - Memory Allocator for Sensitive Data
48 * @ingroup grp_rt
49 *
50 * This API doesn't provide 100% secure storage, it only provider more secure
51 * and safer storage. Thus the API isn't called RTMemSafe because you cannot
52 * assume the data is safe against all kinds of extraction methods.
53 *
54 * The API guarantee that the memory won't be returned to the system containing
55 * any of the information you put there. It will be repeatedly wiped after use.
56 *
57 * The API tries to isolate your data from other information stored in the
58 * process/system. How well this is done depends on the implementation. The
59 * more complicated implementations will provide protection against heartbleed
60 * like bugs where pieces of the heap is copied onto the wire.
61 *
62 * The more hardened implementations of the API will also do their best to
63 * prevent the memory from ending up in process dumps or being readable by
64 * debuggers.
65 *
66 * Finally, two functions are provided for scrambling the sensitive memory while
67 * it's not in use.
68 *
69 * @{
70 */
71
72/** @name RTMEMSAFER_F_XXX
73 * @{ */
74/** Require the memory to not hit the page file.
75 * @remarks Makes not guarantees with regards to hibernation /
76 * suspend-to-disk. */
77#define RTMEMSAFER_F_REQUIRE_NOT_PAGABLE RT_BIT_32(0)
78/** Do not use the SUPLib allocator.
79 * The SUPLib allocator may be terminated earlier than IPRT,
80 * automatically rendering the allocations inaccessible. */
81#define RTMEMSAFER_F_NO_SUPLIB_ALLOC RT_BIT_32(1)
82/** Mask of valid bits. */
83#define RTMEMSAFER_F_VALID_MASK UINT32_C(0x00000003)
84/** @} */
85
86/**
87 * Scrambles memory allocated by RTMemSaferAllocZEx and associates after use.
88 *
89 * Call this when the sensitive data isn't actively being used. It will at a
90 * minimum make sure the data is slightly scrambled, how hard it is to unbutton
91 * is dependent on which implementation is used and available host support.
92 *
93 * The user must synchronize calls to RTMemSaferScramble and
94 * RTMemSaferUnscramble, this memory allocator provides no help and keeps no
95 * state information around.
96 *
97 * @returns IPRT status code.
98 * @param pv The pointer returned by the allocation function.
99 * @param cb The exact size given to the allocation function.
100 */
101RTDECL(int) RTMemSaferScramble(void *pv, size_t cb);
102
103/**
104 * Unscrambles memory allocated by RTMemSaferAllocZEx and associates before use.
105 *
106 * This undoes the effect of RTMemSaferScramble.
107 *
108 * @returns IPRT status code.
109 * @param pv The pointer returned by the allocation function.
110 * @param cb The exact size given to the allocation function.
111 */
112RTDECL(int) RTMemSaferUnscramble(void *pv, size_t cb);
113
114/**
115 * Allocates memory for sensitive data.
116 *
117 * Some effort will be taken to isolate the data from other memory allocation.
118 * Memory is always zeroed.
119 *
120 * @returns IPRT status code.
121 * @param ppvNew Where to return the pointer to the memory.
122 * @param cb Number of bytes to allocate.
123 * @param fFlags Flags for controlling the allocation, see
124 * RTMEMSAFER_F_XXX.
125 * @param pszTag Allocation tag used for statistics and such.
126 */
127RTDECL(int) RTMemSaferAllocZExTag(void **ppvNew, size_t cb, uint32_t fFlags, const char *pszTag) RT_NO_THROW_PROTO;
128
129/**
130 * Allocates memory for sensitive data.
131 *
132 * Some effort will be taken to isolate the data from other memory allocation.
133 * Memory is always zeroed.
134 *
135 * @returns IPRT status code.
136 * @param a_ppvNew Where to return the pointer to the memory.
137 * @param a_cb Number of bytes to allocate.
138 * @param a_fFlags Flags for controlling the allocation, see
139 * RTMEMSAFER_F_XXX.
140 */
141#define RTMemSaferAllocZEx(a_ppvNew, a_cb, a_fFlags) RTMemSaferAllocZExTag(a_ppvNew, a_cb, a_fFlags, RTMEM_TAG)
142
143/**
144 * Allocates memory for sensitive data.
145 *
146 * Some effort will be taken to isolate the data from other memory allocation.
147 * Memory is always zeroed.
148 *
149 * @returns Pointer to the allocated memory.
150 * @param cb Number of bytes to allocate.
151 * @param pszTag Allocation tag used for statistics and such.
152 */
153RTDECL(void *) RTMemSaferAllocZTag(size_t cb, const char *pszTag) RT_NO_THROW_PROTO;
154
155/**
156 * Allocates memory for sensitive data.
157 *
158 * Some effort will be taken to isolate the data from other memory allocation.
159 * Memory is always zeroed.
160 *
161 * @returns Pointer to the allocated memory.
162 * @param a_cb Number of bytes to allocate.
163 */
164#define RTMemSaferAllocZ(a_cb) RTMemSaferAllocZTag(a_cb, RTMEM_TAG)
165
166
167/**
168 * Reallocates memory allocated by RTMemSaferAllocZEx, RTMemSaferAllocZ,
169 * RTMemSaferAllocZExTag, or RTMemSaferAllocZTag.
170 *
171 * When extending the allocation, the new memory will be zeroed. When shrinking
172 * the allocation the left over memory will be wiped clean using
173 * RTMemWipeThorougly.
174 *
175 * The function follows the standard realloc behavior.
176 *
177 * @returns IPRT status code.
178 * @param cbOld The current allocation size.
179 * @param pvOld The current allocation.
180 * @param cbNew The size of the new allocation.
181 * @param ppvNew Where to return the pointer to the new memory.
182 * @param fFlags Flags for controlling the allocation, see
183 * RTMEMSAFER_F_XXX. It is not permitted to drop saftely
184 * requirments after the initial allocation.
185 * @param pszTag Allocation tag used for statistics and such.
186 */
187RTDECL(int) RTMemSaferReallocZExTag(size_t cbOld, void *pvOld, size_t cbNew, void **ppvNew, uint32_t fFlags, const char *pszTag) RT_NO_THROW_PROTO;
188
189/**
190 * Reallocates memory allocated by RTMemSaferAllocZEx, RTMemSaferAllocZ,
191 * RTMemSaferAllocZExTag, or RTMemSaferAllocZTag.
192 *
193 * When extending the allocation, the new memory will be zeroed. When shrinking
194 * the allocation the left over memory will be wiped clean using
195 * RTMemWipeThorougly.
196 *
197 * The function follows the standard realloc behavior.
198 *
199 * @returns IPRT status code.
200 * @param a_cbOld The current allocation size.
201 * @param a_pvOld The current allocation.
202 * @param a_cbNew The size of the new allocation.
203 * @param a_ppvNew Where to return the pointer to the new memory.
204 * @param a_fFlags Flags for controlling the allocation. See RTMEMSAFER_ALLOC_EX_FLAGS_* defines,
205 * this takes only effect when allocating completely new memory, for extending or
206 * shrinking existing allocations the flags of the allocation take precedence.
207 */
208#define RTMemSaferReallocZEx(a_cbOld, a_pvOld, a_cbNew, a_ppvNew, a_fFlags) \
209 RTMemSaferReallocZExTag(a_cbOld, a_pvOld, a_cbNew, a_ppvNew, a_fFlags, RTMEM_TAG)
210
211/**
212 * Reallocates memory allocated by RTMemSaferAllocZ or RTMemSaferAllocZTag.
213 *
214 * When extending the allocation, the new memory will be zeroed. When shrinking
215 * the allocation the left over memory will be wiped clean using
216 * RTMemWipeThorougly.
217 *
218 * The function follows the standard realloc behavior.
219 *
220 * @returns Pointer to the allocated memory.
221 * @param cbOld The current allocation size.
222 * @param pvOld The current allocation.
223 * @param cbNew The size of the new allocation.
224 * @param pszTag Allocation tag used for statistics and such.
225 */
226RTDECL(void *) RTMemSaferReallocZTag(size_t cbOld, void *pvOld, size_t cbNew, const char *pszTag) RT_NO_THROW_PROTO;
227
228/**
229 * Reallocates memory allocated by RTMemSaferAllocZ or RTMemSaferAllocZTag.
230 *
231 * When extending the allocation, the new memory will be zeroed. When shrinking
232 * the allocation the left over memory will be wiped clean using
233 * RTMemWipeThorougly.
234 *
235 * The function follows the standard realloc behavior.
236 *
237 * @returns Pointer to the allocated memory.
238 * @param a_cbOld The current allocation size.
239 * @param a_pvOld The current allocation.
240 * @param a_cbNew The size of the new allocation.
241 */
242#define RTMemSaferReallocZ(a_cbOld, a_pvOld, a_cbNew) RTMemSaferReallocZTag(a_cbOld, a_pvOld, a_cbNew, RTMEM_TAG)
243
244
245/**
246 * Frees memory allocated by RTMemSaferAllocZ* or RTMemSaferReallocZ*.
247 *
248 * Before freeing the allocated memory, it will be wiped clean using
249 * RTMemWipeThorougly.
250 *
251 * @param pv The allocation.
252 * @param cb The allocation size.
253 */
254RTDECL(void) RTMemSaferFree(void *pv, size_t cb) RT_NO_THROW_PROTO;
255
256/**
257 * Gets the amount of memory allocated at @a pv.
258 *
259 * This can be used to check if the allocation was made using an RTMemSafer API.
260 *
261 * @returns Allocation size in bytes, 0 if not a RTMemSafer allocation.
262 * @param pv The alleged RTMemSafer allocation.
263 *
264 * @note Not supported in all contexts and implementations of the API.
265 */
266RTDECL(size_t) RTMemSaferGetSize(void *pv) RT_NO_THROW_PROTO;
267
268
269/** @} */
270RT_C_DECLS_END
271
272#endif /* !IPRT_INCLUDED_memsafer_h */
273
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette