thodg/libgit2/src/rand.c
-
Show log
Commit
-
Hash : 3c53796c
Author :
Date : 2022-02-07T19:38:32
rand: introduce git_rand PRNG Introduce `git_rand`, a PRNG based on xoroshiro256**, a fast, all-purpose pseudo-random number generator: https://prng.di.unimi.it The PRNG will be seeded by the system's entropy store when possible, falling back to current time and system data (pid, uptime, etc). Inspiration for this was taken from libressl, but since our PRNG is not used for cryptographic purposes (and indeed currently only generates a unique temp file name that is written in a protected directory), this should be more than sufficient. Our implementation of xoroshiro256** was taken almost strictly from the original author's sources, but was tested against PractRand to ensure that there were no foolish mistranslations: ``` RNG_test using PractRand version 0.94 RNG = RNG_stdin64, seed = unknown test set = core, folding = standard (64 bit) rng=RNG_stdin64, seed=unknown length= 256 megabytes (2^28 bytes), time= 2.9 seconds no anomalies in 210 test result(s) rng=RNG_stdin64, seed=unknown length= 512 megabytes (2^29 bytes), time= 6.2 seconds no anomalies in 226 test result(s) rng=RNG_stdin64, seed=unknown length= 1 gigabyte (2^30 bytes), time= 12.7 seconds no anomalies in 243 test result(s) rng=RNG_stdin64, seed=unknown length= 2 gigabytes (2^31 bytes), time= 25.4 seconds no anomalies in 261 test result(s) rng=RNG_stdin64, seed=unknown length= 4 gigabytes (2^32 bytes), time= 50.6 seconds no anomalies in 277 test result(s) rng=RNG_stdin64, seed=unknown length= 8 gigabytes (2^33 bytes), time= 104 seconds no anomalies in 294 test result(s) ```
-
src/rand.c
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226
/* Written in 2018 by David Blackman and Sebastiano Vigna (vigna@acm.org) To the extent possible under law, the author has dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. See <http://creativecommons.org/publicdomain/zero/1.0/>. */ #include "common.h" #include "rand.h" #include "runtime.h" #if defined(GIT_RAND_GETENTROPY) # include <sys/random.h> #endif static uint64_t state[4]; static git_mutex state_lock; typedef union { double f; uint64_t d; } bits; #if defined(GIT_WIN32) GIT_INLINE(int) getseed(uint64_t *seed) { HCRYPTPROV provider; SYSTEMTIME systemtime; FILETIME filetime, idletime, kerneltime, usertime; bits convert; if (CryptAcquireContext(&provider, 0, 0, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT|CRYPT_SILENT)) { BOOL success = CryptGenRandom(provider, sizeof(uint64_t), (void *)seed); CryptReleaseContext(provider, 0); if (success) return 0; } GetSystemTime(&systemtime); if (!SystemTimeToFileTime(&systemtime, &filetime)) { git_error_set(GIT_ERROR_OS, "could not get time for random seed"); return -1; } /* Fall-through: generate a seed from the time and system state */ *seed = 0; *seed |= ((uint64_t)filetime.dwLowDateTime << 32); *seed |= ((uint64_t)filetime.dwHighDateTime); GetSystemTimes(&idletime, &kerneltime, &usertime); *seed ^= ((uint64_t)idletime.dwLowDateTime << 32); *seed ^= ((uint64_t)kerneltime.dwLowDateTime); *seed ^= ((uint64_t)usertime.dwLowDateTime << 32); *seed ^= ((uint64_t)idletime.dwHighDateTime); *seed ^= ((uint64_t)kerneltime.dwHighDateTime << 12); *seed ^= ((uint64_t)usertime.dwHighDateTime << 24); *seed ^= ((uint64_t)GetCurrentProcessId() << 32); *seed ^= ((uint64_t)GetCurrentThreadId() << 48); convert.f = git__timer(); *seed ^= (convert.d); /* Mix in the addresses of some functions and variables */ *seed ^= (((uint64_t)((uintptr_t)seed) << 32)); *seed ^= (((uint64_t)((uintptr_t)&errno))); return 0; } #else GIT_INLINE(int) getseed(uint64_t *seed) { struct timeval tv; double loadavg[3]; bits convert; int fd; # if defined(GIT_RAND_GETENTROPY) GIT_UNUSED((fd = 0)); if (getentropy(seed, sizeof(uint64_t)) == 0) return 0; # else /* * Try to read from /dev/urandom; most modern systems will have * this, but we may be chrooted, etc, so it's not a fatal error */ if ((fd = open("/dev/urandom", O_RDONLY)) >= 0) { ssize_t ret = read(fd, seed, sizeof(uint64_t)); close(fd); if (ret == (ssize_t)sizeof(uint64_t)) return 0; } # endif /* Fall-through: generate a seed from the time and system state */ if (gettimeofday(&tv, NULL) < 0) { git_error_set(GIT_ERROR_OS, "could get time for random seed"); return -1; } getloadavg(loadavg, 3); *seed = 0; *seed |= ((uint64_t)tv.tv_usec << 40); *seed |= ((uint64_t)tv.tv_sec); *seed ^= ((uint64_t)getpid() << 48); *seed ^= ((uint64_t)getppid() << 32); *seed ^= ((uint64_t)getpgid(0) << 28); *seed ^= ((uint64_t)getsid(0) << 16); *seed ^= ((uint64_t)getuid() << 8); *seed ^= ((uint64_t)getgid()); convert.f = loadavg[0]; *seed ^= (convert.d >> 36); convert.f = loadavg[1]; *seed ^= (convert.d); convert.f = loadavg[2]; *seed ^= (convert.d >> 16); convert.f = git__timer(); *seed ^= (convert.d); /* Mix in the addresses of some variables */ *seed ^= ((uint64_t)((size_t)((void *)seed)) << 32); *seed ^= ((uint64_t)((size_t)((void *)&errno))); return 0; } #endif static void git_rand_global_shutdown(void) { git_mutex_free(&state_lock); } int git_rand_global_init(void) { uint64_t seed = 0; if (git_mutex_init(&state_lock) < 0 || getseed(&seed) < 0) return -1; if (!seed) { git_error_set(GIT_ERROR_INTERNAL, "failed to generate random seed"); return -1; } git_rand_seed(seed); git_runtime_shutdown_register(git_rand_global_shutdown); return 0; } /* * This is splitmix64. xoroshiro256** uses 256 bit seed; this is used * to generate 256 bits of seed from the given 64, per the author's * recommendation. */ GIT_INLINE(uint64_t) splitmix64(uint64_t *in) { uint64_t z; *in += 0x9e3779b97f4a7c15; z = *in; z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9; z = (z ^ (z >> 27)) * 0x94d049bb133111eb; return z ^ (z >> 31); } void git_rand_seed(uint64_t seed) { uint64_t mixer; mixer = seed; git_mutex_lock(&state_lock); state[0] = splitmix64(&mixer); state[1] = splitmix64(&mixer); state[2] = splitmix64(&mixer); state[3] = splitmix64(&mixer); git_mutex_unlock(&state_lock); } /* This is xoshiro256** 1.0, one of our all-purpose, rock-solid generators. It has excellent (sub-ns) speed, a state (256 bits) that is large enough for any parallel application, and it passes all tests we are aware of. For generating just floating-point numbers, xoshiro256+ is even faster. The state must be seeded so that it is not everywhere zero. If you have a 64-bit seed, we suggest to seed a splitmix64 generator and use its output to fill s. */ GIT_INLINE(uint64_t) rotl(const uint64_t x, int k) { return (x << k) | (x >> (64 - k)); } uint64_t git_rand_next(void) { uint64_t t, result; git_mutex_lock(&state_lock); result = rotl(state[1] * 5, 7) * 9; t = state[1] << 17; state[2] ^= state[0]; state[3] ^= state[1]; state[1] ^= state[2]; state[0] ^= state[3]; state[2] ^= t; state[3] = rotl(state[3], 45); git_mutex_unlock(&state_lock); return result; }