src/random.h

   1 // Copyright (c) 2009-2010 Satoshi Nakamoto
   2 // Copyright (c) 2009-2016 The Bitcoin Core developers
   3 // Distributed under the MIT software license, see the accompanying
   4 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
   5
   6 #ifndef BITCOIN_RANDOM_H
   7 #define BITCOIN_RANDOM_H
   8
   9 #include "crypto/chacha20.h"
  10 #include "crypto/common.h"
  11 #include "uint256.h"
  12
  13 #include <stdint.h>
  14
  15 /* Seed OpenSSL PRNG with additional entropy data */
  16 void RandAddSeed();
  17
  18 /**
  19  * Functions to gather random data via the OpenSSL PRNG
  20  */
  21 void GetRandBytes(unsigned char* buf, int num);
  22 uint64_t GetRand(uint64_t nMax);
  23 int GetRandInt(int nMax);
  24 uint256 GetRandHash();
  25
  26 /**
  27  * Function to gather random data from multiple sources, failing whenever any
  28  * of those source fail to provide a result.
  29  */
  30 void GetStrongRandBytes(unsigned char* buf, int num);
  31
  32 /**
  33  * Fast randomness source. This is seeded once with secure random data, but
  34  * is completely deterministic and insecure after that.
  35  * This class is not thread-safe.
  36  */
  37 class FastRandomContext {
  38 private:
  39     bool requires_seed;
  40     ChaCha20 rng;
  41
  42     unsigned char bytebuf[64];
  43     int bytebuf_size;
  44
  45     uint64_t bitbuf;
  46     int bitbuf_size;
  47
  48     void RandomSeed();
  49
  50     void FillByteBuffer()
  51     {
  52         if (requires_seed) {
  53             RandomSeed();
  54         }
  55         rng.Output(bytebuf, sizeof(bytebuf));
  56         bytebuf_size = sizeof(bytebuf);
  57     }
  58
  59     void FillBitBuffer()
  60     {
  61         bitbuf = rand64();
  62         bitbuf_size = 64;
  63     }
  64
  65 public:
  66     explicit FastRandomContext(bool fDeterministic = false);
  67
  68     /** Initialize with explicit seed (only for testing) */
  69     explicit FastRandomContext(const uint256& seed);
  70
  71     /** Generate a random 64-bit integer. */
  72     uint64_t rand64()
  73     {
  74         if (bytebuf_size < 8) FillByteBuffer();
  75         uint64_t ret = ReadLE64(bytebuf + 64 - bytebuf_size);
  76         bytebuf_size -= 8;
  77         return ret;
  78     }
  79
  80     /** Generate a random (bits)-bit integer. */
  81     uint64_t randbits(int bits) {
  82         if (bits == 0) {
  83             return 0;
  84         } else if (bits > 32) {
  85             return rand64() >> (64 - bits);
  86         } else {
  87             if (bitbuf_size < bits) FillBitBuffer();
  88             uint64_t ret = bitbuf & (~(uint64_t)0 >> (64 - bits));
  89             bitbuf >>= bits;
  90             bitbuf_size -= bits;
  91             return ret;
  92         }
  93     }
  94
  95     /** Generate a random integer in the range [0..range). */
  96     uint64_t randrange(uint64_t range)
  97     {
  98         --range;
  99         int bits = CountBits(range);
 100         while (true) {
 101             uint64_t ret = randbits(bits);
 102             if (ret <= range) return ret;
 103         }
 104     }
 105
 106     /** Generate a random 32-bit integer. */
 107     uint32_t rand32() { return randbits(32); }
 108
 109     /** Generate a random boolean. */
 110     bool randbool() { return randbits(1); }
 111 };
 112
 113 /* Number of random bytes returned by GetOSRand.
 114  * When changing this constant make sure to change all call sites, and make
 115  * sure that the underlying OS APIs for all platforms support the number.
 116  * (many cap out at 256 bytes).
 117  */
 118 static const ssize_t NUM_OS_RANDOM_BYTES = 32;
 119
 120 /** Get 32 bytes of system entropy. Do not use this in application code: use
 121  * GetStrongRandBytes instead.
 122  */
 123 void GetOSRand(unsigned char *ent32);
 124
 125 /** Check that OS randomness is available and returning the requested number
 126  * of bytes.
 127  */
 128 bool Random_SanityCheck();
 129
 130 #endif // BITCOIN_RANDOM_H