diff options
author | Jorge Lucangeli Obes <jorgelo@chromium.org> | 2018-06-26 10:31:32 -0400 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-28 00:58:05 -0700 |
commit | 4f500daeeff106af163421a2c13f7f33fe627393 (patch) | |
tree | 8976aeac5f72d157b1cbacdd8a2975296dc37428 /brillo/secure_blob.cc | |
parent | c2514025e026b78318ca3a9cd36af973ac0780c7 (diff) | |
download | platform_external_libbrillo-4f500daeeff106af163421a2c13f7f33fe627393.tar.gz platform_external_libbrillo-4f500daeeff106af163421a2c13f7f33fe627393.tar.bz2 platform_external_libbrillo-4f500daeeff106af163421a2c13f7f33fe627393.zip |
Add SecureBlob::HexStringToSecureBlob.
Polymorphic usage of SecureBlob is problematic (see crbug.com/728047).
In some cases we're unnecessarily passing plain Blobs into functions
that take SecureBlobs because we don't have code to create a SecureBlob
from a hex string, so we use base::HexStringToBytes to create a Blob
instead.
This CL does attempt to use HexStringToBytes and then zero out the
memory. As long as we still have polymorphic usage of SecureBlobs,
this is not a big deal. Once we decouple SecureBlob from Blob, we can
improve this implementation.
BUG=chromium:728047
TEST=New unit tests.
Change-Id: Iad94cbd8f574dd35730cb2d68b6ae39798b03ef6
Reviewed-on: https://chromium-review.googlesource.com/1114919
Commit-Ready: Jorge Lucangeli Obes <jorgelo@chromium.org>
Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
Diffstat (limited to 'brillo/secure_blob.cc')
-rw-r--r-- | brillo/secure_blob.cc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/brillo/secure_blob.cc b/brillo/secure_blob.cc index 4294b14..f4b797f 100644 --- a/brillo/secure_blob.cc +++ b/brillo/secure_blob.cc @@ -5,6 +5,7 @@ #include <cstring> // memcpy #include <base/stl_util.h> +#include <base/strings/string_number_conversions.h> #include "brillo/secure_blob.h" @@ -71,6 +72,20 @@ SecureBlob SecureBlob::Combine(const SecureBlob& blob1, return result; } +bool SecureBlob::HexStringToSecureBlob(const std::string& input, + SecureBlob* output) { + // TODO(jorgelo,crbug.com/728047): Consider not using an intermediate + // std::vector here at all. + std::vector<uint8_t> temp; + if (!base::HexStringToBytes(input, &temp)) { + output->clear(); + return false; + } + output->assign(temp.begin(), temp.end()); + SecureMemset(temp.data(), 0, temp.capacity()); + return true; +} + BRILLO_DISABLE_ASAN void* SecureMemset(void* v, int c, size_t n) { volatile uint8_t* p = reinterpret_cast<volatile uint8_t*>(v); while (n--) |