Coverage Report

Created: 2020-03-26 13:53

/src/botan/src/lib/entropy/rdrand/rdrand.cpp
Line
Count
Source (jump to first uncovered line)
1
/*
2
* Entropy Source Using Intel's rdrand instruction
3
* (C) 2012,2015,2019 Jack Lloyd
4
* (C) 2015 Daniel Neus
5
*
6
* Botan is released under the Simplified BSD License (see license.txt)
7
*/
8
9
#include <botan/internal/rdrand.h>
10
#include <botan/rdrand_rng.h>
11
12
namespace Botan {
13
14
size_t Intel_Rdrand::poll(RandomNumberGenerator& rng)
15
0
   {
16
0
   /*
17
0
   * Intel's documentation for RDRAND at
18
0
   * https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
19
0
   * claims that software can guarantee a reseed event by polling enough data:
20
0
   * "There is an upper bound of 511 samples per seed in the implementation
21
0
   * where samples are 128 bits in size and can provide two 64-bit random
22
0
   * numbers each."
23
0
   *
24
0
   * By requesting 8192 bytes we are asking for 512 samples and thus are assured
25
0
   * that at some point in producing the output, at least one reseed of the
26
0
   * internal state will occur.
27
0
   *
28
0
   * The alternative approach is to "Iteratively execute 32 RDRAND invocations
29
0
   * with a 10 us wait period per iteration." however in practice this proves to
30
0
   * be about 20x slower, despite producing much less seed material.
31
0
   */
32
0
   const size_t RDRAND_POLL_BYTES = 8*1024;
33
0
34
0
   if(RDRAND_RNG::available())
35
0
      {
36
0
      RDRAND_RNG rdrand_rng;
37
0
      secure_vector<uint8_t> buf(RDRAND_POLL_BYTES);
38
0
      rdrand_rng.randomize(&buf[0], buf.size());
39
0
      rng.add_entropy(buf.data(), buf.size());
40
0
      }
41
0
42
0
   // RDRAND is used but not trusted
43
0
   return 0;
44
0
   }
45
46
}