/src/botan/src/lib/entropy/rdrand/rdrand.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Entropy Source Using Intel's rdrand instruction |
3 | | * (C) 2012,2015,2019 Jack Lloyd |
4 | | * (C) 2015 Daniel Neus |
5 | | * |
6 | | * Botan is released under the Simplified BSD License (see license.txt) |
7 | | */ |
8 | | |
9 | | #include <botan/internal/rdrand.h> |
10 | | #include <botan/rdrand_rng.h> |
11 | | |
12 | | namespace Botan { |
13 | | |
14 | | size_t Intel_Rdrand::poll(RandomNumberGenerator& rng) |
15 | 0 | { |
16 | 0 | /* |
17 | 0 | * Intel's documentation for RDRAND at |
18 | 0 | * https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide |
19 | 0 | * claims that software can guarantee a reseed event by polling enough data: |
20 | 0 | * "There is an upper bound of 511 samples per seed in the implementation |
21 | 0 | * where samples are 128 bits in size and can provide two 64-bit random |
22 | 0 | * numbers each." |
23 | 0 | * |
24 | 0 | * By requesting 8192 bytes we are asking for 512 samples and thus are assured |
25 | 0 | * that at some point in producing the output, at least one reseed of the |
26 | 0 | * internal state will occur. |
27 | 0 | * |
28 | 0 | * The alternative approach is to "Iteratively execute 32 RDRAND invocations |
29 | 0 | * with a 10 us wait period per iteration." however in practice this proves to |
30 | 0 | * be about 20x slower, despite producing much less seed material. |
31 | 0 | */ |
32 | 0 | const size_t RDRAND_POLL_BYTES = 8*1024; |
33 | 0 |
|
34 | 0 | if(RDRAND_RNG::available()) |
35 | 0 | { |
36 | 0 | RDRAND_RNG rdrand_rng; |
37 | 0 | secure_vector<uint8_t> buf(RDRAND_POLL_BYTES); |
38 | 0 | rdrand_rng.randomize(&buf[0], buf.size()); |
39 | 0 | rng.add_entropy(buf.data(), buf.size()); |
40 | 0 | } |
41 | 0 |
|
42 | 0 | // RDRAND is used but not trusted |
43 | 0 | return 0; |
44 | 0 | } |
45 | | |
46 | | } |