xref: /sqlite-3.40.0/src/random.c (revision 8d7b4130) 
1 /*
2 ** 2001 September 15
3 **
4 ** The author disclaims copyright to this source code.  In place of
5 ** a legal notice, here is a blessing:
6 **
7 **    May you do good and not evil.
8 **    May you find forgiveness for yourself and forgive others.
9 **    May you share freely, never taking more than you give.
10 **
11 *************************************************************************
12 ** This file contains code to implement a pseudo-random number
13 ** generator (PRNG) for SQLite.
14 **
15 ** Random numbers are used by some of the database backends in order
16 ** to generate random integer keys for tables or random filenames.
17 */
18 #include "sqliteInt.h"
19 
20 
21 /* All threads share a single random number generator.
22 ** This structure is the current state of the generator.
23 */
24 static SQLITE_WSD struct sqlite3PrngType {
25   u32 s[16];                 /* 64 bytes of chacha20 state */
26   u8 out[64];                /* Output bytes */
27   u8 n;                      /* Output bytes remaining */
28 } sqlite3Prng;
29 
30 
31 /* The RFC-7539 ChaCha20 block function
32 */
33 #define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
34 #define QR(a, b, c, d) ( \
35     a += b, d ^= a, d = ROTL(d,16), \
36     c += d, b ^= c, b = ROTL(b,12), \
37     a += b, d ^= a, d = ROTL(d, 8), \
38     c += d, b ^= c, b = ROTL(b, 7))
39 static void chacha_block(u32 *out, const u32 *in){
40   int i;
41   u32 x[16];
42   memcpy(x, in, 64);
43   for(i=0; i<10; i++){
44     QR(x[0], x[4], x[ 8], x[12]);
45     QR(x[1], x[5], x[ 9], x[13]);
46     QR(x[2], x[6], x[10], x[14]);
47     QR(x[3], x[7], x[11], x[15]);
48     QR(x[0], x[5], x[10], x[15]);
49     QR(x[1], x[6], x[11], x[12]);
50     QR(x[2], x[7], x[ 8], x[13]);
51     QR(x[3], x[4], x[ 9], x[14]);
52   }
53   for(i=0; i<16; i++) out[i] = x[i]+in[i];
54 }
55 
56 /*
57 ** Return N random bytes.
58 */
59 void sqlite3_randomness(int N, void *pBuf){
60   unsigned char *zBuf = pBuf;
61 
62   /* The "wsdPrng" macro will resolve to the pseudo-random number generator
63   ** state vector.  If writable static data is unsupported on the target,
64   ** we have to locate the state vector at run-time.  In the more common
65   ** case where writable static data is supported, wsdPrng can refer directly
66   ** to the "sqlite3Prng" state vector declared above.
67   */
68 #ifdef SQLITE_OMIT_WSD
69   struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng);
70 # define wsdPrng p[0]
71 #else
72 # define wsdPrng sqlite3Prng
73 #endif
74 
75 #if SQLITE_THREADSAFE
76   sqlite3_mutex *mutex;
77 #endif
78 
79 #ifndef SQLITE_OMIT_AUTOINIT
80   if( sqlite3_initialize() ) return;
81 #endif
82 
83 #if SQLITE_THREADSAFE
84   mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG);
85 #endif
86 
87   sqlite3_mutex_enter(mutex);
88   if( N<=0 || pBuf==0 ){
89     wsdPrng.s[0] = 0;
90     sqlite3_mutex_leave(mutex);
91     return;
92   }
93 
94   /* Initialize the state of the random number generator once,
95   ** the first time this routine is called.
96   */
97   if( wsdPrng.s[0]==0 ){
98     sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
99     static const u32 chacha20_init[] = {
100       0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
101     };
102     memcpy(&wsdPrng.s[0], chacha20_init, 16);
103     if( NEVER(pVfs==0) ){
104       memset(&wsdPrng.s[4], 0, 44);
105     }else{
106       sqlite3OsRandomness(pVfs, 44, (char*)&wsdPrng.s[4]);
107     }
108     wsdPrng.s[15] = wsdPrng.s[12];
109     wsdPrng.s[12] = 0;
110     wsdPrng.n = 0;
111   }
112 
113   assert( N>0 );
114   while( 1 /* exit by break */ ){
115     if( N<=wsdPrng.n ){
116       memcpy(zBuf, &wsdPrng.out[wsdPrng.n-N], N);
117       wsdPrng.n -= N;
118       break;
119     }
120     if( wsdPrng.n>0 ){
121       memcpy(zBuf, wsdPrng.out, wsdPrng.n);
122       N -= wsdPrng.n;
123       zBuf += wsdPrng.n;
124     }
125     wsdPrng.s[12]++;
126     chacha_block((u32*)wsdPrng.out, wsdPrng.s);
127     wsdPrng.n = 64;
128   }
129   sqlite3_mutex_leave(mutex);
130 }
131 
132 #ifndef SQLITE_UNTESTABLE
133 /*
134 ** For testing purposes, we sometimes want to preserve the state of
135 ** PRNG and restore the PRNG to its saved state at a later time, or
136 ** to reset the PRNG to its initial state.  These routines accomplish
137 ** those tasks.
138 **
139 ** The sqlite3_test_control() interface calls these routines to
140 ** control the PRNG.
141 */
142 static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng;
143 void sqlite3PrngSaveState(void){
144   memcpy(
145     &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
146     &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
147     sizeof(sqlite3Prng)
148   );
149 }
150 void sqlite3PrngRestoreState(void){
151   memcpy(
152     &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
153     &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
154     sizeof(sqlite3Prng)
155   );
156 }
157 #endif /* SQLITE_UNTESTABLE */
158