summaryrefslogtreecommitdiffstats
path: root/SoftHSMv2/src/lib/data_mgr/SecureAllocator.h
diff options
context:
space:
mode:
authorNingSun <ning.sun@intel.com>2018-02-08 08:34:03 -0800
committerNingSun <ning.sun@intel.com>2018-02-08 09:14:52 -0800
commit0c89b3ccba7c9b7332ab67ae1936aff51ca62367 (patch)
tree70c1b1d160d4c6d0a83395ca9a87c1264d0d3439 /SoftHSMv2/src/lib/data_mgr/SecureAllocator.h
parent945613b4db4e07f75d2bc7463db580ddfaa700fd (diff)
Initial sshsm project structure
Issue-ID: AAF-94 Change-Id: I5e82fff418e7567b161acf9b98013a9b85ffc5b4 Signed-off-by: NingSun <ning.sun@intel.com>
Diffstat (limited to 'SoftHSMv2/src/lib/data_mgr/SecureAllocator.h')
-rw-r--r--SoftHSMv2/src/lib/data_mgr/SecureAllocator.h203
1 files changed, 203 insertions, 0 deletions
diff --git a/SoftHSMv2/src/lib/data_mgr/SecureAllocator.h b/SoftHSMv2/src/lib/data_mgr/SecureAllocator.h
new file mode 100644
index 0000000..71dc80c
--- /dev/null
+++ b/SoftHSMv2/src/lib/data_mgr/SecureAllocator.h
@@ -0,0 +1,203 @@
+/*
+ * Copyright (c) 2010 SURFnet bv
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/*****************************************************************************
+ SecureAllocator.h
+
+ Implements a template class for a secure C++ allocator. The allocator will
+ zero all the memory it allocates before releasing it to ensure that the
+ data stored in the memory is destroyed properly to minimise the risk of
+ obtaining sensitive data from memory
+ *****************************************************************************/
+
+#ifndef _SOFTHSM_V2_SECUREALLOCATOR_H
+#define _SOFTHSM_V2_SECUREALLOCATOR_H
+
+#include <limits>
+#include <stdlib.h>
+#include <string.h>
+#if defined(SENSITIVE_NON_PAGED) && !defined(_WIN32)
+#include <sys/mman.h>
+#endif // SENSITIVE_NON_PAGED
+#include "config.h"
+#include "log.h"
+#include "SecureMemoryRegistry.h"
+
+template<class T> class SecureAllocator
+{
+public:
+ // Member types
+ typedef T value_type;
+ typedef T* pointer;
+ typedef T& reference;
+ typedef const T* const_pointer;
+ typedef const T& const_reference;
+ typedef size_t size_type;
+ typedef ptrdiff_t difference_type;
+
+ // Rebind to another type
+ template<class U> struct rebind
+ {
+ typedef SecureAllocator<U> other;
+ };
+
+ // Constructor
+ inline SecureAllocator() { }
+
+ inline SecureAllocator(const SecureAllocator&) { }
+
+ template<class U> SecureAllocator(const SecureAllocator<U>&) { }
+
+ // Destructor
+ inline virtual ~SecureAllocator() { }
+
+ // Return the maximum allocation size
+ size_type max_size() const
+ {
+ return std::numeric_limits<std::size_t>::max() / sizeof(T);
+ }
+
+ // Return the address of values
+ inline pointer address(reference value) const
+ {
+ return &value;
+ }
+
+ inline const_pointer address(const_reference value) const
+ {
+ return &value;
+ }
+
+ // Allocate n elements of type T
+ inline pointer allocate(size_type n, const void* = NULL)
+ {
+#ifdef SENSITIVE_NON_PAGED
+ // Allocate memory on a page boundary
+#ifndef _WIN32
+ pointer r = (pointer) valloc(n * sizeof(T));
+#else
+ pointer r = (pointer) VirtualAlloc(NULL, n * sizeof(T), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+#endif
+
+ if (r == NULL)
+ {
+ ERROR_MSG("Out of memory");
+
+ return NULL;
+ }
+
+ // Lock the memory so it doesn't get swapped out
+#ifndef _WIN32
+ if (mlock((const void*) r, n * sizeof(T)) != 0)
+#else
+ if (VirtualLock((const void*) r, n * sizeof(T)) == 0)
+#endif
+ {
+ ERROR_MSG("Could not allocate non-paged memory for secure storage");
+
+ // Hmmm... best to not return any allocated space in this case
+#ifndef _WIN32
+ free(r);
+#else
+ VirtualFree((const void*) r, MEM_RELEASE);
+#endif
+
+ return NULL;
+ }
+
+ // Register the memory in the secure memory registry
+ SecureMemoryRegistry::i()->add(r, n * sizeof(T));
+
+ return r;
+#else
+ pointer r = (pointer)(::operator new(n * sizeof(T)));
+
+ if (r == NULL)
+ {
+ ERROR_MSG("Out of memory");
+
+ return NULL;
+ }
+
+ // Register the memory in the secure memory registry
+ SecureMemoryRegistry::i()->add(r, n * sizeof(T));
+
+ return r;
+#endif // SENSITIVE_NON_PAGED
+ }
+
+ // Deallocate n elements of type T
+ inline void deallocate(pointer p, size_type n)
+ {
+#ifdef PARANOID
+ // First toggle all bits on
+ memset(p, 0xFF, n * sizeof(T));
+#endif // PARANOID
+
+ // Toggle all bits off
+ memset(p, 0x00, n * sizeof(T));
+
+ // Unregister the memory from the secure memory registry
+ SecureMemoryRegistry::i()->remove(p);
+
+#ifdef SENSITIVE_NON_PAGED
+#ifndef _WIN32
+ munlock((const void*) p, n * sizeof(T));
+#else
+ VirtualUnlock((const void*) p, n * sizeof(T));
+#endif
+
+#ifndef _WIN32
+ free(p);
+#else
+ VirtualFree((const void*) r, MEM_RELEASE);
+#endif
+#else
+ // Release the memory
+ ::operator delete((void*) p);
+#endif // SENSITIVE_NON_PAGED
+ }
+
+ // Initialise allocate storage with a value
+ void construct(pointer p, const T& value)
+ {
+ new((void*) p)T(value);
+ }
+
+ // Destroy elements of initialised storage
+ void destroy(pointer p)
+ {
+ // Call destructor
+ p->~T();
+ }
+
+ // Comparison operators
+ inline bool operator==(SecureAllocator const&) const { return true; }
+ inline bool operator!=(SecureAllocator const&) const { return false; }
+};
+
+#endif // !_SOFTHSM_V2_SECUREALLOCATOR_H
+