2015-11-05 06:59:46 +00:00
|
|
|
// rdrand.h - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \file rdrand.h
|
|
|
|
/// \brief Classes for RDRAND and RDSEED
|
|
|
|
/// \since Crypto++ 5.6.3
|
2015-11-18 20:19:02 +00:00
|
|
|
|
2015-11-05 06:59:46 +00:00
|
|
|
#ifndef CRYPTOPP_RDRAND_H
|
|
|
|
#define CRYPTOPP_RDRAND_H
|
|
|
|
|
|
|
|
#include "cryptlib.h"
|
|
|
|
|
2017-05-09 19:13:11 +00:00
|
|
|
// This class file provides both RDRAND and RDSEED. They were added at
|
2017-03-07 08:57:23 +00:00
|
|
|
// Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64}
|
2017-05-09 19:13:11 +00:00
|
|
|
// to select an implementation or "throw NotImplemented". At runtime the
|
|
|
|
// constructor will throw RDRAND_Err or RDSEED_Err if a generator is
|
|
|
|
// is not available.
|
2017-03-07 08:57:23 +00:00
|
|
|
// The original classes accepted a retry count. Retries were superflous for
|
|
|
|
// RDRAND, and RDSEED encountered a failure about 1 in 256 bytes depending
|
2017-03-07 15:01:26 +00:00
|
|
|
// on the processor. Retries were removed at Crypto++ 6.0 because
|
|
|
|
// GenerateBlock unconditionally retries and always fulfills the request.
|
2015-11-18 20:19:02 +00:00
|
|
|
|
2017-03-07 08:57:23 +00:00
|
|
|
// Throughput varies wildly depending on processor and manufacturer. A Core i5 or
|
2018-11-27 07:54:26 +00:00
|
|
|
// Core i7 RDRAND can generate at over 200 MiB/s. It is below the theroetical
|
|
|
|
// maximum, but it takes about 5 instructions to generate, retry and store a
|
2017-03-07 15:01:26 +00:00
|
|
|
// result. A low-end Celeron may perform RDRAND at about 7 MiB/s. RDSEED
|
|
|
|
// performs at about 1/4 to 1/2 the rate of RDRAND. AMD RDRAND performed poorly
|
|
|
|
// during testing with Athlon X4 845. The Bulldozer v4 only performed at 1 MiB/s.
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
// Microsoft added RDRAND in August 2012, VS2012; RDSEED in October 2013, VS2013.
|
2017-05-09 19:13:11 +00:00
|
|
|
// GCC added RDRAND in December 2010, GCC 4.6. LLVM added RDRAND in July 2012,
|
|
|
|
// Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1.
|
2015-11-05 06:59:46 +00:00
|
|
|
|
|
|
|
NAMESPACE_BEGIN(CryptoPP)
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Exception thrown when a RDRAND generator encounters
|
|
|
|
/// a generator related error.
|
|
|
|
/// \since Crypto++ 5.6.3
|
2015-11-05 06:59:46 +00:00
|
|
|
class RDRAND_Err : public Exception
|
|
|
|
{
|
|
|
|
public:
|
2017-03-07 08:57:23 +00:00
|
|
|
RDRAND_Err(const std::string &operation)
|
|
|
|
: Exception(OTHER_ERROR, "RDRAND: " + operation + " operation failed") {}
|
2015-11-05 06:59:46 +00:00
|
|
|
};
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Hardware generated random numbers using RDRAND instruction
|
|
|
|
/// \sa MaurerRandomnessTest() for random bit generators
|
|
|
|
/// \since Crypto++ 5.6.3
|
2015-11-18 20:19:02 +00:00
|
|
|
class RDRAND : public RandomNumberGenerator
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
|
|
|
public:
|
2017-03-07 08:57:23 +00:00
|
|
|
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "RDRAND"; }
|
|
|
|
|
|
|
|
virtual ~RDRAND() {}
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Construct a RDRAND generator
|
|
|
|
/// \details According to DJ of Intel, the Intel RDRAND circuit does not underflow.
|
|
|
|
/// If it did hypothetically underflow, then it would return 0 for the random value.
|
|
|
|
/// AMD's RDRAND implementation appears to provide the same behavior.
|
|
|
|
/// \throws RDRAND_Err if the random number generator is not available
|
2017-05-09 17:20:53 +00:00
|
|
|
RDRAND();
|
2017-03-07 08:57:23 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Generate random array of bytes
|
|
|
|
/// \param output the byte buffer
|
|
|
|
/// \param size the length of the buffer, in bytes
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void GenerateBlock(byte *output, size_t size);
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Generate and discard n bytes
|
|
|
|
/// \param n the number of bytes to generate and discard
|
|
|
|
/// \details the RDSEED generator discards words, not bytes. If n is
|
|
|
|
/// not a multiple of a machine word, then it is rounded up to
|
|
|
|
/// that size.
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void DiscardBytes(size_t n);
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Update RNG state with additional unpredictable values
|
|
|
|
/// \param input unused
|
|
|
|
/// \param length unused
|
|
|
|
/// \details The operation is a nop for this generator.
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void IncorporateEntropy(const byte *input, size_t length)
|
|
|
|
{
|
|
|
|
// Override to avoid the base class' throw.
|
|
|
|
CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length);
|
|
|
|
}
|
2018-07-06 13:23:37 +00:00
|
|
|
|
2018-07-08 01:34:00 +00:00
|
|
|
std::string AlgorithmProvider() const {
|
|
|
|
return "RDRAND";
|
|
|
|
}
|
2015-11-05 06:59:46 +00:00
|
|
|
};
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Exception thrown when a RDSEED generator encounters
|
|
|
|
/// a generator related error.
|
|
|
|
/// \since Crypto++ 5.6.3
|
2015-11-05 06:59:46 +00:00
|
|
|
class RDSEED_Err : public Exception
|
|
|
|
{
|
|
|
|
public:
|
2017-03-07 08:57:23 +00:00
|
|
|
RDSEED_Err(const std::string &operation)
|
|
|
|
: Exception(OTHER_ERROR, "RDSEED: " + operation + " operation failed") {}
|
2015-11-05 06:59:46 +00:00
|
|
|
};
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Hardware generated random numbers using RDSEED instruction
|
|
|
|
/// \sa MaurerRandomnessTest() for random bit generators
|
|
|
|
/// \since Crypto++ 5.6.3
|
2015-11-18 20:19:02 +00:00
|
|
|
class RDSEED : public RandomNumberGenerator
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
|
|
|
public:
|
2017-03-07 08:57:23 +00:00
|
|
|
CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "RDSEED"; }
|
|
|
|
|
|
|
|
virtual ~RDSEED() {}
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Construct a RDSEED generator
|
|
|
|
/// \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails
|
|
|
|
/// to fulfill requests at about once every for every 256 bytes requested.
|
|
|
|
/// The generator runs about 4 times slower than RDRAND.
|
|
|
|
/// \throws RDSEED_Err if the random number generator is not available
|
2017-05-09 17:20:53 +00:00
|
|
|
RDSEED();
|
2017-03-07 08:57:23 +00:00
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Generate random array of bytes
|
|
|
|
/// \param output the byte buffer
|
|
|
|
/// \param size the length of the buffer, in bytes
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void GenerateBlock(byte *output, size_t size);
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Generate and discard n bytes
|
|
|
|
/// \param n the number of bytes to generate and discard
|
|
|
|
/// \details the RDSEED generator discards words, not bytes. If n is
|
|
|
|
/// not a multiple of a machine word, then it is rounded up to
|
|
|
|
/// that size.
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void DiscardBytes(size_t n);
|
|
|
|
|
2017-11-29 15:54:33 +00:00
|
|
|
/// \brief Update RNG state with additional unpredictable values
|
|
|
|
/// \param input unused
|
|
|
|
/// \param length unused
|
|
|
|
/// \details The operation is a nop for this generator.
|
2017-03-07 08:57:23 +00:00
|
|
|
virtual void IncorporateEntropy(const byte *input, size_t length)
|
|
|
|
{
|
|
|
|
// Override to avoid the base class' throw.
|
|
|
|
CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length);
|
|
|
|
}
|
2018-07-06 13:23:37 +00:00
|
|
|
|
2018-07-08 01:34:00 +00:00
|
|
|
std::string AlgorithmProvider() const {
|
|
|
|
return "RDSEED";
|
|
|
|
}
|
2015-11-05 06:59:46 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
NAMESPACE_END
|
|
|
|
|
|
|
|
#endif // CRYPTOPP_RDRAND_H
|