mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-01-31 03:27:39 +00:00
157 lines
4.3 KiB
C
157 lines
4.3 KiB
C
/*
|
|
** 2001 September 15
|
|
**
|
|
** The author disclaims copyright to this source code. In place of
|
|
** a legal notice, here is a blessing:
|
|
**
|
|
** May you do good and not evil.
|
|
** May you find forgiveness for yourself and forgive others.
|
|
** May you share freely, never taking more than you give.
|
|
**
|
|
*************************************************************************
|
|
** This file contains code to implement a pseudo-random number
|
|
** generator (PRNG) for SQLite.
|
|
**
|
|
** Random numbers are used by some of the database backends in order
|
|
** to generate random integer keys for tables or random filenames.
|
|
*/
|
|
#include "third_party/sqlite3/sqliteInt.h"
|
|
|
|
|
|
/* All threads share a single random number generator.
|
|
** This structure is the current state of the generator.
|
|
*/
|
|
static SQLITE_WSD struct sqlite3PrngType {
|
|
u32 s[16]; /* 64 bytes of chacha20 state */
|
|
u8 out[64]; /* Output bytes */
|
|
u8 n; /* Output bytes remaining */
|
|
} sqlite3Prng;
|
|
|
|
|
|
/* The RFC-7539 ChaCha20 block function
|
|
*/
|
|
#define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
|
|
#define QR(a, b, c, d) ( \
|
|
a += b, d ^= a, d = ROTL(d,16), \
|
|
c += d, b ^= c, b = ROTL(b,12), \
|
|
a += b, d ^= a, d = ROTL(d, 8), \
|
|
c += d, b ^= c, b = ROTL(b, 7))
|
|
static void chacha_block(u32 *out, const u32 *in){
|
|
int i;
|
|
u32 x[16];
|
|
memcpy(x, in, 64);
|
|
for(i=0; i<10; i++){
|
|
QR(x[0], x[4], x[ 8], x[12]);
|
|
QR(x[1], x[5], x[ 9], x[13]);
|
|
QR(x[2], x[6], x[10], x[14]);
|
|
QR(x[3], x[7], x[11], x[15]);
|
|
QR(x[0], x[5], x[10], x[15]);
|
|
QR(x[1], x[6], x[11], x[12]);
|
|
QR(x[2], x[7], x[ 8], x[13]);
|
|
QR(x[3], x[4], x[ 9], x[14]);
|
|
}
|
|
for(i=0; i<16; i++) out[i] = x[i]+in[i];
|
|
}
|
|
|
|
/*
|
|
** Return N random bytes.
|
|
*/
|
|
void sqlite3_randomness(int N, void *pBuf){
|
|
unsigned char *zBuf = pBuf;
|
|
|
|
/* The "wsdPrng" macro will resolve to the pseudo-random number generator
|
|
** state vector. If writable static data is unsupported on the target,
|
|
** we have to locate the state vector at run-time. In the more common
|
|
** case where writable static data is supported, wsdPrng can refer directly
|
|
** to the "sqlite3Prng" state vector declared above.
|
|
*/
|
|
#ifdef SQLITE_OMIT_WSD
|
|
struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng);
|
|
# define wsdPrng p[0]
|
|
#else
|
|
# define wsdPrng sqlite3Prng
|
|
#endif
|
|
|
|
#if SQLITE_THREADSAFE
|
|
sqlite3_mutex *mutex;
|
|
#endif
|
|
|
|
#ifndef SQLITE_OMIT_AUTOINIT
|
|
if( sqlite3_initialize() ) return;
|
|
#endif
|
|
|
|
#if SQLITE_THREADSAFE
|
|
mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG);
|
|
#endif
|
|
|
|
sqlite3_mutex_enter(mutex);
|
|
if( N<=0 || pBuf==0 ){
|
|
wsdPrng.s[0] = 0;
|
|
sqlite3_mutex_leave(mutex);
|
|
return;
|
|
}
|
|
|
|
/* Initialize the state of the random number generator once,
|
|
** the first time this routine is called.
|
|
*/
|
|
if( wsdPrng.s[0]==0 ){
|
|
sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
|
|
static const u32 chacha20_init[] = {
|
|
0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
|
|
};
|
|
memcpy(&wsdPrng.s[0], chacha20_init, 16);
|
|
if( NEVER(pVfs==0) ){
|
|
memset(&wsdPrng.s[4], 0, 44);
|
|
}else{
|
|
sqlite3OsRandomness(pVfs, 44, (char*)&wsdPrng.s[4]);
|
|
}
|
|
wsdPrng.s[15] = wsdPrng.s[12];
|
|
wsdPrng.s[12] = 0;
|
|
wsdPrng.n = 0;
|
|
}
|
|
|
|
assert( N>0 );
|
|
while( 1 /* exit by break */ ){
|
|
if( N<=wsdPrng.n ){
|
|
memcpy(zBuf, &wsdPrng.out[wsdPrng.n-N], N);
|
|
wsdPrng.n -= N;
|
|
break;
|
|
}
|
|
if( wsdPrng.n>0 ){
|
|
memcpy(zBuf, wsdPrng.out, wsdPrng.n);
|
|
N -= wsdPrng.n;
|
|
zBuf += wsdPrng.n;
|
|
}
|
|
wsdPrng.s[12]++;
|
|
chacha_block((u32*)wsdPrng.out, wsdPrng.s);
|
|
wsdPrng.n = 64;
|
|
}
|
|
sqlite3_mutex_leave(mutex);
|
|
}
|
|
|
|
#ifndef SQLITE_UNTESTABLE
|
|
/*
|
|
** For testing purposes, we sometimes want to preserve the state of
|
|
** PRNG and restore the PRNG to its saved state at a later time, or
|
|
** to reset the PRNG to its initial state. These routines accomplish
|
|
** those tasks.
|
|
**
|
|
** The sqlite3_test_control() interface calls these routines to
|
|
** control the PRNG.
|
|
*/
|
|
static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng;
|
|
void sqlite3PrngSaveState(void){
|
|
memcpy(
|
|
&GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
|
|
&GLOBAL(struct sqlite3PrngType, sqlite3Prng),
|
|
sizeof(sqlite3Prng)
|
|
);
|
|
}
|
|
void sqlite3PrngRestoreState(void){
|
|
memcpy(
|
|
&GLOBAL(struct sqlite3PrngType, sqlite3Prng),
|
|
&GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
|
|
sizeof(sqlite3Prng)
|
|
);
|
|
}
|
|
#endif /* SQLITE_UNTESTABLE */
|