xref: /sqlite-3.40.0/src/random.c (revision a6303704) 
1ae85dc8bSdrh /*
2b19a2bc6Sdrh ** 2001 September 15
3ae85dc8bSdrh **
4b19a2bc6Sdrh ** The author disclaims copyright to this source code.  In place of
5b19a2bc6Sdrh ** a legal notice, here is a blessing:
6ae85dc8bSdrh **
7b19a2bc6Sdrh **    May you do good and not evil.
8b19a2bc6Sdrh **    May you find forgiveness for yourself and forgive others.
9b19a2bc6Sdrh **    May you share freely, never taking more than you give.
10ae85dc8bSdrh **
11ae85dc8bSdrh *************************************************************************
12ae85dc8bSdrh ** This file contains code to implement a pseudo-random number
13ae85dc8bSdrh ** generator (PRNG) for SQLite.
14ae85dc8bSdrh **
15ae85dc8bSdrh ** Random numbers are used by some of the database backends in order
16ae85dc8bSdrh ** to generate random integer keys for tables or random filenames.
17ae85dc8bSdrh */
18ae85dc8bSdrh #include "sqliteInt.h"
19ae85dc8bSdrh 
20af9ff33aSdrh 
2193aed5a1Sdrh /* All threads share a single random number generator.
2293aed5a1Sdrh ** This structure is the current state of the generator.
2393aed5a1Sdrh */
2478f82d1eSdrh static SQLITE_WSD struct sqlite3PrngType {
259113c87eSdrh   u32 s[16];                 /* 64 bytes of chacha20 state */
269113c87eSdrh   u8 out[64];                /* Output bytes */
279113c87eSdrh   u8 n;                      /* Output bytes remaining */
281875f7a3Sdrh } sqlite3Prng;
2993aed5a1Sdrh 
30*cd05aafaSdrh 
31*cd05aafaSdrh /* The RFC-7539 ChaCha20 block function
32*cd05aafaSdrh */
339113c87eSdrh #define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
349113c87eSdrh #define QR(a, b, c, d) ( \
359113c87eSdrh     a += b, d ^= a, d = ROTL(d,16), \
369113c87eSdrh     c += d, b ^= c, b = ROTL(b,12), \
379113c87eSdrh     a += b, d ^= a, d = ROTL(d, 8), \
389113c87eSdrh     c += d, b ^= c, b = ROTL(b, 7))
chacha_block(u32 * out,const u32 * in)399113c87eSdrh static void chacha_block(u32 *out, const u32 *in){
409113c87eSdrh   int i;
419113c87eSdrh   u32 x[16];
429113c87eSdrh   memcpy(x, in, 64);
439113c87eSdrh   for(i=0; i<10; i++){
449113c87eSdrh     QR(x[0], x[4], x[ 8], x[12]);
459113c87eSdrh     QR(x[1], x[5], x[ 9], x[13]);
469113c87eSdrh     QR(x[2], x[6], x[10], x[14]);
479113c87eSdrh     QR(x[3], x[7], x[11], x[15]);
489113c87eSdrh     QR(x[0], x[5], x[10], x[15]);
499113c87eSdrh     QR(x[1], x[6], x[11], x[12]);
509113c87eSdrh     QR(x[2], x[7], x[ 8], x[13]);
519113c87eSdrh     QR(x[3], x[4], x[ 9], x[14]);
529113c87eSdrh   }
539113c87eSdrh   for(i=0; i<16; i++) out[i] = x[i]+in[i];
549113c87eSdrh }
559113c87eSdrh 
56ae85dc8bSdrh /*
57cf5ff121Sdrh ** Return N random bytes.
58ae85dc8bSdrh */
sqlite3_randomness(int N,void * pBuf)59cf5ff121Sdrh void sqlite3_randomness(int N, void *pBuf){
60cf5ff121Sdrh   unsigned char *zBuf = pBuf;
61ad75e987Sdrh 
6278f82d1eSdrh   /* The "wsdPrng" macro will resolve to the pseudo-random number generator
6378f82d1eSdrh   ** state vector.  If writable static data is unsupported on the target,
6478f82d1eSdrh   ** we have to locate the state vector at run-time.  In the more common
6578f82d1eSdrh   ** case where writable static data is supported, wsdPrng can refer directly
6678f82d1eSdrh   ** to the "sqlite3Prng" state vector declared above.
6778f82d1eSdrh   */
6878f82d1eSdrh #ifdef SQLITE_OMIT_WSD
6978f82d1eSdrh   struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng);
7078f82d1eSdrh # define wsdPrng p[0]
7178f82d1eSdrh #else
7278f82d1eSdrh # define wsdPrng sqlite3Prng
7378f82d1eSdrh #endif
7478f82d1eSdrh 
75cf5ff121Sdrh #if SQLITE_THREADSAFE
76df9c093eSmistachkin   sqlite3_mutex *mutex;
77df9c093eSmistachkin #endif
78df9c093eSmistachkin 
79df9c093eSmistachkin #ifndef SQLITE_OMIT_AUTOINIT
80df9c093eSmistachkin   if( sqlite3_initialize() ) return;
81df9c093eSmistachkin #endif
82df9c093eSmistachkin 
83df9c093eSmistachkin #if SQLITE_THREADSAFE
84df9c093eSmistachkin   mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG);
85cf5ff121Sdrh #endif
8678f82d1eSdrh 
87d61a18a9Sdrh   sqlite3_mutex_enter(mutex);
885a5d120bSdrh   if( N<=0 || pBuf==0 ){
899113c87eSdrh     wsdPrng.s[0] = 0;
905a5d120bSdrh     sqlite3_mutex_leave(mutex);
915a5d120bSdrh     return;
925a5d120bSdrh   }
935a5d120bSdrh 
94ae85dc8bSdrh   /* Initialize the state of the random number generator once,
95*cd05aafaSdrh   ** the first time this routine is called.
96ae85dc8bSdrh   */
979113c87eSdrh   if( wsdPrng.s[0]==0 ){
98a959bf53Sdrh     sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
999113c87eSdrh     static const u32 chacha20_init[] = {
1009113c87eSdrh       0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
1019113c87eSdrh     };
1029113c87eSdrh     memcpy(&wsdPrng.s[0], chacha20_init, 16);
103a959bf53Sdrh     if( NEVER(pVfs==0) ){
1049113c87eSdrh       memset(&wsdPrng.s[4], 0, 44);
105a959bf53Sdrh     }else{
1069113c87eSdrh       sqlite3OsRandomness(pVfs, 44, (char*)&wsdPrng.s[4]);
107a959bf53Sdrh     }
108534945adSdrh     wsdPrng.s[15] = wsdPrng.s[12];
1099113c87eSdrh     wsdPrng.s[12] = 0;
1109113c87eSdrh     wsdPrng.n = 0;
111ae85dc8bSdrh   }
112ae85dc8bSdrh 
113fe98081eSdrh   assert( N>0 );
1149113c87eSdrh   while( 1 /* exit by break */ ){
1159113c87eSdrh     if( N<=wsdPrng.n ){
1169113c87eSdrh       memcpy(zBuf, &wsdPrng.out[wsdPrng.n-N], N);
1179113c87eSdrh       wsdPrng.n -= N;
1189113c87eSdrh       break;
1199113c87eSdrh     }
1209113c87eSdrh     if( wsdPrng.n>0 ){
1219113c87eSdrh       memcpy(zBuf, wsdPrng.out, wsdPrng.n);
1229113c87eSdrh       N -= wsdPrng.n;
1239113c87eSdrh       zBuf += wsdPrng.n;
1249113c87eSdrh     }
1259113c87eSdrh     wsdPrng.s[12]++;
1269113c87eSdrh     chacha_block((u32*)wsdPrng.out, wsdPrng.s);
1279113c87eSdrh     wsdPrng.n = 64;
1289113c87eSdrh   }
12951fc347aSdrh   sqlite3_mutex_leave(mutex);
130ae85dc8bSdrh }
13193aed5a1Sdrh 
132d12602a9Sdrh #ifndef SQLITE_UNTESTABLE
13393aed5a1Sdrh /*
13493aed5a1Sdrh ** For testing purposes, we sometimes want to preserve the state of
13578f82d1eSdrh ** PRNG and restore the PRNG to its saved state at a later time, or
13678f82d1eSdrh ** to reset the PRNG to its initial state.  These routines accomplish
13778f82d1eSdrh ** those tasks.
13878f82d1eSdrh **
1392fa1868fSdrh ** The sqlite3_test_control() interface calls these routines to
1402fa1868fSdrh ** control the PRNG.
14193aed5a1Sdrh */
1421875f7a3Sdrh static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng;
sqlite3PrngSaveState(void)1432fa1868fSdrh void sqlite3PrngSaveState(void){
14478f82d1eSdrh   memcpy(
14578f82d1eSdrh     &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
14678f82d1eSdrh     &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
14778f82d1eSdrh     sizeof(sqlite3Prng)
14878f82d1eSdrh   );
14993aed5a1Sdrh }
sqlite3PrngRestoreState(void)1502fa1868fSdrh void sqlite3PrngRestoreState(void){
15178f82d1eSdrh   memcpy(
15278f82d1eSdrh     &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
15378f82d1eSdrh     &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
15478f82d1eSdrh     sizeof(sqlite3Prng)
15578f82d1eSdrh   );
15693aed5a1Sdrh }
157d12602a9Sdrh #endif /* SQLITE_UNTESTABLE */
158