const_buffer.hHeader

Definition and implementation of the const_buffer class within the libantispy namespace for securely storing and managing encrypted buffers. More...

Defines

Type	Name
	ANTISPY_CONST_BUFFER
	ANTISPY_OBFUSCATED_BUFFER

Detailed Description

The const_buffer.h const_buffer.h file contains the definition and implementation of the const_buffer class template, along with related macros for creating and managing compile-time encrypted buffers. This file is a crucial part of the antispy SDK library, designed to provide secure storage and handling of sensitive string data in a compile-time encrypted format. The const_buffer class is particularly useful in scenarios where strings or other character-based data need to be protected from tampering, inspection, or reverse engineering.

Key Features:

Compile-Time Encryption :
- The const_buffer class template encrypts data at compile-time, ensuring that the original content is never exposed in plain text within the application code or binary. This encryption process is highly secure, leveraging both compile-time and runtime obfuscation techniques.
Data Security and Integrity :
- The encrypted data is stored securely within the const_buffer object, with a compile-time hash provided for integrity checks. The hash allows for quick comparisons and identification of the buffer's content.
- The const_buffer class ensures that the data remains immutable and secure throughout its lifecycle, making it ideal for protecting sensitive information.
Flexible Access Methods :
- The const_buffer class provides multiple ways to access the encrypted data, including raw pointers to the encrypted content and a conversion operator to std::string for decrypted access. This flexibility makes the class suitable for various use cases where different levels of access control are needed.
Macros for Simplified Use :
- The file includes macros such as ANTISPY_CONST_BUFFER and ANTISPY_OBFUSCATED_BUFFER to simplify the creation of compile-time encrypted buffers. These macros automate the process of encrypting and obfuscating data, making it easier for developers to securely manage sensitive strings in their applications.
- The ANTISPY_OBFUSCATED_BUFFER macro, in particular, adds an additional layer of security through lazy initialization and randomized execution paths, making it harder for attackers to predict or tamper with the buffer's content.

Example Usage:

#include <antispy/libantispy.h>

int main() {
   // Create a compile-time encrypted buffer for a sensitive string
   constexpr auto encrypted_buffer = ANTISPY_OBFUSCATED_BUFFER("SensitiveData", 13);

   // Access the decrypted data
   std::string decrypted_data = encrypted_buffer;
}

This example demonstrates how to create a const_buffer object that securely stores the encrypted version of the string "SensitiveData". The encrypted data can be accessed and decrypted when needed.

Security Considerations:

The const_buffer class and related macros are designed with security as a top priority. By encrypting data at compile-time and providing runtime obfuscation, the file ensures that sensitive information is protected against unauthorized access, tampering, and reverse engineering. Developers should leverage these tools to safeguard critical data in their applications, particularly in environments where security is paramount.

Key Components:

const_buffer Class :
- The const_buffer class template is the core component of the file, providing secure storage and management of encrypted buffers. It includes methods for encrypting data, retrieving the encrypted content, and performing integrity checks through hash values.
make_const_buffer Function :
- The make_const_buffer function template is a factory function that simplifies the creation of const_buffer objects. It takes a string, encrypts it at compile-time, and returns a const_buffer instance containing the encrypted data.
ANTISPY_CONST_BUFFER Macro :
- The ANTISPY_CONST_BUFFER macro provides a convenient way to create compile-time encrypted buffers using the make_const_buffer function. It automatically handles the encryption key and hash generation, making it easy to securely store sensitive strings.
ANTISPY_OBFUSCATED_BUFFER Macro :
- The ANTISPY_OBFUSCATED_BUFFER macro builds upon ANTISPY_CONST_BUFFER , adding lazy initialization and obfuscation features to further enhance the security of the encrypted buffer. It is intended for use in scenarios where maximum protection against static analysis and reverse engineering is required.

Dependencies:

buffer_common.h :
- The file depends on buffer_common.h for common buffer utilities and definitions used across the antispy SDK library.

buffer.h : Contains the definition of the buffer class, which complements const_buffer by providing dynamic encrypted buffer management with runtime encryption and decryption.

Conclusion:

The const_buffer.h file is a critical component of the antispy SDK library, offering robust tools for securely managing compile-time encrypted buffers. Through its combination of secure data storage, integrity checks, and flexible access methods, it provides a powerful solution for protecting sensitive information in a wide range of applications.

Defines

ANTISPY_CONST_BUFFER

Macro to create a compile-time encrypted constant buffer.

Detailed Description

The ANTISPY_CONST_BUFFER macro simplifies the process of creating a const_buffer object by automatically generating a compile-time encrypted buffer from a given string literal. This macro leverages the make_const_buffer function to perform encryption at compile-time, ensuring that the original string content is securely stored and not exposed in plain text within the application code or binary.

Parameters

s: The string literal to be encrypted. This string is expected to be a null-terminated C-string.
size: The size of the buffer, representing the number of characters in the string s . This is a compile-time constant and must match the length of the string s .

Returns

A const_buffer object containing the encrypted version of the provided string s .

This macro uses the ANTISPY_STRING_SEED and ANTISPY_FNV1A macros to generate the encryption key and hash, respectively:

ANTISPY_STRING_SEED is a predefined constant that serves as the encryption key. This key is used consistently across the application to ensure uniform encryption.
ANTISPY_FNV1A(s) computes a hash of the string s using the FNV-1a hashing algorithm. This hash value uniquely identifies the buffer and can be used for integrity checks or identification purposes.

The encryption process is applied at compile-time, ensuring that the original string content is never exposed in plain text within the compiled binary.

Example Usage:

#include <antispy/libantispy.h>

int main() {
   constexpr auto encrypted_buffer = ANTISPY_CONST_BUFFER("SensitiveData", 13);
}

In this example, the string "SensitiveData" is encrypted at compile-time using the ANTISPY_STRING_SEED as the key and the ANTISPY_FNV1A hash of the string as the buffer identifier. The resulting encrypted buffer is stored in the encrypted_buffer object.

The const_buffer object can be used to retrieve the encrypted string as a std::string or as raw data.

Encryption Key : The encryption key is derived from ANTISPY_STRING_SEED , a constant that should be defined in the application. This key is used to perform the XOR-based encryption on the string.
Hashing : The ANTISPY_FNV1A macro computes a unique hash for the string s using the FNV-1a hashing algorithm. This hash is used as the identifier for the buffer and may also serve as a quick check for the buffer's integrity.
Compile-Time Operation : Both the encryption and hashing operations are performed at compile-time, which means that the resulting const_buffer object is both secure and efficient, with no runtime overhead.

Implementation Notes :

The ANTISPY_CONST_BUFFER macro encapsulates the call to make_const_buffer , ensuring that the user does not need to manually specify the encryption key or hash. Instead, these are automatically derived from the string seed and FNV-1a hash.
This macro is intended to be used with string literals and compile-time constant sizes. It ensures that sensitive string data is protected within the application.

ANTISPY_OBFUSCATED_BUFFER

Macro to create a lazily-initialized, compile-time encrypted buffer with obfuscation.

Detailed Description

The ANTISPY_OBFUSCATED_BUFFER macro generates a lazily-initialized, compile-time encrypted buffer that is further obfuscated to enhance security. This macro leverages the ANTISPY_CONST_BUFFER macro to create the encrypted buffer and introduces additional layers of obfuscation during the initialization process.

The macro returns a reference to a statically allocated, encrypted buffer that is only fully initialized if certain conditions are met, providing an extra layer of security against reverse engineering and static analysis.

Parameters

s: The string literal to be encrypted. This string is expected to be a null-terminated C-string.
size: The size of the buffer, representing the number of characters in the string s . This is a compile-time constant and must match the length of the string s .

Returns

A reference to a const_buffer object containing the encrypted and obfuscated version of the provided string s .

This macro uses several mechanisms to obfuscate and secure the encrypted buffer:

Random Data Initialization : The macro defines static random data before and after the buffer declaration using ANTISPY_CONST_DATA_RANDOMIZER . This random data is used to further obscure the memory layout.
Lazy Initialization : The buffer is not fully initialized until the macro detects that the hash of the buffer is zero. This lazy initialization adds complexity, making it more difficult for an attacker to predict or tamper with the buffer's content.
Randomized Execution Paths : Depending on the value of the first byte in the raw data of the buffer, one of three initialization paths is randomly executed. This adds another layer of obfuscation, making it harder for attackers to determine the initialization process.

Implementation Steps :

Random Data Initialization : The macro first introduces a random data section before the buffer initialization using ANTISPY_CONST_DATA_RANDOMIZER(a) .
Buffer Encryption : The macro then uses ANTISPY_CONST_BUFFER to create a compile-time encrypted buffer t using the string s .
Post Random Data Initialization : After the buffer t is defined, another random data section is introduced using ANTISPY_CONST_DATA_RANDOMIZER(b) .
Hash Check for Lazy Initialization : The macro checks if the buffer's hash value is zero. If the hash is zero, it triggers the initialization process.
Randomized Initialization Path :
The first byte of the buffer's raw data is used to determine which of the three initialization paths to execute.
Based on the modulo operation (*(t.raw_data()))[0] % 3 , one of the following happens:
- Path 0 : The random data section a is initialized.
- Path 1 : The random data section b is initialized.
- Default Path : The buffer t itself is initialized.
Return Reference : Finally, the macro returns a reference to the encrypted buffer t .

Obfuscation and Security :

The macro heavily obfuscates the initialization process by introducing multiple random data sections and executing one of several possible initialization paths based on the contents of the encrypted buffer.
The lazy initialization mechanism delays the actual buffer initialization until absolutely necessary, further complicating static analysis and making the buffer more resilient to reverse engineering attempts.
The use of random data sections ensures that the memory layout of the buffer is unpredictable, adding a layer of security against memory-based attacks.

Example Usage :

#include <antispy/libantispy.h>

int main() {
   auto obfuscated_buffer = ANTISPY_OBFUSCATED_BUFFER("SensitiveData", 13);
}

In this example, the string "SensitiveData" is encrypted and obfuscated at compile-time using the ANTISPY_CONST_BUFFER mechanism. The resulting obfuscated_buffer is lazily initialized and secured through randomized execution paths, ensuring that the sensitive data is well-protected.

Usage Considerations :

This macro should be used for highly sensitive strings that require additional protection against static analysis and reverse engineering.
Due to the complexity introduced by the obfuscation mechanisms, this macro may have a slight performance overhead compared to using a simple ANTISPY_CONST_BUFFER . It is recommended for use in scenarios where security is a top priority.

Related Macros :

ANTISPY_CONST_BUFFER : This macro is used internally by ANTISPY_OBFUSCATED_BUFFER to create the compile-time encrypted buffer. It may also be used independently for cases where lazy initialization and additional obfuscation are not required.

const_buffer.hHeader

Defines

Detailed Description

Key Features:

Example Usage:

Security Considerations:

Key Components:

Dependencies:

Related Files:

Conclusion:

ANTISPY_CONST_BUFFER

Detailed Description

Example Usage:

ANTISPY_OBFUSCATED_BUFFER

Detailed Description