Changeset View
Changeset View
Standalone View
Standalone View
src/random.h
Show All 38 Lines | |||||
* terminate if this entropy source fails. | * terminate if this entropy source fails. | ||||
* - Bytes from OpenSSL's RNG (which itself may be seeded from various | * - Bytes from OpenSSL's RNG (which itself may be seeded from various | ||||
* sources) | * sources) | ||||
* - Another high-precision timestamp (indirectly committing to a benchmark of | * - Another high-precision timestamp (indirectly committing to a benchmark of | ||||
* all the previous sources). These entropy sources are slower, but designed to | * all the previous sources). These entropy sources are slower, but designed to | ||||
* make sure the RNG state contains fresh data that is unpredictable to | * make sure the RNG state contains fresh data that is unpredictable to | ||||
* attackers. | * attackers. | ||||
* | * | ||||
* - RandAddSeedSleep() seeds everything that fast seeding includes, but | * - RandAddPeriodic() seeds everything that fast seeding includes, but | ||||
* additionally: | * additionally: | ||||
* - A high-precision timestamp before and after sleeping 1ms. | * - A high-precision timestamp | ||||
* - (On Windows) Once every 10 minutes, performance monitoring data from the | * - Dynamic environment data (performance monitoring, ...) | ||||
* OS. | * - Strengthen the entropy for 10 ms using repeated SHA512. | ||||
* - Once every minute, strengthen the entropy for 10 ms using repeated | * This is run once every minute. | ||||
* SHA512. | |||||
* These just exploit the fact the system is idle to improve the quality | |||||
* of the RNG slightly. | |||||
* | * | ||||
* On first use of the RNG (regardless of what function is called first), all | * On first use of the RNG (regardless of what function is called first), all | ||||
* entropy sources used in the 'slow' seeder are included, but also: | * entropy sources used in the 'slow' seeder are included, but also: | ||||
* - 256 bits from the hardware RNG (rdseed or rdrand) when available. | * - 256 bits from the hardware RNG (rdseed or rdrand) when available. | ||||
* - (On Windows) Performance monitoring data from the OS. | * - Dynamic environment data (performance monitoring, ...) | ||||
* - Static environment data | |||||
* - Strengthen the entropy for 100 ms using repeated SHA512. | * - Strengthen the entropy for 100 ms using repeated SHA512. | ||||
* | * | ||||
* When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, | * When mixing in new entropy, H = SHA512(entropy || old_rng_state) is computed, | ||||
* and (up to) the first 32 bytes of H are produced as output, while the last 32 | * and (up to) the first 32 bytes of H are produced as output, while the last 32 | ||||
* bytes become the new RNG state. | * bytes become the new RNG state. | ||||
*/ | */ | ||||
/** | /** | ||||
Show All 22 Lines | |||||
void GetStrongRandBytes(uint8_t *buf, int num) noexcept; | void GetStrongRandBytes(uint8_t *buf, int num) noexcept; | ||||
/** | /** | ||||
* Gather entropy from various expensive sources, and feed them to the PRNG | * Gather entropy from various expensive sources, and feed them to the PRNG | ||||
* state. | * state. | ||||
* | * | ||||
* Thread-safe. | * Thread-safe. | ||||
*/ | */ | ||||
void RandAddPeriodic(); | void RandAddPeriodic() noexcept; | ||||
/** | /** | ||||
* Fast randomness source. This is seeded once with secure random data, but | * Fast randomness source. This is seeded once with secure random data, but | ||||
* is completely deterministic and does not gather more entropy after that. | * is completely deterministic and does not gather more entropy after that. | ||||
* | * | ||||
* This class is not thread-safe. | * This class is not thread-safe. | ||||
*/ | */ | ||||
class FastRandomContext { | class FastRandomContext { | ||||
▲ Show 20 Lines • Show All 154 Lines • Show Last 20 Lines |