search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cksum: use AVX2 and AVX512 for speedup
[coreutils.git] / gl / lib / randread.c
blob43c0cf09f3c137862113fefa9553c58e3ce70172
1 /* Generate buffers of random data.
2
3 Copyright (C) 2006-2024 Free Software Foundation, Inc.
4
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation, either version 3 of the License, or
8 (at your option) any later version.
9
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>. */
17
18 /* Written by Paul Eggert. */
19
20 /* FIXME: Improve performance by adding support for the RDRAND machine
21 instruction if available (e.g., Ivy Bridge processors). */
22
23 #include <config.h>
24
25 #include "randread.h"
26
27 #include <errno.h>
28 #include <error.h>
29 #include <exitfail.h>
30 #include <fcntl.h>
31 #include <quote.h>
32 #include <stdint.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <sys/random.h>
37
38 #include "gettext.h"
39 #define _(msgid) gettext (msgid)
40
41 #include "assure.h"
42 #include "minmax.h"
43 #include "rand-isaac.h"
44 #include "stdio-safer.h"
45 #include "unlocked-io.h"
46 #include "xalloc.h"
47
48 #if _STRING_ARCH_unaligned || _STRING_INLINE_unaligned
49 # define POINTER_IS_ALIGNED(ptr, type) true
50 #else
51 # define POINTER_IS_ALIGNED(ptr, type) ((size_t) (ptr) % alignof (type) == 0)
52 #endif
53
54 /* The maximum buffer size used for reads of random data. Using the
55 value 2 * ISAAC_BYTES makes this the largest power of two that
56 would not otherwise cause struct randread_source to grow. */
57 #define RANDREAD_BUFFER_SIZE (2 * ISAAC_BYTES)
58
59 /* A source of random data for generating random buffers. */
60 struct randread_source
61 {
62 /* Stream to read random bytes from. If null, the current
63 implementation uses an internal PRNG (ISAAC). */
64 FILE *source;
65
66 /* Function to call, and its argument, if there is an input error or
67 end of file when reading from the stream; errno is nonzero if
68 there was an error. If this function returns, it should fix the
69 problem before returning. The default handler assumes that
70 handler_arg is the file name of the source. */
71 void (*handler) (void const *);
72 void const *handler_arg;
73
74 /* The buffer for SOURCE. It's kept here to simplify storage
75 allocation and to make it easier to clear out buffered random
76 data. */
77 union
78 {
79 /* The stream buffer, if SOURCE is not null. */
80 char c[RANDREAD_BUFFER_SIZE];
81
82 /* The buffered ISAAC pseudorandom buffer, if SOURCE is null. */
83 struct isaac
84 {
85 /* The number of bytes that are buffered at the end of data.b. */
86 size_t buffered;
87
88 /* State of the ISAAC generator. */
89 struct isaac_state state;
90
91 /* Up to a buffer's worth of pseudorandom data. */
92 union
93 {
94 isaac_word w[ISAAC_WORDS];
95 unsigned char b[ISAAC_BYTES];
96 } data;
97 } isaac;
98 } buf;
99 };
100
101
102 /* The default error handler. */
103
104 static void
105 randread_error (void const *file_name)
106 {
107 affirm (exit_failure);
108 error (exit_failure, errno,
109 errno == 0 ? _("%s: end of file") : _("%s: read error"),
110 quote (file_name));
111 }
112
113 /* Simply return a new randread_source object with the default error
114 handler. */
115
116 static struct randread_source *
117 simple_new (FILE *source, void const *handler_arg)
118 {
119 struct randread_source *s = xmalloc (sizeof *s);
120 s->source = source;
121 s->handler = randread_error;
122 s->handler_arg = handler_arg;
123 return s;
124 }
125
126 /* Put a nonce value into BUFFER, with size BUFSIZE.
127 Return true on success, false (setting errno) on failure. */
128
129 static bool
130 get_nonce (void *buffer, size_t bufsize)
131 {
132 char *buf = buffer, *buflim = buf + bufsize;
133 while (buf < buflim)
134 {
135 #if defined __sun
136 # define MAX_GETRANDOM 1024
137 #else
138 # define MAX_GETRANDOM SIZE_MAX
139 #endif
140 size_t max_bytes = MIN (buflim - buf, MAX_GETRANDOM);
141 ssize_t nbytes = getrandom (buf, max_bytes, 0);
142 if (0 <= nbytes)
143 buf += nbytes;
144 else if (errno != EINTR)
145 return false;
146 }
147 return true;
148 }
149
150 /* Body of randread_free, broken out to pacify gcc -Wmismatched-dealloc. */
151
152 static int
153 randread_free_body (struct randread_source *s)
154 {
155 FILE *source = s->source;
156 explicit_bzero (s, sizeof *s);
157 free (s);
158 return source ? fclose (source) : 0;
159 }
160
161 /* Create and initialize a random data source from NAME, or use a
162 reasonable default source if NAME is null. BYTES_BOUND is an upper
163 bound on the number of bytes that will be needed. If zero, it is a
164 hard bound; otherwise it is just an estimate.
165
166 If NAME is not null, NAME is saved for use as the argument of the
167 default handler. Unless a non-default handler is used, NAME's
168 lifetime should be at least that of the returned value.
169
170 Return nullptr (setting errno) on failure. */
171
172 struct randread_source *
173 randread_new (char const *name, size_t bytes_bound)
174 {
175 if (bytes_bound == 0)
176 return simple_new (nullptr, nullptr);
177 else
178 {
179 FILE *source = nullptr;
180 struct randread_source *s;
181
182 if (name)
183 if (! (source = fopen_safer (name, "rb")))
184 return nullptr;
185
186 s = simple_new (source, name);
187
188 if (source)
189 setvbuf (source, s->buf.c, _IOFBF, MIN (sizeof s->buf.c, bytes_bound));
190 else
191 {
192 /* Fill the ISAAC buffer. Although it is tempting to read at
193 most BYTES_BOUND bytes, this is incorrect for two reasons.
194 First, BYTES_BOUND is just an estimate.
195 Second, even if the estimate is correct
196 ISAAC64 poorly randomizes when BYTES_BOUND is small
197 and just the first few bytes of s->buf.isaac.state.m
198 are random while the other bytes are all zero. See:
199 Aumasson J-P. On the pseudo-random generator ISAAC.
200 Cryptology ePrint Archive. 2006;438.
201 <https://eprint.iacr.org/2006/438>. */
202 s->buf.isaac.buffered = 0;
203 if (! get_nonce (s->buf.isaac.state.m,
204 sizeof s->buf.isaac.state.m))
205 {
206 int e = errno;
207 randread_free_body (s);
208 errno = e;
209 return nullptr;
210 }
211 isaac_seed (&s->buf.isaac.state);
212 }
213
214 return s;
215 }
216 }
217
218
219 /* Set S's handler and its argument. HANDLER (HANDLER_ARG) is called
220 when there is a read error or end of file from the random data
221 source; errno is nonzero if there was an error. If HANDLER
222 returns, it should fix the problem before returning. The default
223 handler assumes that handler_arg is the file name of the source; it
224 does not return. */
225
226 void
227 randread_set_handler (struct randread_source *s, void (*handler) (void const *))
228 {
229 s->handler = handler;
230 }
231
232 void
233 randread_set_handler_arg (struct randread_source *s, void const *handler_arg)
234 {
235 s->handler_arg = handler_arg;
236 }
237
238
239 /* Place SIZE random bytes into the buffer beginning at P, using
240 the stream in S. */
241
242 static void
243 readsource (struct randread_source *s, unsigned char *p, size_t size)
244 {
245 while (true)
246 {
247 size_t inbytes = fread (p, sizeof *p, size, s->source);
248 int fread_errno = errno;
249 p += inbytes;
250 size -= inbytes;
251 if (size == 0)
252 break;
253 errno = (ferror (s->source) ? fread_errno : 0);
254 s->handler (s->handler_arg);
255 }
256 }
257
258
259 /* Place SIZE pseudorandom bytes into the buffer beginning at P, using
260 the buffered ISAAC generator in ISAAC. */
261
262 static void
263 readisaac (struct isaac *isaac, void *p, size_t size)
264 {
265 size_t inbytes = isaac->buffered;
266
267 while (true)
268 {
269 char *char_p = p;
270
271 if (size <= inbytes)
272 {
273 memcpy (p, isaac->data.b + ISAAC_BYTES - inbytes, size);
274 isaac->buffered = inbytes - size;
275 return;
276 }
277
278 memcpy (p, isaac->data.b + ISAAC_BYTES - inbytes, inbytes);
279 p = char_p + inbytes;
280 size -= inbytes;
281
282 /* If P is aligned, write to *P directly to avoid the overhead
283 of copying from the buffer. */
284 if (POINTER_IS_ALIGNED (p, isaac_word))
285 {
286 isaac_word *wp = p;
287 while (ISAAC_BYTES <= size)
288 {
289 isaac_refill (&isaac->state, wp);
290 wp += ISAAC_WORDS;
291 size -= ISAAC_BYTES;
292 if (size == 0)
293 {
294 isaac->buffered = 0;
295 return;
296 }
297 }
298 p = wp;
299 }
300
301 isaac_refill (&isaac->state, isaac->data.w);
302 inbytes = ISAAC_BYTES;
303 }
304 }
305
306
307 /* Consume random data from *S to generate a random buffer BUF of size
308 SIZE. */
309
310 void
311 randread (struct randread_source *s, void *buf, size_t size)
312 {
313 if (s->source)
314 readsource (s, buf, size);
315 else
316 readisaac (&s->buf.isaac, buf, size);
317 }
318
319
320 /* Clear *S so that it no longer contains undelivered random data, and
321 deallocate any system resources associated with *S. Return 0 if
322 successful, a negative number (setting errno) if not (this is rare,
323 but can occur in theory if there is an input error). */
324
325 int
326 randread_free (struct randread_source *s)
327 {
328 return randread_free_body (s);
329 }
GNU core utilities