Add Processor_RNG

Replaces RDRAND_RNG, RDRAND entropy source, and DARN entropy source. Provides also DARN-based RNG interface. This also gives an easy path for supporting the ARMv8 RNG instructions.
author: Jack Lloyd <[email protected]> 2020-05-08 07:24:50 -0400
committer: Jack Lloyd <[email protected]> 2020-05-08 08:31:06 -0400
commit: ad851c2047273d3317cbdc88cefaa1c3aaa61ee2 (patch)
tree: 95119539acb70860525c7adc51893fd4e6731d79 /src/lib/entropy
parent: 0ad3c8a4aac6a8a19ff71323eb1a7adb5fae2dee (diff)
7 files changed, 46 insertions, 201 deletions
diff --git a/src/lib/entropy/entropy_srcs.cpp b/src/lib/entropy/entropy_srcs.cpp
index ba60ed62d..d566013ba 100644
--- a/src/lib/entropy/entropy_srcs.cpp
+++ b/src/lib/entropy/entropy_srcs.cpp
@@ -12,6 +12,10 @@
   #include <botan/system_rng.h>
 #endif
 
+#if defined(BOTAN_HAS_PROCESSOR_RNG)
+  #include <botan/processor_rng.h>
+#endif
+
 #if defined(BOTAN_HAS_ENTROPY_SRC_RDRAND)
   #include <botan/internal/rdrand.h>
 #endif
@@ -43,10 +47,10 @@
 
 namespace Botan {
 
-#if defined(BOTAN_HAS_SYSTEM_RNG)
-
 namespace {
 
+#if defined(BOTAN_HAS_SYSTEM_RNG)
+
 class System_RNG_EntropySource final : public Entropy_Source
    {
    public:
@@ -60,10 +64,46 @@ class System_RNG_EntropySource final : public Entropy_Source
       std::string name() const override { return "system_rng"; }
    };
 
-}
+#endif
+
+#if defined(BOTAN_HAS_PROCESSOR_RNG)
+
+class Processor_RNG_EntropySource final : public Entropy_Source
+   {
+   public:
+      size_t poll(RandomNumberGenerator& rng) override
+         {
+         /*
+         * Intel's documentation for RDRAND at
+         * https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
+         * claims that software can guarantee a reseed event by polling enough data:
+         * "There is an upper bound of 511 samples per seed in the implementation
+         * where samples are 128 bits in size and can provide two 64-bit random
+         * numbers each."
+         *
+         * By requesting 65536 bits we are asking for 512 samples and thus are assured
+         * that at some point in producing the output, at least one reseed of the
+         * internal state will occur.
+         *
+         * The reseeding conditions of the POWER and ARM processor RNGs are not known
+         * but probably work in a somewhat similar manner. The exact amount requested
+         * may be tweaked if and when such conditions become publically known.
+         */
+         const size_t poll_bits = 65536;
+         rng.reseed_from_rng(m_hwrng, poll_bits);
+         // Avoid trusting a black box, don't count this as contributing entropy:
+         return 0;
+         }
+
+      std::string name() const override { return m_hwrng.name(); }
+   private:
+      Processor_RNG m_hwrng;
+   };
 
 #endif
 
+}
+
 std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
    {
 #if defined(BOTAN_HAS_SYSTEM_RNG)
@@ -73,10 +113,10 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
       }
 #endif
 
-#if defined(BOTAN_HAS_ENTROPY_SRC_RDRAND)
-   if(name == "rdrand")
+#if defined(BOTAN_HAS_PROCESSOR_RNG)
+   if(name == "hwrng" || name == "rdrand" || name == "p9_darn")
       {
-      return std::unique_ptr<Entropy_Source>(new Intel_Rdrand);
+      return std::unique_ptr<Entropy_Source>(new Processor_RNG_EntropySource);
       }
 #endif
 
@@ -87,13 +127,6 @@ std::unique_ptr<Entropy_Source> Entropy_Source::create(const std::string& name)
       }
 #endif
 
-#if defined(BOTAN_HAS_ENTROPY_SRC_DARN)
-   if(name == "p9_darn")
-      {
-      return std::unique_ptr<Entropy_Source>(new POWER9_DARN);
-      }
-#endif
-
 #if defined(BOTAN_HAS_ENTROPY_SRC_GETENTROPY)
    if(name == "getentropy")
       {
diff --git a/src/lib/entropy/p9_darn/info.txt b/src/lib/entropy/p9_darn/info.txt
deleted file mode 100644
index e703786f4..000000000
--- a/src/lib/entropy/p9_darn/info.txt
+++ /dev/null
@@ -1,15 +0,0 @@
-<defines>
-ENTROPY_SRC_DARN -> 20180610
-</defines>
-
-<header:internal>
-p9_darn.h
-</header:internal>
-
-<arch>
-ppc64
-</arch>
-
-<isa>
-powercrypto
-</isa>
diff --git a/src/lib/entropy/p9_darn/p9_darn.cpp b/src/lib/entropy/p9_darn/p9_darn.cpp
deleted file mode 100644
index 8731b94e1..000000000
--- a/src/lib/entropy/p9_darn/p9_darn.cpp
+++ /dev/null
@@ -1,65 +0,0 @@
-/*
-* (C) 2019 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/p9_darn.h>
-#include <botan/cpuid.h>
-
-namespace Botan {
-
-namespace {
-
-bool read_darn(secure_vector<uint64_t>& seed)
-   {
-   const size_t DARN_RETRIES = 512;
-
-   for(size_t i = 0; i != DARN_RETRIES; ++i)
-      {
-      uint64_t r = 0;
-
-      // DARN 0: 32-bit conditioned, 1: 64-bit condition, 2: 64-bit raw (ala RDSEED)
-      asm volatile("darn %0, 2" : "=r" (r));
-
-      // DARN indicates error by 0xFF..FF, ie is biased (!?!?)
-      if((~r) != 0)
-         {
-         seed.push_back(r);
-         return true;
-         }
-      }
-
-   return false; // failed to produce an output after many attempts
-   }
-
-}
-
-size_t POWER9_DARN::poll(RandomNumberGenerator& rng)
-   {
-   const size_t DARN_BYTES = 1024;
-   static_assert(DARN_BYTES % 8 == 0, "Bad DARN configuration");
-
-   if(CPUID::has_darn_rng())
-      {
-      secure_vector<uint64_t> seed;
-      seed.reserve(DARN_BYTES / 8);
-
-      for(size_t p = 0; p != DARN_BYTES / 8; ++p)
-         {
-         if(!read_darn(seed))
-            break;
-         }
-
-      if(seed.size() > 0)
-         {
-         rng.add_entropy(reinterpret_cast<const uint8_t*>(seed.data()),
-                         seed.size() * sizeof(uint32_t));
-         }
-      }
-
-   // DARN is used but not trusted
-   return 0;
-   }
-
-}
diff --git a/src/lib/entropy/p9_darn/p9_darn.h b/src/lib/entropy/p9_darn/p9_darn.h
deleted file mode 100644
index 9d8c508a1..000000000
--- a/src/lib/entropy/p9_darn/p9_darn.h
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
-* (C) 2019 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_ENTROPY_SRC_DARN_H_
-#define BOTAN_ENTROPY_SRC_DARN_H_
-
-#include <botan/entropy_src.h>
-
-namespace Botan {
-
-class POWER9_DARN final : public Entropy_Source
-   {
-   public:
-      std::string name() const override { return "p9_darn"; }
-      size_t poll(RandomNumberGenerator& rng) override;
-   };
-
-}
-
-#endif
diff --git a/src/lib/entropy/rdrand/info.txt b/src/lib/entropy/rdrand/info.txt
deleted file mode 100644
index 6abe8765d..000000000
--- a/src/lib/entropy/rdrand/info.txt
+++ /dev/null
@@ -1,11 +0,0 @@
-<defines>
-ENTROPY_SRC_RDRAND -> 20131128
-</defines>
-
-<requires>
-rdrand_rng
-</requires>
-
-<header:internal>
-rdrand.h
-</header:internal>
diff --git a/src/lib/entropy/rdrand/rdrand.cpp b/src/lib/entropy/rdrand/rdrand.cpp
deleted file mode 100644
index e22227326..000000000
--- a/src/lib/entropy/rdrand/rdrand.cpp
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-* Entropy Source Using Intel's rdrand instruction
-* (C) 2012,2015,2019 Jack Lloyd
-* (C) 2015 Daniel Neus
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#include <botan/internal/rdrand.h>
-#include <botan/rdrand_rng.h>
-
-namespace Botan {
-
-size_t Intel_Rdrand::poll(RandomNumberGenerator& rng)
-   {
-   /*
-   * Intel's documentation for RDRAND at
-   * https://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
-   * claims that software can guarantee a reseed event by polling enough data:
-   * "There is an upper bound of 511 samples per seed in the implementation
-   * where samples are 128 bits in size and can provide two 64-bit random
-   * numbers each."
-   *
-   * By requesting 8192 bytes we are asking for 512 samples and thus are assured
-   * that at some point in producing the output, at least one reseed of the
-   * internal state will occur.
-   *
-   * The alternative approach is to "Iteratively execute 32 RDRAND invocations
-   * with a 10 us wait period per iteration." however in practice this proves to
-   * be about 20x slower, despite producing much less seed material.
-   */
-   const size_t RDRAND_POLL_BYTES = 8*1024;
-
-   if(RDRAND_RNG::available())
-      {
-      RDRAND_RNG rdrand_rng;
-      secure_vector<uint8_t> buf(RDRAND_POLL_BYTES);
-      rdrand_rng.randomize(&buf[0], buf.size());
-      rng.add_entropy(buf.data(), buf.size());
-      }
-
-   // RDRAND is used but not trusted
-   return 0;
-   }
-
-}
diff --git a/src/lib/entropy/rdrand/rdrand.h b/src/lib/entropy/rdrand/rdrand.h
deleted file mode 100644
index 6544fe57f..000000000
--- a/src/lib/entropy/rdrand/rdrand.h
+++ /dev/null
@@ -1,28 +0,0 @@
-/*
-* Entropy Source Using Intel's rdrand instruction
-* (C) 2012 Jack Lloyd
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-
-#ifndef BOTAN_ENTROPY_SRC_RDRAND_H_
-#define BOTAN_ENTROPY_SRC_RDRAND_H_
-
-#include <botan/entropy_src.h>
-
-namespace Botan {
-
-/**
-* Entropy source using the rdrand instruction first introduced on
-* Intel's Ivy Bridge architecture.
-*/
-class Intel_Rdrand final : public Entropy_Source
-   {
-   public:
-      std::string name() const override { return "rdrand"; }
-      size_t poll(RandomNumberGenerator& rng) override;
-   };
-
-}
-
-#endif
author	Jack Lloyd <[email protected]>	2020-05-08 07:24:50 -0400
committer	Jack Lloyd <[email protected]>	2020-05-08 08:31:06 -0400
commit	ad851c2047273d3317cbdc88cefaa1c3aaa61ee2 (patch)
tree	95119539acb70860525c7adc51893fd4e6731d79 /src/lib/entropy
parent	0ad3c8a4aac6a8a19ff71323eb1a7adb5fae2dee (diff)