Tor  0.4.3.0-alpha-dev
Data Structures | Macros | Functions | Variables
crypto_rand_fast.c File Reference

A fast strong PRNG for use when our underlying cryptographic library's PRNG isn't fast enough. More...

#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_cipher.h"
#include "lib/crypt_ops/crypto_digest.h"
#include "lib/crypt_ops/crypto_util.h"
#include "lib/intmath/cmp.h"
#include "lib/cc/ctassert.h"
#include "lib/malloc/map_anon.h"
#include "lib/thread/threads.h"
#include "lib/log/util_bug.h"
#include <string.h>

Go to the source code of this file.

Data Structures

struct  crypto_fast_rng_t
 
struct  crypto_fast_rng_t::cbuf
 

Macros

#define CRYPTO_RAND_FAST_PRIVATE
 
#define CRYPTO_PRIVATE
 
#define PID_FIELD_LEN   0
 
#define SEED_LEN   (CRYPTO_FAST_RNG_SEED_LEN)
 
#define MAPLEN   4096
 
#define BUFLEN   (MAPLEN - 2*sizeof(uint16_t) - SEED_LEN - PID_FIELD_LEN)
 
#define RESEED_AFTER   16
 
#define KEY_LEN   (CRYPTO_FAST_RNG_SEED_LEN - CIPHER_IV_LEN)
 
#define KEY_BITS   (KEY_LEN * 8)
 

Functions

 CTASSERT (KEY_BITS==128||KEY_BITS==192||KEY_BITS==256)
 
 CTASSERT (sizeof(struct cbuf)==BUFLEN+SEED_LEN)
 
 CTASSERT (sizeof(crypto_fast_rng_t)<=MAPLEN)
 
crypto_fast_rng_tcrypto_fast_rng_new (void)
 
crypto_fast_rng_tcrypto_fast_rng_new_from_seed (const uint8_t *seed)
 
static crypto_cipher_t * cipher_from_seed (const uint8_t *seed)
 
static void crypto_fast_rng_add_entopy (crypto_fast_rng_t *rng)
 
static void crypto_fast_rng_refill (crypto_fast_rng_t *rng)
 
void crypto_fast_rng_free_ (crypto_fast_rng_t *rng)
 
static void crypto_fast_rng_getbytes_impl (crypto_fast_rng_t *rng, uint8_t *out, const size_t n)
 
void crypto_fast_rng_getbytes (crypto_fast_rng_t *rng, uint8_t *out, size_t n)
 
crypto_fast_rng_tget_thread_fast_rng (void)
 
void destroy_thread_fast_rng (void)
 
void crypto_rand_fast_init (void)
 
void crypto_rand_fast_shutdown (void)
 

Variables

static tor_threadlocal_t thread_rng
 

Detailed Description

A fast strong PRNG for use when our underlying cryptographic library's PRNG isn't fast enough.

Definition in file crypto_rand_fast.c.

Function Documentation

◆ cipher_from_seed()

static crypto_cipher_t* cipher_from_seed ( const uint8_t *  seed)
inlinestatic

Helper: create a crypto_cipher_t object from SEED_LEN bytes of input. The first KEY_LEN bytes are used as the stream cipher's key, and the remaining CIPHER_IV_LEN bytes are used as its IV.

Definition at line 211 of file crypto_rand_fast.c.

◆ crypto_fast_rng_add_entopy()

static void crypto_fast_rng_add_entopy ( crypto_fast_rng_t rng)
static

Helper: mix additional entropy into rng by using our XOF to mix the old value for the seed with some additional bytes from crypto_strongest_rand().

Definition at line 222 of file crypto_rand_fast.c.

Referenced by crypto_fast_rng_refill().

◆ crypto_fast_rng_free_()

void crypto_fast_rng_free_ ( crypto_fast_rng_t rng)

Release all storage held by rng.

Definition at line 274 of file crypto_rand_fast.c.

◆ crypto_fast_rng_getbytes()

void crypto_fast_rng_getbytes ( crypto_fast_rng_t rng,
uint8_t *  out,
size_t  n 
)

Extract n bytes from rng into the buffer at out.

Definition at line 335 of file crypto_rand_fast.c.

Referenced by crypto_fast_rng_get_double(), crypto_fast_rng_get_u32(), crypto_fast_rng_get_uint(), and crypto_fast_rng_get_uint64().

◆ crypto_fast_rng_getbytes_impl()

static void crypto_fast_rng_getbytes_impl ( crypto_fast_rng_t rng,
uint8_t *  out,
const size_t  n 
)
static

Helper: extract bytes from the PRNG, refilling it as necessary. Does not optimize the case when the user has asked for a huge output.

Definition at line 287 of file crypto_rand_fast.c.

◆ crypto_fast_rng_new()

crypto_fast_rng_t* crypto_fast_rng_new ( void  )

Initialize and return a new fast PRNG, using a strong random seed.

Note that this object is NOT thread-safe. If you need a thread-safe prng, use crypto_rand(), or wrap this in a mutex.

Definition at line 139 of file crypto_rand_fast.c.

◆ crypto_fast_rng_new_from_seed()

crypto_fast_rng_t* crypto_fast_rng_new_from_seed ( const uint8_t *  seed)

Initialize and return a new fast PRNG, using a seed value specified in seed. This value must be CRYPTO_FAST_RNG_SEED_LEN bytes long.

Note that this object is NOT thread-safe. If you need a thread-safe prng, you should probably look at get_thread_fast_rng(). Alternatively, use crypto_rand(), wrap this in a mutex.

Definition at line 158 of file crypto_rand_fast.c.

◆ crypto_fast_rng_refill()

static void crypto_fast_rng_refill ( crypto_fast_rng_t rng)
static

Helper: refill the seed bytes and output buffer of rng, using the input seed bytes as input (key and IV) for the stream cipher.

If the n_till_reseed counter has reached zero, mix more random bytes into the seed before refilling the buffer.

Definition at line 244 of file crypto_rand_fast.c.

Referenced by crypto_fast_rng_getbytes_impl().

◆ crypto_rand_fast_init()

void crypto_rand_fast_init ( void  )

Initialize the global thread-local key that will be used to keep track of per-thread fast RNG instances. Called from the crypto subsystem's initialization code.

Definition at line 424 of file crypto_rand_fast.c.

◆ crypto_rand_fast_shutdown()

void crypto_rand_fast_shutdown ( void  )

Initialize the global thread-local key that will be used to keep track of per-thread fast RNG instances. Called from the crypto subsystem's shutdown code.

Definition at line 435 of file crypto_rand_fast.c.

◆ destroy_thread_fast_rng()

void destroy_thread_fast_rng ( void  )

Used when a thread is exiting: free the per-thread fast RNG if needed. Invoked from the crypto subsystem's thread-cleanup code.

Definition at line 395 of file crypto_rand_fast.c.

Referenced by crypto_rand_fast_shutdown(), and crypto_thread_cleanup().

◆ get_thread_fast_rng()

crypto_fast_rng_t* get_thread_fast_rng ( void  )

Return a per-thread fast RNG, initializing it if necessary.

You do not need to free this yourself.

It is NOT safe to share this value across threads.

Definition at line 378 of file crypto_rand_fast.c.

Referenced by circuit_reset_sendme_randomness(), circuit_resume_edge_reading_helper(), genpareto_sample(), geometric_sample(), log_logistic_sample(), logistic_sample(), random_uniform_01(), and weibull_sample().

Variable Documentation

◆ thread_rng

tor_threadlocal_t thread_rng
static

Thread-local instance for our fast RNG.

Definition at line 368 of file crypto_rand_fast.c.

Referenced by crypto_rand_fast_init(), crypto_rand_fast_shutdown(), destroy_thread_fast_rng(), and get_thread_fast_rng().