Botan  1.10.9
rdrand.cpp
Go to the documentation of this file.
1 /*
2 * Entropy Source Using Intel's rdrand instruction
3 * (C) 2012 Jack Lloyd
4 *
5 * Distributed under the terms of the Botan license
6 */
7 
8 #include <botan/internal/rdrand.h>
9 #include <botan/cpuid.h>
10 
11 #if !defined(BOTAN_USE_GCC_INLINE_ASM)
12  #include <immintrin.h>
13 #endif
14 
15 namespace Botan {
16 
17 /*
18 * Get the timestamp
19 */
21  {
22  if(!CPUID::has_rdrand())
23  return;
24 
25  /*
26  * Put an upper bound on the total entropy we're willing to claim
27  * for any one polling of rdrand to prevent it from swamping our
28  * poll. Internally, the rdrand system is a DRGB that reseeds at a
29  * somewhat unpredictable rate (the current conditions are
30  * documented, but that might not be true for different
31  * implementations, eg on Haswell or a future AMD chip, so I don't
32  * want to assume). This limit ensures we're going to poll at least
33  * one other source so we have some diversity in our inputs.
34  */
35 
36  const size_t POLL_UPPER_BOUND = 96;
37  const size_t RDRAND_POLLS = 32;
38  const double ENTROPY_PER_POLL =
39  static_cast<double>(POLL_UPPER_BOUND) / (RDRAND_POLLS * 4);
40 
41  for(size_t i = 0; i != RDRAND_POLLS; ++i)
42  {
43  unsigned int r = 0;
44 
45 #if BOTAN_USE_GCC_INLINE_ASM
46  int cf = 0;
47 
48  // Encoding of rdrand %eax
49  asm(".byte 0x0F, 0xC7, 0xF0; adcl $0,%1" :
50  "=a" (r), "=r" (cf) : "0" (r), "1" (cf) : "cc");
51 #else
52  int cf = _rdrand32_step(&r);
53 #endif
54 
55  if(cf == 1)
56  accum.add(r, ENTROPY_PER_POLL);
57  }
58  }
59 
60 }
void add(const void *bytes, size_t length, double entropy_bits_per_byte)
Definition: entropy_src.h:70
void poll(Entropy_Accumulator &accum)
Definition: rdrand.cpp:20
static bool has_rdrand()
Definition: cpuid.h:88
BigInt r
Definition: numthry.cpp:26