/root/bitcoin/src/support/allocators/secure.h

Source (jump to first uncovered line)
// Copyright (c) 2009-2010 Satoshi Nakamoto
// Copyright (c) 2009-present The Bitcoin Core developers
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#ifndef BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
#define BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

#include <support/lockedpool.h>
#include <support/cleanse.h>

#include <memory>
#include <string>

//
// Allocator that locks its contents from being paged
// out of memory and clears its contents before deletion.
//
template <typename T>
struct secure_allocator {
    using value_type = T;

    secure_allocator() = default;
    template <typename U>
    secure_allocator(const secure_allocator<U>&) noexcept {}

    T* allocate(std::size_t n)
    {
        T* allocation = static_cast<T*>(LockedPoolManager::Instance().alloc(sizeof(T) * n));
        if (!allocation) {
            throw std::bad_alloc();
        }
        return allocation;
    }

    void deallocate(T* p, std::size_t n)
    {
        if (p != nullptr) {
            memory_cleanse(p, sizeof(T) * n);
        }
        LockedPoolManager::Instance().free(p);
    }

    template <typename U>
    friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept
    {
        return true;
    }
    template <typename U>
    friend bool operator!=(const secure_allocator&, const secure_allocator<U>&) noexcept
    {
        return false;
    }
};

// This is exactly like std::string, but with a custom allocator.
// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well
typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;

template<typename T>
struct SecureUniqueDeleter {
    void operator()(T* t) noexcept {
        secure_allocator<T>().deallocate(t, 1);
    }
};

template<typename T>
using secure_unique_ptr = std::unique_ptr<T, SecureUniqueDeleter<T>>;

template<typename T, typename... Args>
secure_unique_ptr<T> make_secure_unique(Args&&... as)
{
    T* p = secure_allocator<T>().allocate(1);

    // initialize in place, and return as secure_unique_ptr
    try {
        return secure_unique_ptr<T>(new (p) T(std::forward<Args>(as)...));
    } catch (...) {
        secure_allocator<T>().deallocate(p, 1);
        throw;
    }
}

#endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

Line	Count	Source (jump to first uncovered line)
1		// Copyright (c) 2009-2010 Satoshi Nakamoto
2		// Copyright (c) 2009-present The Bitcoin Core developers
3		// Distributed under the MIT software license, see the accompanying
4		// file COPYING or http://www.opensource.org/licenses/mit-license.php.
5
6		#ifndef BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
7		#define BITCOIN_SUPPORT_ALLOCATORS_SECURE_H
8
9		#include <support/lockedpool.h>
10		#include <support/cleanse.h>
11
12		#include <memory>
13		#include <string>
14
15		//
16		// Allocator that locks its contents from being paged
17		// out of memory and clears its contents before deletion.
18		//
19		template <typename T>
20		struct secure_allocator {
21		using value_type = T;
22
23		secure_allocator() = default;
24		template <typename U>
25		secure_allocator(const secure_allocator<U>&) noexcept {}
26
27		T* allocate(std::size_t n)
28	0	{
29	0	T* allocation = static_cast<T>(LockedPoolManager::Instance().alloc(sizeof(T) n));
30	0	if (!allocation) { Branch (30:13): [True: 0, False: 0] Branch (30:13): [True: 0, False: 0] Branch (30:13): [True: 0, False: 0] Branch (30:13): [True: 0, False: 0] Branch (30:13): [True: 0, False: 0]
31	0	throw std::bad_alloc();
32	0	}
33	0	return allocation;
34	0	} Unexecuted instantiation: secure_allocator<std::array<unsigned char, 32ul> >::allocate(unsigned long) Unexecuted instantiation: secure_allocator<std::array<unsigned char, 96ul> >::allocate(unsigned long) Unexecuted instantiation: secure_allocator<unsigned char>::allocate(unsigned long) Unexecuted instantiation: secure_allocator<char>::allocate(unsigned long) Unexecuted instantiation: random.cpp:secure_allocator<(anonymous namespace)::RNGState>::allocate(unsigned long)
35
36		void deallocate(T* p, std::size_t n)
37	0	{
38	0	if (p != nullptr) { Branch (38:13): [True: 0, False: 0] Branch (38:13): [True: 0, False: 0] Branch (38:13): [True: 0, False: 0] Branch (38:13): [True: 0, False: 0] Branch (38:13): [True: 0, False: 0]
39	0	memory_cleanse(p, sizeof(T) * n);
40	0	}
41	0	LockedPoolManager::Instance().free(p);
42	0	} Unexecuted instantiation: secure_allocator<std::array<unsigned char, 32ul> >::deallocate(std::array<unsigned char, 32ul>, unsigned long) Unexecuted instantiation: secure_allocator<std::array<unsigned char, 96ul> >::deallocate(std::array<unsigned char, 96ul>, unsigned long) Unexecuted instantiation: secure_allocator<unsigned char>::deallocate(unsigned char, unsigned long) Unexecuted instantiation: secure_allocator<char>::deallocate(char, unsigned long) Unexecuted instantiation: random.cpp:secure_allocator<(anonymous namespace)::RNGState>::deallocate((anonymous namespace)::RNGState*, unsigned long)
43
44		template <typename U>
45		friend bool operator==(const secure_allocator&, const secure_allocator<U>&) noexcept
46		{
47		return true;
48		}
49		template <typename U>
50		friend bool operator!=(const secure_allocator&, const secure_allocator<U>&) noexcept
51	0	{
52	0	return false;
53	0	} Unexecuted instantiation: bool operator!=<unsigned char>(secure_allocator<unsigned char> const&, secure_allocator<unsigned char> const&) Unexecuted instantiation: bool operator!=<char>(secure_allocator<char> const&, secure_allocator<char> const&)
54		};
55
56		// This is exactly like std::string, but with a custom allocator.
57		// TODO: Consider finding a way to make incoming RPC request.params[i] mlock()ed as well
58		typedef std::basic_string<char, std::char_traits<char>, secure_allocator<char> > SecureString;
59
60		template<typename T>
61		struct SecureUniqueDeleter {
62	0	void operator()(T* t) noexcept {
63	0	secure_allocator<T>().deallocate(t, 1);
64	0	} Unexecuted instantiation: SecureUniqueDeleter<std::array<unsigned char, 32ul> >::operator()(std::array<unsigned char, 32ul>) Unexecuted instantiation: SecureUniqueDeleter<std::array<unsigned char, 96ul> >::operator()(std::array<unsigned char, 96ul>)
65		};
66
67		template<typename T>
68		using secure_unique_ptr = std::unique_ptr<T, SecureUniqueDeleter<T>>;
69
70		template<typename T, typename... Args>
71		secure_unique_ptr<T> make_secure_unique(Args&&... as)
72	0	{
73	0	T* p = secure_allocator<T>().allocate(1);
74
75		// initialize in place, and return as secure_unique_ptr
76	0	try {
77	0	return secure_unique_ptr<T>(new (p) T(std::forward<Args>(as)...));
78	0	} catch (...) {
79	0	secure_allocator<T>().deallocate(p, 1);
80	0	throw;
81	0	}
82	0	} Unexecuted instantiation: std::unique_ptr<std::array<unsigned char, 32ul>, SecureUniqueDeleter<std::array<unsigned char, 32ul> > > make_secure_unique<std::array<unsigned char, 32ul>>() Unexecuted instantiation: std::unique_ptr<std::array<unsigned char, 96ul>, SecureUniqueDeleter<std::array<unsigned char, 96ul> > > make_secure_unique<std::array<unsigned char, 96ul>>()
83
84		#endif // BITCOIN_SUPPORT_ALLOCATORS_SECURE_H

Coverage Report

Created: 2025-03-18 19:28