se050-wireguard/include/se050_crypto_utils.h

/**
 * @file se050_crypto_utils.h
 * @brief Cryptographic utility functions
 * 
 * Constant-time memory operations for security-critical code.
 * 
 * License: MIT (Clean-room implementation)
 */

#ifndef SE050_CRYPTO_UTILS_H
#define SE050_CRYPTO_UTILS_H

#include <stdint.h>
#include <stddef.h>

#ifdef __linux__
/* Linux kernel-style definitions */
#include <linux/types.h>

/* Constant-time memory comparison */
static inline int crypto_memneq(const void *a, const void *b, size_t len)
{
    const volatile uint8_t *pa = (const volatile uint8_t *)a;
    const volatile uint8_t *pb = (const volatile uint8_t *)b;
    volatile uint8_t result = 0;
    size_t i;
    
    for (i = 0; i < len; i++) {
        result |= pa[i] ^ pb[i];
    }
    
    return result;
}

/* Constant-time memory zeroing */
static inline void memzero_explicit(void *s, size_t count)
{
    volatile uint8_t *p = (volatile uint8_t *)s;
    
    while (count--) {
        *p++ = 0;
    }
    
    /* Prevent compiler from optimizing out the zeroing */
    __asm__ __volatile__("":::"memory");
}

#else
/* Non-Linux implementations */

/**
 * @brief Constant-time memory comparison
 * @param a First memory area
 * @param b Second memory area
 * @param len Number of bytes to compare
 * @return 0 if equal, non-zero otherwise
 * 
 * This function runs in constant time to prevent timing attacks.
 */
static inline int crypto_memneq(const void *a, const void *b, size_t len)
{
    const volatile uint8_t *pa = (const volatile uint8_t *)a;
    const volatile uint8_t *pb = (const volatile uint8_t *)b;
    volatile uint8_t result = 0;
    size_t i;
    
    for (i = 0; i < len; i++) {
        result |= pa[i] ^ pb[i];
    }
    
    return result;
}

/**
 * @brief Constant-time memory zeroing
 * @param s Memory area to zero
 * @param count Number of bytes to zero
 * 
 * This function uses volatile to prevent compiler optimization.
 */
static inline void memzero_explicit(void *s, size_t count)
{
    volatile uint8_t *p = (volatile uint8_t *)s;
    
    while (count--) {
        *p++ = 0;
    }
}

/* Memory barrier for non-Linux platforms */
#ifndef barrier
#define barrier() do { __asm__ __volatile__("": : :"memory"); } while(0)
#endif

/* ssize_t definition for non-Linux platforms */
#ifndef _SSIZE_T_DEFINED
#define _SSIZE_T_DEFINED
#include <sys/types.h>
#endif

#endif /* __linux__ */

/* Additional security utilities */

/**
 * @brief Securely compare two buffers
 * @param a First buffer
 * @param b Second buffer
 * @param len Length of buffers
 * @return 0 if equal, -1 if different
 */
static inline int secure_memcmp(const void *a, const void *b, size_t len)
{
    return crypto_memneq(a, b, len) ? -1 : 0;
}

/**
 * @brief Securely copy memory with zeroing of destination first
 * @param dst Destination buffer
 * @param src Source buffer
 * @param len Number of bytes to copy
 */
static inline void secure_memcpy(void *dst, const void *src, size_t len)
{
    memzero_explicit(dst, len);
    __builtin_memcpy(dst, src, len);
}

#endif /* SE050_CRYPTO_UTILS_H */