| 1 | /* |
|---|---|
| 2 | ** 2001 September 15 |
| 3 | ** |
| 4 | ** The author disclaims copyright to this source code. In place of |
| 5 | ** a legal notice, here is a blessing: |
| 6 | ** |
| 7 | ** May you do good and not evil. |
| 8 | ** May you find forgiveness for yourself and forgive others. |
| 9 | ** May you share freely, never taking more than you give. |
| 10 | ** |
| 11 | ************************************************************************* |
| 12 | ** This file contains code to implement a pseudo-random number |
| 13 | ** generator (PRNG) for SQLite. |
| 14 | ** |
| 15 | ** Random numbers are used by some of the database backends in order |
| 16 | ** to generate random integer keys for tables or random filenames. |
| 17 | */ |
| 18 | #include "sqliteInt.h" |
| 19 | |
| 20 | |
| 21 | /* All threads share a single random number generator. |
| 22 | ** This structure is the current state of the generator. |
| 23 | */ |
| 24 | static SQLITE_WSD struct sqlite3PrngType { |
| 25 | u32 s[16]; /* 64 bytes of chacha20 state */ |
| 26 | u8 out[64]; /* Output bytes */ |
| 27 | u8 n; /* Output bytes remaining */ |
| 28 | } sqlite3Prng; |
| 29 | |
| 30 | |
| 31 | /* The RFC-7539 ChaCha20 block function |
| 32 | */ |
| 33 | #define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) |
| 34 | #define QR(a, b, c, d) ( \ |
| 35 | a += b, d ^= a, d = ROTL(d,16), \ |
| 36 | c += d, b ^= c, b = ROTL(b,12), \ |
| 37 | a += b, d ^= a, d = ROTL(d, 8), \ |
| 38 | c += d, b ^= c, b = ROTL(b, 7)) |
| 39 | static void chacha_block(u32 *out, const u32 *in){ |
| 40 | int i; |
| 41 | u32 x[16]; |
| 42 | memcpy(x, in, 64); |
| 43 | for(i=0; i<10; i++){ |
| 44 | QR(x[0], x[4], x[ 8], x[12]); |
| 45 | QR(x[1], x[5], x[ 9], x[13]); |
| 46 | QR(x[2], x[6], x[10], x[14]); |
| 47 | QR(x[3], x[7], x[11], x[15]); |
| 48 | QR(x[0], x[5], x[10], x[15]); |
| 49 | QR(x[1], x[6], x[11], x[12]); |
| 50 | QR(x[2], x[7], x[ 8], x[13]); |
| 51 | QR(x[3], x[4], x[ 9], x[14]); |
| 52 | } |
| 53 | for(i=0; i<16; i++) out[i] = x[i]+in[i]; |
| 54 | } |
| 55 | |
| 56 | /* |
| 57 | ** Return N random bytes. |
| 58 | */ |
| 59 | void sqlite3_randomness(int N, void *pBuf){ |
| 60 | unsigned char *zBuf = pBuf; |
| 61 | |
| 62 | /* The "wsdPrng" macro will resolve to the pseudo-random number generator |
| 63 | ** state vector. If writable static data is unsupported on the target, |
| 64 | ** we have to locate the state vector at run-time. In the more common |
| 65 | ** case where writable static data is supported, wsdPrng can refer directly |
| 66 | ** to the "sqlite3Prng" state vector declared above. |
| 67 | */ |
| 68 | #ifdef SQLITE_OMIT_WSD |
| 69 | struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng); |
| 70 | # define wsdPrng p[0] |
| 71 | #else |
| 72 | # define wsdPrng sqlite3Prng |
| 73 | #endif |
| 74 | |
| 75 | #if SQLITE_THREADSAFE |
| 76 | sqlite3_mutex *mutex; |
| 77 | #endif |
| 78 | |
| 79 | #ifndef SQLITE_OMIT_AUTOINIT |
| 80 | if( sqlite3_initialize() ) return; |
| 81 | #endif |
| 82 | |
| 83 | #if SQLITE_THREADSAFE |
| 84 | mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG); |
| 85 | #endif |
| 86 | |
| 87 | sqlite3_mutex_enter(mutex); |
| 88 | if( N<=0 || pBuf==0 ){ |
| 89 | wsdPrng.s[0] = 0; |
| 90 | sqlite3_mutex_leave(mutex); |
| 91 | return; |
| 92 | } |
| 93 | |
| 94 | /* Initialize the state of the random number generator once, |
| 95 | ** the first time this routine is called. |
| 96 | */ |
| 97 | if( wsdPrng.s[0]==0 ){ |
| 98 | sqlite3_vfs *pVfs = sqlite3_vfs_find(0); |
| 99 | static const u32 chacha20_init[] = { |
| 100 | 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 |
| 101 | }; |
| 102 | memcpy(&wsdPrng.s[0], chacha20_init, 16); |
| 103 | if( NEVER(pVfs==0) ){ |
| 104 | memset(&wsdPrng.s[4], 0, 44); |
| 105 | }else{ |
| 106 | sqlite3OsRandomness(pVfs, 44, (char*)&wsdPrng.s[4]); |
| 107 | } |
| 108 | wsdPrng.s[15] = wsdPrng.s[12]; |
| 109 | wsdPrng.s[12] = 0; |
| 110 | wsdPrng.n = 0; |
| 111 | } |
| 112 | |
| 113 | assert( N>0 ); |
| 114 | while( 1 /* exit by break */ ){ |
| 115 | if( N<=wsdPrng.n ){ |
| 116 | memcpy(zBuf, &wsdPrng.out[wsdPrng.n-N], N); |
| 117 | wsdPrng.n -= N; |
| 118 | break; |
| 119 | } |
| 120 | if( wsdPrng.n>0 ){ |
| 121 | memcpy(zBuf, wsdPrng.out, wsdPrng.n); |
| 122 | N -= wsdPrng.n; |
| 123 | zBuf += wsdPrng.n; |
| 124 | } |
| 125 | wsdPrng.s[12]++; |
| 126 | chacha_block((u32*)wsdPrng.out, wsdPrng.s); |
| 127 | wsdPrng.n = 64; |
| 128 | } |
| 129 | sqlite3_mutex_leave(mutex); |
| 130 | } |
| 131 | |
| 132 | #ifndef SQLITE_UNTESTABLE |
| 133 | /* |
| 134 | ** For testing purposes, we sometimes want to preserve the state of |
| 135 | ** PRNG and restore the PRNG to its saved state at a later time, or |
| 136 | ** to reset the PRNG to its initial state. These routines accomplish |
| 137 | ** those tasks. |
| 138 | ** |
| 139 | ** The sqlite3_test_control() interface calls these routines to |
| 140 | ** control the PRNG. |
| 141 | */ |
| 142 | static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng; |
| 143 | void sqlite3PrngSaveState(void){ |
| 144 | memcpy( |
| 145 | &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng), |
| 146 | &GLOBAL(struct sqlite3PrngType, sqlite3Prng), |
| 147 | sizeof(sqlite3Prng) |
| 148 | ); |
| 149 | } |
| 150 | void sqlite3PrngRestoreState(void){ |
| 151 | memcpy( |
| 152 | &GLOBAL(struct sqlite3PrngType, sqlite3Prng), |
| 153 | &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng), |
| 154 | sizeof(sqlite3Prng) |
| 155 | ); |
| 156 | } |
| 157 | #endif /* SQLITE_UNTESTABLE */ |
| 158 |
Generated on 2023-Jan-17 from project sqlite revision 3.40.1
Powered by 
Code Browser 2.1
Generator usage only permitted with license.