Move DiceClearMemory() declaration to own header
Refactor the header structure so that the function can be declared
without needing to specificy a particular configuration, which was
previously required (yet unnecessary) due to the include path:
src/clear_memory.c <-- dice/ops.h <-- dice/config.h
This allows DiceClearMemory() to be compiled irrespective of the
configuration included, if any.
Bug: 357008987
Change-Id: I2391d9db7171af1e3672be64b3357dc0d1ef38f4
Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/250053
Commit-Queue: Pierre-Clément Tosi <ptosi@google.com>
Pigweed-Auto-Submit: Pierre-Clément Tosi <ptosi@google.com>
Reviewed-by: Alice Wang <aliceywang@google.com>
Lint: Lint 🤖 <android-build-ayeaye@system.gserviceaccount.com>
Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Andrew Scull <ascull@google.com>
diff --git a/include/dice/ops.h b/include/dice/ops.h
index 1cde417..99fb41d 100644
--- a/include/dice/ops.h
+++ b/include/dice/ops.h
@@ -17,6 +17,7 @@
#include <dice/config.h>
#include <dice/dice.h>
+#include <dice/ops/clear_memory.h>
// These are the set of functions that implement various operations that the
// main DICE functions depend on. They are provided as part of an integration
@@ -80,14 +81,6 @@
const DiceInputValues* input_values, size_t certificate_buffer_size,
uint8_t* certificate, size_t* certificate_actual_size);
-// Securely clears |size| bytes at |address|. This project contains a basic
-// implementation. OPENSSL_cleanse from boringssl, SecureZeroMemory from
-// Windows and memset_s from C11 could also be used as an implementation but a
-// particular target platform or toolchain may have a better implementation
-// available that can be plugged in here. Care may be needed to ensure sensitive
-// data does not leak due to features such as caches.
-void DiceClearMemory(void* context, size_t size, void* address);
-
#ifdef __cplusplus
} // extern "C"
#endif
diff --git a/include/dice/ops/clear_memory.h b/include/dice/ops/clear_memory.h
new file mode 100644
index 0000000..7229586
--- /dev/null
+++ b/include/dice/ops/clear_memory.h
@@ -0,0 +1,36 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#ifndef DICE_OPS_CLEAR_MEMORY_H_
+#define DICE_OPS_CLEAR_MEMORY_H_
+
+#include <stddef.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+// Securely clears |size| bytes at |address|. This project contains a basic
+// implementation. OPENSSL_cleanse from boringssl, SecureZeroMemory from
+// Windows and memset_s from C11 could also be used as an implementation but a
+// particular target platform or toolchain may have a better implementation
+// available that can be plugged in here. Care may be needed to ensure sensitive
+// data does not leak due to features such as caches.
+void DiceClearMemory(void* context, size_t size, void* address);
+
+#ifdef __cplusplus
+} // extern "C"
+#endif
+
+#endif // DICE_OPS_CLEAR_MEMORY_H_
diff --git a/src/clear_memory.c b/src/clear_memory.c
index d8f5ca6..405793c 100644
--- a/src/clear_memory.c
+++ b/src/clear_memory.c
@@ -17,9 +17,9 @@
// volatile data pointer. Attention has not been given to performance, clearing
// caches or other potential side channels.
-#include <stdint.h>
+#include "dice/ops/clear_memory.h"
-#include "dice/ops.h"
+#include <stdint.h>
void DiceClearMemory(void* context, size_t size, void* address) {
(void)context;
