2015-11-05 06:59:46 +00:00
|
|
|
// rdrand.cpp - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
|
|
|
|
|
|
|
|
#include "pch.h"
|
|
|
|
#include "config.h"
|
|
|
|
#include "cryptlib.h"
|
|
|
|
#include "secblock.h"
|
|
|
|
#include "rdrand.h"
|
|
|
|
#include "cpu.h"
|
|
|
|
|
2018-08-03 09:08:21 +00:00
|
|
|
// This file (and friends) provides both RDRAND and RDSEED. They were added
|
|
|
|
// at Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64}
|
|
|
|
// to select an implementation or throws "NotImplemented". Users of the
|
|
|
|
// classes should call HasRDRAND() or HasRDSEED() to determine if a
|
|
|
|
// generator is available at runtime.
|
2017-03-07 08:57:23 +00:00
|
|
|
// The original classes accepted a retry count. Retries were superflous for
|
|
|
|
// RDRAND, and RDSEED encountered a failure about 1 in 256 bytes depending
|
2017-03-07 15:01:26 +00:00
|
|
|
// on the processor. Retries were removed at Crypto++ 6.0 because
|
|
|
|
// GenerateBlock unconditionally retries and always fulfills the request.
|
2018-08-03 09:08:21 +00:00
|
|
|
// Intel recommends using a retry count in case RDRAND or RDSEED circuit
|
|
|
|
// is bad. This implemenation does not follow the advice and requires
|
|
|
|
// good silicon. If the circuit or processor is bad then the user has
|
|
|
|
// bigger problems than generating random numbers.
|
2015-11-05 06:59:46 +00:00
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
|
2018-12-28 17:45:34 +00:00
|
|
|
#if defined(CRYPTOPP_CPUID_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM)
|
2018-08-03 08:34:20 +00:00
|
|
|
|
2016-07-13 05:45:09 +00:00
|
|
|
# if defined(CRYPTOPP_MSC_VERSION)
|
2018-08-03 08:34:20 +00:00
|
|
|
# define MASM_RDRAND_ASM_AVAILABLE 1
|
|
|
|
# define MASM_RDSEED_ASM_AVAILABLE 1
|
2016-07-13 05:45:09 +00:00
|
|
|
# endif
|
2015-11-18 20:19:02 +00:00
|
|
|
|
2018-08-03 09:44:30 +00:00
|
|
|
# if (__SUNPRO_CC >= 0x5100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 30000) || \
|
2019-05-21 11:54:47 +00:00
|
|
|
(CRYPTOPP_LLVM_CLANG_VERSION >= 20800) || (CRYPTOPP_GCC_VERSION >= 30200)
|
2018-08-03 08:34:20 +00:00
|
|
|
# define GCC_RDRAND_ASM_AVAILABLE 1
|
|
|
|
# define GCC_RDSEED_ASM_AVAILABLE 1
|
2016-06-12 12:59:15 +00:00
|
|
|
# endif
|
2018-08-03 08:34:20 +00:00
|
|
|
|
|
|
|
#endif // CRYPTOPP_CPUID_AVAILABLE
|
2015-11-05 06:59:46 +00:00
|
|
|
|
2017-07-23 15:22:42 +00:00
|
|
|
typedef unsigned char byte;
|
|
|
|
|
2015-11-18 20:19:02 +00:00
|
|
|
#if MASM_RDRAND_ASM_AVAILABLE
|
2017-03-07 17:57:47 +00:00
|
|
|
extern "C" void CRYPTOPP_FASTCALL MASM_RDRAND_GenerateBlock(byte*, size_t);
|
2015-11-05 06:59:46 +00:00
|
|
|
#endif
|
|
|
|
|
2015-11-18 20:19:02 +00:00
|
|
|
#if MASM_RDSEED_ASM_AVAILABLE
|
2017-03-07 08:57:23 +00:00
|
|
|
extern "C" void CRYPTOPP_FASTCALL MASM_RDSEED_GenerateBlock(byte*, size_t);
|
2015-11-05 06:59:46 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
|
2015-11-18 20:19:02 +00:00
|
|
|
NAMESPACE_BEGIN(CryptoPP)
|
2016-06-15 00:50:39 +00:00
|
|
|
|
2018-12-28 17:45:34 +00:00
|
|
|
#if defined(CRYPTOPP_CPUID_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM)
|
2017-05-17 20:21:20 +00:00
|
|
|
|
2017-03-07 08:57:23 +00:00
|
|
|
// Fills 4 bytes
|
|
|
|
inline void RDRAND32(void* output)
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
2018-08-03 10:17:22 +00:00
|
|
|
CRYPTOPP_UNUSED(output); // MSC warning
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(GCC_RDRAND_ASM_AVAILABLE)
|
2017-05-10 02:47:14 +00:00
|
|
|
__asm__ __volatile__
|
2017-03-07 08:57:23 +00:00
|
|
|
(
|
2017-05-09 17:20:53 +00:00
|
|
|
"1:\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
".byte 0x0f, 0xc7, 0xf0;\n"
|
2017-05-09 17:20:53 +00:00
|
|
|
"jnc 1b;\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
: "=a" (*reinterpret_cast<word32*>(output))
|
|
|
|
: : "cc"
|
|
|
|
);
|
2015-11-05 06:59:46 +00:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2018-11-27 07:54:26 +00:00
|
|
|
#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32)
|
2017-03-07 08:57:23 +00:00
|
|
|
// Fills 8 bytes
|
|
|
|
inline void RDRAND64(void* output)
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
2018-08-03 10:17:22 +00:00
|
|
|
CRYPTOPP_UNUSED(output); // MSC warning
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(GCC_RDRAND_ASM_AVAILABLE)
|
2017-05-10 02:47:14 +00:00
|
|
|
__asm__ __volatile__
|
2017-03-07 08:57:23 +00:00
|
|
|
(
|
2017-05-09 17:20:53 +00:00
|
|
|
"1:\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
".byte 0x48, 0x0f, 0xc7, 0xf0;\n"
|
2017-05-09 17:20:53 +00:00
|
|
|
"jnc 1b;\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
: "=a" (*reinterpret_cast<word64*>(output))
|
|
|
|
: : "cc"
|
|
|
|
);
|
2015-11-18 20:19:02 +00:00
|
|
|
#endif
|
2015-11-05 06:59:46 +00:00
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
#endif // RDRAND64
|
2015-11-05 06:59:46 +00:00
|
|
|
|
2017-05-09 17:20:53 +00:00
|
|
|
RDRAND::RDRAND()
|
|
|
|
{
|
|
|
|
if (!HasRDRAND())
|
|
|
|
throw RDRAND_Err("HasRDRAND");
|
|
|
|
}
|
|
|
|
|
2015-11-05 06:59:46 +00:00
|
|
|
void RDRAND::GenerateBlock(byte *output, size_t size)
|
|
|
|
{
|
2017-03-07 08:57:23 +00:00
|
|
|
CRYPTOPP_ASSERT((output && size) || !(output || size));
|
|
|
|
if (size == 0) return;
|
2015-11-05 06:59:46 +00:00
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(MASM_RDRAND_ASM_AVAILABLE)
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
MASM_RDRAND_GenerateBlock(output, size);
|
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#elif defined(GCC_RDRAND_ASM_AVAILABLE)
|
|
|
|
|
2018-11-27 07:54:26 +00:00
|
|
|
# if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32)
|
2017-03-07 08:57:23 +00:00
|
|
|
size_t i = 0;
|
|
|
|
for (i = 0; i < size/8; i++)
|
2018-11-27 07:54:26 +00:00
|
|
|
RDRAND64(output+i*8);
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
output += i*8;
|
|
|
|
size -= i*8;
|
|
|
|
|
|
|
|
if (size)
|
|
|
|
{
|
|
|
|
word64 val;
|
|
|
|
RDRAND64(&val);
|
2018-08-03 08:34:20 +00:00
|
|
|
std::memcpy(output, &val, size);
|
2017-03-07 08:57:23 +00:00
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
# else
|
2017-03-07 08:57:23 +00:00
|
|
|
size_t i = 0;
|
|
|
|
for (i = 0; i < size/4; i++)
|
2018-11-27 07:54:26 +00:00
|
|
|
RDRAND32(output+i*4);
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
output += i*4;
|
|
|
|
size -= i*4;
|
|
|
|
|
|
|
|
if (size)
|
|
|
|
{
|
|
|
|
word32 val;
|
|
|
|
RDRAND32(&val);
|
2018-08-03 08:34:20 +00:00
|
|
|
std::memcpy(output, &val, size);
|
2017-03-07 08:57:23 +00:00
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
# endif
|
2015-11-05 06:59:46 +00:00
|
|
|
#else
|
2018-08-03 08:34:20 +00:00
|
|
|
// No suitable compiler found
|
2017-05-09 20:23:30 +00:00
|
|
|
CRYPTOPP_UNUSED(output);
|
2017-03-07 08:57:23 +00:00
|
|
|
throw NotImplemented("RDRAND: failed to find a suitable implementation");
|
|
|
|
#endif
|
2015-11-05 06:59:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void RDRAND::DiscardBytes(size_t n)
|
2015-11-18 20:19:02 +00:00
|
|
|
{
|
2017-03-07 08:57:23 +00:00
|
|
|
// RoundUpToMultipleOf is used because a full word is read, and its cheaper
|
|
|
|
// to discard full words. There's no sense in dealing with tail bytes.
|
|
|
|
FixedSizeSecBlock<word64, 16> discard;
|
|
|
|
n = RoundUpToMultipleOf(n, sizeof(word64));
|
|
|
|
|
|
|
|
size_t count = STDMIN(n, discard.SizeInBytes());
|
|
|
|
while (count)
|
|
|
|
{
|
|
|
|
GenerateBlock(discard.BytePtr(), count);
|
|
|
|
n -= count;
|
|
|
|
count = STDMIN(n, discard.SizeInBytes());
|
|
|
|
}
|
2015-11-05 06:59:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
/////////////////////////////////////////////////////////////////////
|
|
|
|
|
2017-03-07 08:57:23 +00:00
|
|
|
// Fills 4 bytes
|
|
|
|
inline void RDSEED32(void* output)
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
2018-08-03 10:17:22 +00:00
|
|
|
CRYPTOPP_UNUSED(output); // MSC warning
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(GCC_RDSEED_ASM_AVAILABLE)
|
2017-05-10 02:47:14 +00:00
|
|
|
__asm__ __volatile__
|
2017-03-07 08:57:23 +00:00
|
|
|
(
|
2017-05-09 17:20:53 +00:00
|
|
|
"1:\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
".byte 0x0f, 0xc7, 0xf8;\n"
|
2017-05-09 17:20:53 +00:00
|
|
|
"jnc 1b;\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
: "=a" (*reinterpret_cast<word32*>(output))
|
|
|
|
: : "cc"
|
|
|
|
);
|
2015-11-05 06:59:46 +00:00
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2018-11-27 07:54:26 +00:00
|
|
|
#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32)
|
2017-03-07 08:57:23 +00:00
|
|
|
// Fills 8 bytes
|
|
|
|
inline void RDSEED64(void* output)
|
2015-11-05 06:59:46 +00:00
|
|
|
{
|
2018-08-03 10:17:22 +00:00
|
|
|
CRYPTOPP_UNUSED(output); // MSC warning
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(GCC_RDSEED_ASM_AVAILABLE)
|
2017-05-10 02:47:14 +00:00
|
|
|
__asm__ __volatile__
|
2017-03-07 08:57:23 +00:00
|
|
|
(
|
2017-05-09 17:20:53 +00:00
|
|
|
"1:\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
".byte 0x48, 0x0f, 0xc7, 0xf8;\n"
|
2017-05-09 17:20:53 +00:00
|
|
|
"jnc 1b;\n"
|
2017-03-07 08:57:23 +00:00
|
|
|
: "=a" (*reinterpret_cast<word64*>(output))
|
|
|
|
: : "cc"
|
|
|
|
);
|
2015-11-05 06:59:46 +00:00
|
|
|
#endif
|
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
#endif // RDSEED64
|
2015-11-05 06:59:46 +00:00
|
|
|
|
2017-05-09 17:20:53 +00:00
|
|
|
RDSEED::RDSEED()
|
|
|
|
{
|
|
|
|
if (!HasRDSEED())
|
|
|
|
throw RDSEED_Err("HasRDSEED");
|
|
|
|
}
|
|
|
|
|
2015-11-05 06:59:46 +00:00
|
|
|
void RDSEED::GenerateBlock(byte *output, size_t size)
|
|
|
|
{
|
2017-03-07 08:57:23 +00:00
|
|
|
CRYPTOPP_ASSERT((output && size) || !(output || size));
|
|
|
|
if (size == 0) return;
|
2015-11-05 06:59:46 +00:00
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#if defined(MASM_RDSEED_ASM_AVAILABLE)
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
MASM_RDSEED_GenerateBlock(output, size);
|
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#elif defined(GCC_RDSEED_ASM_AVAILABLE)
|
2018-11-27 07:54:26 +00:00
|
|
|
# if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32)
|
2017-03-07 08:57:23 +00:00
|
|
|
size_t i = 0;
|
|
|
|
for (i = 0; i < size/8; i++)
|
2018-11-27 07:54:26 +00:00
|
|
|
RDSEED64(output+i*8);
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
output += i*8;
|
|
|
|
size -= i*8;
|
|
|
|
|
|
|
|
if (size)
|
|
|
|
{
|
|
|
|
word64 val;
|
|
|
|
RDSEED64(&val);
|
2018-08-03 08:34:20 +00:00
|
|
|
std::memcpy(output, &val, size);
|
2017-03-07 08:57:23 +00:00
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
# else
|
2017-03-07 08:57:23 +00:00
|
|
|
size_t i = 0;
|
|
|
|
for (i = 0; i < size/4; i++)
|
2018-11-27 07:54:26 +00:00
|
|
|
RDSEED32(output+i*4);
|
2017-03-07 08:57:23 +00:00
|
|
|
|
|
|
|
output += i*4;
|
|
|
|
size -= i*4;
|
|
|
|
|
|
|
|
if (size)
|
|
|
|
{
|
|
|
|
word32 val;
|
|
|
|
RDSEED32(&val);
|
2018-08-03 08:34:20 +00:00
|
|
|
std::memcpy(output, &val, size);
|
2017-03-07 08:57:23 +00:00
|
|
|
}
|
2018-08-03 08:34:20 +00:00
|
|
|
# endif
|
|
|
|
#else
|
|
|
|
// No suitable compiler found
|
|
|
|
CRYPTOPP_UNUSED(output);
|
|
|
|
throw NotImplemented("RDSEED: failed to find a suitable implementation");
|
|
|
|
#endif // RDSEED64
|
2015-11-05 06:59:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void RDSEED::DiscardBytes(size_t n)
|
2015-11-18 20:19:02 +00:00
|
|
|
{
|
2017-03-07 08:57:23 +00:00
|
|
|
// RoundUpToMultipleOf is used because a full word is read, and its cheaper
|
|
|
|
// to discard full words. There's no sense in dealing with tail bytes.
|
|
|
|
FixedSizeSecBlock<word64, 16> discard;
|
|
|
|
n = RoundUpToMultipleOf(n, sizeof(word64));
|
|
|
|
|
|
|
|
size_t count = STDMIN(n, discard.SizeInBytes());
|
|
|
|
while (count)
|
|
|
|
{
|
|
|
|
GenerateBlock(discard.BytePtr(), count);
|
|
|
|
n -= count;
|
|
|
|
count = STDMIN(n, discard.SizeInBytes());
|
|
|
|
}
|
2015-11-05 06:59:46 +00:00
|
|
|
}
|
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#else // not CRYPTOPP_CPUID_AVAILABLE
|
2017-05-17 20:21:20 +00:00
|
|
|
|
|
|
|
RDRAND::RDRAND()
|
|
|
|
{
|
|
|
|
throw RDRAND_Err("HasRDRAND");
|
|
|
|
}
|
|
|
|
|
|
|
|
void RDRAND::GenerateBlock(byte *output, size_t size)
|
|
|
|
{
|
2018-11-27 07:54:26 +00:00
|
|
|
// Constructor will throw, should not get here
|
2017-05-17 20:21:20 +00:00
|
|
|
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
|
|
|
|
}
|
|
|
|
|
|
|
|
void RDRAND::DiscardBytes(size_t n)
|
|
|
|
{
|
2018-11-27 07:54:26 +00:00
|
|
|
// Constructor will throw, should not get here
|
2017-05-17 20:21:20 +00:00
|
|
|
CRYPTOPP_UNUSED(n);
|
|
|
|
}
|
|
|
|
|
|
|
|
RDSEED::RDSEED()
|
|
|
|
{
|
|
|
|
throw RDSEED_Err("HasRDSEED");
|
|
|
|
}
|
|
|
|
|
|
|
|
void RDSEED::GenerateBlock(byte *output, size_t size)
|
|
|
|
{
|
2018-11-27 07:54:26 +00:00
|
|
|
// Constructor will throw, should not get here
|
2017-05-17 20:21:20 +00:00
|
|
|
CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size);
|
|
|
|
}
|
|
|
|
|
|
|
|
void RDSEED::DiscardBytes(size_t n)
|
|
|
|
{
|
2018-11-27 07:54:26 +00:00
|
|
|
// Constructor will throw, should not get here
|
2017-05-17 20:21:20 +00:00
|
|
|
CRYPTOPP_UNUSED(n);
|
|
|
|
}
|
|
|
|
|
2018-08-03 08:34:20 +00:00
|
|
|
#endif // CRYPTOPP_CPUID_AVAILABLE
|
2017-05-17 20:21:20 +00:00
|
|
|
|
2015-11-05 06:59:46 +00:00
|
|
|
NAMESPACE_END
|