[apple/xnu.git] / EXTERNAL_HEADERS / corecrypto / cc.h

/*
 *  cc.h
 *  corecrypto
 *
 *  Created on 12/16/2010
 *
 *  Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
 *
 */

#ifndef _CORECRYPTO_CC_H_
#define _CORECRYPTO_CC_H_

#include <corecrypto/cc_config.h>
#include <corecrypto/cc_error.h>
#include <string.h>
#include <stdint.h>

/* Provide a general purpose macro concat method. */
#define cc_concat_(a, b) a##b
#define cc_concat(a, b) cc_concat_(a, b)

/* Manage asserts here because a few functions in header public files do use asserts */
#define cc_assert(x) assert(x)
#if CC_KERNEL
#include <kern/assert.h>
#elif CC_USE_S3
#define assert(args)  // No assert in S3
#else
#include <assert.h>
#endif

/* Provide a static assert that can be used to create compile-type failures. */
#define cc_static_assert(e,m)                                               \
    ;enum { cc_concat(static_assert_, __COUNTER__) = 1/(int)(!!(e)) }

/* Declare a struct element with a guarenteed alignment of _alignment_.
   The resulting struct can be used to create arrays that are aligned by
   a certain amount.  */
#define cc_aligned_struct(_alignment_)  \
typedef struct { \
uint8_t b[_alignment_]; \
} CC_ALIGNED(_alignment_)

/* number of array elements used in a cc_ctx_decl */
#define cc_ctx_n(_type_, _size_) ((_size_ + sizeof(_type_) - 1) / sizeof(_type_))

/* sizeof of a context declared with cc_ctx_decl */
#define cc_ctx_sizeof(_type_, _size_) sizeof(_type_[cc_ctx_n(_type_, _size_)])

/*
  1. _alloca cannot be removed becasue this header file is compiled with both MSVC++ and with clang.
  2. The _MSC_VER version of cc_ctx_decl() is not compatible with the way *_decl macros as used in CommonCrypto, AppleKeyStore and SecurityFrameworks. To observe the incompatibilities and errors, use below definition. Corecrypto itself, accepts both deinitions
      #define cc_ctx_decl(_type_, _size_, _name_)  _type_ _name_ ## _array[cc_ctx_n(_type_, (_size_))]; _type_ *_name_ = _name_ ## _array
  3. Never use sizeof() operator for the variables declared with cc_ctx_decl(), because it is not be compatible with the _MSC_VER version of cc_ctx_decl().
 */
#if defined(_MSC_VER)
#define cc_ctx_decl(_type_, _size_, _name_)  _type_ * _name_ = (_type_ *) _alloca(sizeof(_type_) * cc_ctx_n(_type_, _size_) )
#else
#define cc_ctx_decl(_type_, _size_, _name_)  _type_ _name_ [cc_ctx_n(_type_, _size_)]
#endif

/* bzero is deprecated. memset is the way to go */
/* FWIW, L4, HEXAGON and ARMCC even with gnu compatibility mode don't have bzero */
#define cc_zero(_size_,_data_) memset((_data_),0 ,(_size_))

/*!
 @brief cc_clear(len, dst) zeroizes array dst and it will not be optimized out.
 @discussion It is used to clear sensitive data, particularly when the are defined in the stack
 @param len number of bytes to be cleared in dst
 @param dst input array
 */
CC_NONNULL((2))
void cc_clear(size_t len, void *dst);

#define cc_copy(_size_, _dst_, _src_) memcpy(_dst_, _src_, _size_)

CC_INLINE CC_NONNULL((2, 3, 4))
void cc_xor(size_t size, void *r, const void *s, const void *t) {
    uint8_t *_r=(uint8_t *)r;
    const uint8_t *_s=(const uint8_t *)s;
    const uint8_t *_t=(const uint8_t *)t;
    while (size--) {
        _r[size] = _s[size] ^ _t[size];
    }
}

/*!
 @brief cc_cmp_safe(num, pt1, pt2) compares two array ptr1 and ptr2 of num bytes.
 @discussion The execution time/cycles is independent of the data and therefore guarantees no leak about the data. However, the execution time depends on num.
 @param num  number of bytes in each array
 @param ptr1 input array
 @param ptr2 input array
 @return  returns 0 if the num bytes starting at ptr1 are identical to the num bytes starting at ptr2 and 1 if they are different or if num is 0 (empty arrays).
 */
CC_NONNULL((2, 3))
int cc_cmp_safe (size_t num, const void * ptr1, const void * ptr2);

/* Exchange S and T of any type.  NOTE: Both and S and T are evaluated
   mutliple times and MUST NOT be expressions. */
#define CC_SWAP(S,T)  do { \
    __typeof__(S) _cc_swap_tmp = S; S = T; T = _cc_swap_tmp; \
} while(0)

/* Return the maximum value between S and T. */
#define CC_MAX(S, T) ({__typeof__(S) _cc_max_s = S; __typeof__(T) _cc_max_t = T; _cc_max_s > _cc_max_t ? _cc_max_s : _cc_max_t;})

/* Return the minimum value between S and T. */
#define CC_MIN(S, T) ({__typeof__(S) _cc_min_s = S; __typeof__(T) _cc_min_t = T; _cc_min_s <= _cc_min_t ? _cc_min_s : _cc_min_t;})

#endif /* _CORECRYPTO_CC_H_ */
Commit	Line	Data
316670eb A	1	/*
	2	* cc.h
	3	* corecrypto
	4	*
3e170ce0 A	5	* Created on 12/16/2010
	6	*
	7	* Copyright (c) 2010,2011,2012,2014,2015 Apple Inc. All rights reserved.
316670eb A	8	*
	9	*/
	10
	11	#ifndef _CORECRYPTO_CC_H_
	12	#define _CORECRYPTO_CC_H_
	13
	14	#include <corecrypto/cc_config.h>
d9a64523	15	#include <corecrypto/cc_error.h>
316670eb A	16	#include <string.h>
	17	#include <stdint.h>
	18
d9a64523 A	19	/* Provide a general purpose macro concat method. */
	20	#define cc_concat_(a, b) a##b
	21	#define cc_concat(a, b) cc_concat_(a, b)
	22
3e170ce0 A	23	/* Manage asserts here because a few functions in header public files do use asserts */
3e170ce0 A	24	#define cc_assert(x) assert(x)
fe8ab488	25	#if CC_KERNEL
316670eb	26	#include <kern/assert.h>
3e170ce0 A	27	#elif CC_USE_S3
3e170ce0 A	28	#define assert(args) // No assert in S3
316670eb A	29	#else
	30	#include <assert.h>
	31	#endif
	32
d9a64523 A	33	/* Provide a static assert that can be used to create compile-type failures. */
	34	#define cc_static_assert(e,m) \
	35	;enum { cc_concat(static_assert_, __COUNTER__) = 1/(int)(!!(e)) }
	36
316670eb A	37	/* Declare a struct element with a guarenteed alignment of _alignment_.
	38	The resulting struct can be used to create arrays that are aligned by
	39	a certain amount. */
	40	#define cc_aligned_struct(_alignment_) \
39037602 A	41	typedef struct { \
	42	uint8_t b[_alignment_]; \
	43	} CC_ALIGNED(_alignment_)
316670eb A	44
	45	/* number of array elements used in a cc_ctx_decl */
	46	#define cc_ctx_n(_type_, _size_) ((_size_ + sizeof(_type_) - 1) / sizeof(_type_))
	47
	48	/* sizeof of a context declared with cc_ctx_decl */
	49	#define cc_ctx_sizeof(_type_, _size_) sizeof(_type_[cc_ctx_n(_type_, _size_)])
	50
5ba3f43e A	51	/*
	52	1. _alloca cannot be removed becasue this header file is compiled with both MSVC++ and with clang.
	53	2. The _MSC_VER version of cc_ctx_decl() is not compatible with the way *_decl macros as used in CommonCrypto, AppleKeyStore and SecurityFrameworks. To observe the incompatibilities and errors, use below definition. Corecrypto itself, accepts both deinitions
	54	#define cc_ctx_decl(_type_, _size_, _name_) _type_ _name_ ## _array[cc_ctx_n(_type_, (_size_))]; _type_ *_name_ = _name_ ## _array
	55	3. Never use sizeof() operator for the variables declared with cc_ctx_decl(), because it is not be compatible with the _MSC_VER version of cc_ctx_decl().
	56	*/
39037602	57	#if defined(_MSC_VER)
5ba3f43e	58	#define cc_ctx_decl(_type_, _size_, _name_) _type_ * _name_ = (_type_ ) _alloca(sizeof(_type_) cc_ctx_n(_type_, _size_) )
fe8ab488	59	#else
5ba3f43e	60	#define cc_ctx_decl(_type_, _size_, _name_) _type_ _name_ [cc_ctx_n(_type_, _size_)]
fe8ab488	61	#endif
316670eb	62
39037602 A	63	/* bzero is deprecated. memset is the way to go */
	64	/* FWIW, L4, HEXAGON and ARMCC even with gnu compatibility mode don't have bzero */
	65	#define cc_zero(_size_,_data_) memset((_data_),0 ,(_size_))
	66
5ba3f43e A	67	/*!
	68	@brief cc_clear(len, dst) zeroizes array dst and it will not be optimized out.
	69	@discussion It is used to clear sensitive data, particularly when the are defined in the stack
	70	@param len number of bytes to be cleared in dst
	71	@param dst input array
	72	*/
d9a64523	73	CC_NONNULL((2))
3e170ce0	74	void cc_clear(size_t len, void *dst);
316670eb	75
fe8ab488	76	#define cc_copy(_size_, _dst_, _src_) memcpy(_dst_, _src_, _size_)
316670eb	77
d9a64523	78	CC_INLINE CC_NONNULL((2, 3, 4))
316670eb A	79	void cc_xor(size_t size, void r, const void s, const void *t) {
316670eb A	80	uint8_t _r=(uint8_t )r;
3e170ce0 A	81	const uint8_t _s=(const uint8_t )s;
3e170ce0 A	82	const uint8_t _t=(const uint8_t )t;
316670eb A	83	while (size--) {
	84	_r[size] = _s[size] ^ _t[size];
	85	}
	86	}
	87
39037602 A	88	/*!
	89	@brief cc_cmp_safe(num, pt1, pt2) compares two array ptr1 and ptr2 of num bytes.
	90	@discussion The execution time/cycles is independent of the data and therefore guarantees no leak about the data. However, the execution time depends on num.
	91	@param num number of bytes in each array
	92	@param ptr1 input array
	93	@param ptr2 input array
	94	@return returns 0 if the num bytes starting at ptr1 are identical to the num bytes starting at ptr2 and 1 if they are different or if num is 0 (empty arrays).
	95	*/
d9a64523	96	CC_NONNULL((2, 3))
3e170ce0 A	97	int cc_cmp_safe (size_t num, const void * ptr1, const void * ptr2);
3e170ce0 A	98
316670eb A	99	/* Exchange S and T of any type. NOTE: Both and S and T are evaluated
	100	mutliple times and MUST NOT be expressions. */
	101	#define CC_SWAP(S,T) do { \
	102	__typeof__(S) _cc_swap_tmp = S; S = T; T = _cc_swap_tmp; \
	103	} while(0)
	104
	105	/* Return the maximum value between S and T. */
	106	#define CC_MAX(S, T) ({__typeof__(S) _cc_max_s = S; __typeof__(T) _cc_max_t = T; _cc_max_s > _cc_max_t ? _cc_max_s : _cc_max_t;})
	107
	108	/* Return the minimum value between S and T. */
	109	#define CC_MIN(S, T) ({__typeof__(S) _cc_min_s = S; __typeof__(T) _cc_min_t = T; _cc_min_s <= _cc_min_t ? _cc_min_s : _cc_min_t;})
	110
	111	#endif /* _CORECRYPTO_CC_H_ */