Merge pull request #370 from neusdan/rdseed

Add support for Intel RdSeed instruction

3 files changed, 107 insertions, 0 deletions

diff --git a/src/lib/entropy/rdseed/info.txt b/src/lib/entropy/rdseed/info.txt
new file mode 100644
index 000000000..53aa496b0
--- /dev/null
+++ b/src/lib/entropy/rdseed/info.txt
@@ -0,0 +1,23 @@
+define ENTROPY_SRC_RDSEED 20151218
+
+need_isa rdseed
+
+<source>
+rdseed.cpp
+</source>
+
+<header:internal>
+rdseed.h
+</header:internal>
+
+<arch>
+x86_32
+x86_64
+</arch>
+
+<cc>
+gcc
+clang
+icc
+msvc
+</cc>
diff --git a/src/lib/entropy/rdseed/rdseed.cpp b/src/lib/entropy/rdseed/rdseed.cpp
new file mode 100644
index 000000000..8bdd79a1d
--- /dev/null
+++ b/src/lib/entropy/rdseed/rdseed.cpp
@@ -0,0 +1,56 @@
+/*
+* Entropy Source Using Intel's rdseed instruction
+* (C) 2015 Jack Lloyd, Daniel Neus
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include <botan/internal/rdseed.h>
+#include <botan/cpuid.h>
+
+#if !defined(BOTAN_USE_GCC_INLINE_ASM)
+  #include <immintrin.h>
+#endif
+
+namespace Botan {
+
+/*
+* Get the timestamp
+*/
+void Intel_Rdseed::poll(Entropy_Accumulator& accum)
+   {
+   if(!CPUID::has_rdseed())
+      return;
+
+   /*
+   Don't consider rdseed as contributing any entropy to the poll. It doesn't
+   make sense to trust uninspectible hardware.
+
+   Even if backdoored, rdseed cannot harm us because the HMAC_RNG poll process
+   is designed to handle arbitrarily large amounts of attacker known/chosen
+   input (or even a reseed where every bit we reseeded with was attacker chosen),
+   as long as at least one seed occurred with enough unknown-to-attacker entropy.
+   */
+   const double ENTROPY_ESTIMATE = 0.0;
+   const size_t RDSEED_POLLS = 32;
+
+   for(size_t i = 0; i != RDSEED_POLLS; ++i)
+      {
+      unsigned int r = 0;
+
+#if defined(BOTAN_USE_GCC_INLINE_ASM)
+      int cf = 0;
+
+      // Encoding of rdseed %eax
+      asm(".byte 0x0F, 0xC7, 0xF8; adcl $0,%1" :
+          "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc");
+#else
+      int cf = _rdseed32_step(&r);
+#endif
+
+      if(cf == 1)
+         accum.add(r, ENTROPY_ESTIMATE);
+      }
+   }
+
+}
diff --git a/src/lib/entropy/rdseed/rdseed.h b/src/lib/entropy/rdseed/rdseed.h
new file mode 100644
index 000000000..0f39250a1
--- /dev/null
+++ b/src/lib/entropy/rdseed/rdseed.h
@@ -0,0 +1,28 @@
+/*
+* Entropy Source Using Intel's rdseed instruction
+* (C) 2015 Jack Lloyd, Daniel Neus
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#ifndef BOTAN_ENTROPY_SRC_RDSEED_H__
+#define BOTAN_ENTROPY_SRC_RDSEED_H__
+
+#include <botan/entropy_src.h>
+
+namespace Botan {
+
+/**
+* Entropy source using the rdseed instruction first introduced on
+* Intel's Broadwell architecture.
+*/
+class Intel_Rdseed : public Entropy_Source
+   {
+   public:
+      std::string name() const override { return "rdseed"; }
+      void poll(Entropy_Accumulator& accum) override;
+   };
+
+}
+
+#endif