メモリ保護関数を共通ヘッダーに統一
重複コードの解消: - src/se050_scp03.c と src/se050_keystore.c に同じコードが 2 重に定義されていた - 共通ヘッダー include/se050_mem_protect.h を作成 - 両方のソースファイルから重複コードを削除し、ヘッダーをインクルード 変更内容: - new: include/se050_mem_protect.h - 共通メモリ保護ユーティリティ - modified: src/se050_scp03.c - 重複コード削除、ヘッダーインクルード - modified: src/se050_keystore.c - 重複コード削除、ヘッダーインクルード メリット: - コードの重複解消(DRY 原則) - 保守性向上(1 か所の修正で全適用) - ヘッダーファイルとして再利用可能
This commit is contained in:
km
+1
-55
@@ -18,61 +18,7 @@
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
||||
/* Linux memory protection */
|
||||
#ifdef __linux__
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
|
||||
/* ============================================================================
|
||||
* Memory Protection (Linux-specific)
|
||||
* ============================================================================ */
|
||||
|
||||
/**
|
||||
* @brief Protect sensitive memory from being swapped or dumped
|
||||
*/
|
||||
#ifdef __linux__
|
||||
static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
|
||||
{
|
||||
/* 1. Prevent swapping to disk (optional - may fail due to permissions) */
|
||||
if (mlock(ptr, size) != 0) {
|
||||
/* mlock may fail due to ulimit restrictions. Log warning but continue. */
|
||||
fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
|
||||
/* Continue without mlock - better than failing entirely */
|
||||
}
|
||||
|
||||
/* 2. Exclude from core dumps */
|
||||
if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
|
||||
perror("madvise MADV_DONTDUMP failed");
|
||||
/* Non-fatal, continue */
|
||||
}
|
||||
|
||||
/* 3. Clear in child processes after fork() */
|
||||
if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
|
||||
perror("madvise MADV_WIPEONFORK failed");
|
||||
/* Non-fatal, continue */
|
||||
}
|
||||
|
||||
return SE050_OK;
|
||||
}
|
||||
|
||||
static void release_memory_protection(void *ptr, size_t size)
|
||||
{
|
||||
munlock(ptr, size);
|
||||
}
|
||||
#else
|
||||
static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
|
||||
{
|
||||
(void)ptr;
|
||||
(void)size;
|
||||
return SE050_OK;
|
||||
}
|
||||
|
||||
static void release_memory_protection(void *ptr, size_t size)
|
||||
{
|
||||
(void)ptr;
|
||||
(void)size;
|
||||
}
|
||||
#endif
|
||||
#include "se050_mem_protect.h"
|
||||
|
||||
/* ============================================================================
|
||||
* Key Store Management
|
||||
|
||||
Binary file not shown.
+1
-67
@@ -12,15 +12,10 @@
|
||||
|
||||
#include "se050_wireguard.h"
|
||||
#include "se050_crypto_utils.h"
|
||||
#include "se050_mem_protect.h"
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <errno.h>
|
||||
|
||||
/* Linux memory protection */
|
||||
#ifdef __linux__
|
||||
#include <sys/mman.h>
|
||||
#endif
|
||||
|
||||
/* SCP03 constants */
|
||||
#define SCP03_KEY_SIZE 16
|
||||
@@ -33,67 +28,6 @@
|
||||
#define SCP03_SW_SUCCESS 0x9000
|
||||
#define SCP03_SW_FAIL 0x6F00
|
||||
|
||||
/* ============================================================================
|
||||
* Memory Protection (Linux-specific)
|
||||
* ============================================================================ */
|
||||
|
||||
/**
|
||||
* @brief Protect sensitive memory from being swapped or dumped
|
||||
*
|
||||
* Applies multiple security measures:
|
||||
* - mlock(): Prevent swapping to disk
|
||||
* - MADV_DONTDUMP: Exclude from core dumps
|
||||
* - MADV_WIPEONFORK: Clear in child processes after fork()
|
||||
*/
|
||||
#ifdef __linux__
|
||||
static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
|
||||
{
|
||||
/* 1. Prevent swapping to disk (optional - may fail due to permissions) */
|
||||
if (mlock(ptr, size) != 0) {
|
||||
/* mlock may fail due to ulimit restrictions. Log warning but continue. */
|
||||
fprintf(stderr, "Warning: mlock failed (%s). Memory may be swapped.\n", strerror(errno));
|
||||
/* Continue without mlock - better than failing entirely */
|
||||
}
|
||||
|
||||
/* 2. Exclude from core dumps */
|
||||
if (madvise(ptr, size, MADV_DONTDUMP) != 0) {
|
||||
perror("madvise MADV_DONTDUMP failed");
|
||||
/* Non-fatal, continue */
|
||||
}
|
||||
|
||||
/* 3. Clear in child processes after fork() */
|
||||
if (madvise(ptr, size, MADV_WIPEONFORK) != 0) {
|
||||
perror("madvise MADV_WIPEONFORK failed");
|
||||
/* Non-fatal, continue */
|
||||
}
|
||||
|
||||
return SE050_OK;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Release memory protection before freeing
|
||||
*/
|
||||
static void release_memory_protection(void *ptr, size_t size)
|
||||
{
|
||||
/* Must unlock before freeing */
|
||||
munlock(ptr, size);
|
||||
}
|
||||
#else
|
||||
/* Non-Linux platforms: no special protection */
|
||||
static se050_status_t protect_sensitive_memory(void *ptr, size_t size)
|
||||
{
|
||||
(void)ptr;
|
||||
(void)size;
|
||||
return SE050_OK;
|
||||
}
|
||||
|
||||
static void release_memory_protection(void *ptr, size_t size)
|
||||
{
|
||||
(void)ptr;
|
||||
(void)size;
|
||||
}
|
||||
#endif
|
||||
|
||||
/**
|
||||
* @brief SCP03 session context structure
|
||||
*/
|
||||
|
||||
Binary file not shown.
Reference in New Issue
Block a user