Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / deps / sqlite / refs/heads/upstream/index-expr-opt / . / src / random.c
blob: 9335fc49dadfae65bb1adc03002bc69a891c2a51 [file] [log] [blame]
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]1/*
drhb19a2bc2001-09-16 00:13:26 +0000[diff] [blame]2** 2001 September 15
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]3**
drhb19a2bc2001-09-16 00:13:26 +0000[diff] [blame]4** The author disclaims copyright to this source code. In place of
5** a legal notice, here is a blessing:
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]6**
drhb19a2bc2001-09-16 00:13:26 +0000[diff] [blame]7** May you do good and not evil.
8** May you find forgiveness for yourself and forgive others.
9** May you share freely, never taking more than you give.
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]10**
11*************************************************************************
12** This file contains code to implement a pseudo-random number
13** generator (PRNG) for SQLite.
14**
15** Random numbers are used by some of the database backends in order
16** to generate random integer keys for tables or random filenames.
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]17*/
18#include "sqliteInt.h"
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]19
drhaf9ff332002-01-16 21:00:27 +0000[diff] [blame]20
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]21/* All threads share a single random number generator.
22** This structure is the current state of the generator.
23*/
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]24static SQLITE_WSD struct sqlite3PrngType {
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]25 u32 s[16]; /* 64 bytes of chacha20 state */
26 u8 out[64]; /* Output bytes */
27 u8 n; /* Output bytes remaining */
drh1875f7a2008-12-08 18:19:17 +0000[diff] [blame]28} sqlite3Prng;
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]29
drhcd05aaf2022-08-16 16:57:33 +0000[diff] [blame]30
31/* The RFC-7539 ChaCha20 block function
32*/
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]33#define ROTL(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
drhcd05aaf2022-08-16 16:57:33 +0000[diff] [blame]34#define QR(a, b, c, d) ( \
35 a += b, d ^= a, d = ROTL(d,16), \
36 c += d, b ^= c, b = ROTL(b,12), \
37 a += b, d ^= a, d = ROTL(d, 8), \
38 c += d, b ^= c, b = ROTL(b, 7))
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]39static void chacha_block(u32 *out, const u32 *in){
40 int i;
41 u32 x[16];
42 memcpy(x, in, 64);
43 for(i=0; i<10; i++){
44 QR(x[0], x[4], x[ 8], x[12]);
45 QR(x[1], x[5], x[ 9], x[13]);
46 QR(x[2], x[6], x[10], x[14]);
47 QR(x[3], x[7], x[11], x[15]);
48 QR(x[0], x[5], x[10], x[15]);
49 QR(x[1], x[6], x[11], x[12]);
50 QR(x[2], x[7], x[ 8], x[13]);
51 QR(x[3], x[4], x[ 9], x[14]);
52 }
53 for(i=0; i<16; i++) out[i] = x[i]+in[i];
54}
55
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]56/*
drhcf5ff122013-08-21 22:09:25 +0000[diff] [blame]57** Return N random bytes.
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]58*/
drhcf5ff122013-08-21 22:09:25 +0000[diff] [blame]59void sqlite3_randomness(int N, void *pBuf){
drhcf5ff122013-08-21 22:09:25 +0000[diff] [blame]60 unsigned char *zBuf = pBuf;
drhad75e982001-10-09 04:19:46 +0000[diff] [blame]61
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]62 /* The "wsdPrng" macro will resolve to the pseudo-random number generator
63 ** state vector. If writable static data is unsupported on the target,
64 ** we have to locate the state vector at run-time. In the more common
65 ** case where writable static data is supported, wsdPrng can refer directly
66 ** to the "sqlite3Prng" state vector declared above.
67 */
68#ifdef SQLITE_OMIT_WSD
69 struct sqlite3PrngType *p = &GLOBAL(struct sqlite3PrngType, sqlite3Prng);
70# define wsdPrng p[0]
71#else
72# define wsdPrng sqlite3Prng
73#endif
74
drhcf5ff122013-08-21 22:09:25 +0000[diff] [blame]75#if SQLITE_THREADSAFE
mistachkindf9c0932014-10-27 19:58:29 +0000[diff] [blame]76 sqlite3_mutex *mutex;
77#endif
78
79#ifndef SQLITE_OMIT_AUTOINIT
80 if( sqlite3_initialize() ) return;
81#endif
82
83#if SQLITE_THREADSAFE
84 mutex = sqlite3MutexAlloc(SQLITE_MUTEX_STATIC_PRNG);
drhcf5ff122013-08-21 22:09:25 +0000[diff] [blame]85#endif
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]86
drhd61a18a2014-10-27 20:14:02 +0000[diff] [blame]87 sqlite3_mutex_enter(mutex);
drh5a5d1202014-10-24 12:37:00 +0000[diff] [blame]88 if( N<=0 || pBuf==0 ){
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]89 wsdPrng.s[0] = 0;
drh5a5d1202014-10-24 12:37:00 +0000[diff] [blame]90 sqlite3_mutex_leave(mutex);
91 return;
92 }
93
drh90bfcda2001-09-23 19:46:51 +0000[diff] [blame]94 /* Initialize the state of the random number generator once,
drhcd05aaf2022-08-16 16:57:33 +0000[diff] [blame]95 ** the first time this routine is called.
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]96 */
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]97 if( wsdPrng.s[0]==0 ){
drha959bf52021-06-15 15:15:40 +0000[diff] [blame]98 sqlite3_vfs *pVfs = sqlite3_vfs_find(0);
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]99 static const u32 chacha20_init[] = {
100 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574
101 };
102 memcpy(&wsdPrng.s[0], chacha20_init, 16);
drha959bf52021-06-15 15:15:40 +0000[diff] [blame]103 if( NEVER(pVfs==0) ){
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]104 memset(&wsdPrng.s[4], 0, 44);
drha959bf52021-06-15 15:15:40 +0000[diff] [blame]105 }else{
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]106 sqlite3OsRandomness(pVfs, 44, (char*)&wsdPrng.s[4]);
drha959bf52021-06-15 15:15:40 +0000[diff] [blame]107 }
drh534945a2022-08-16 16:40:54 +0000[diff] [blame]108 wsdPrng.s[15] = wsdPrng.s[12];
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]109 wsdPrng.s[12] = 0;
110 wsdPrng.n = 0;
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]111 }
112
drhfe980812014-01-01 14:00:13 +0000[diff] [blame]113 assert( N>0 );
drh9113c872022-08-16 00:04:40 +0000[diff] [blame]114 while( 1 /* exit by break */ ){
115 if( N<=wsdPrng.n ){
116 memcpy(zBuf, &wsdPrng.out[wsdPrng.n-N], N);
117 wsdPrng.n -= N;
118 break;
119 }
120 if( wsdPrng.n>0 ){
121 memcpy(zBuf, wsdPrng.out, wsdPrng.n);
122 N -= wsdPrng.n;
123 zBuf += wsdPrng.n;
124 }
125 wsdPrng.s[12]++;
126 chacha_block((u32*)wsdPrng.out, wsdPrng.s);
127 wsdPrng.n = 64;
128 }
drh51fc3472007-08-21 13:51:23 +0000[diff] [blame]129 sqlite3_mutex_leave(mutex);
drhae85dc82001-01-13 14:34:05 +0000[diff] [blame]130}
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]131
drhd12602a2016-12-07 15:49:02 +0000[diff] [blame]132#ifndef SQLITE_UNTESTABLE
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]133/*
134** For testing purposes, we sometimes want to preserve the state of
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]135** PRNG and restore the PRNG to its saved state at a later time, or
136** to reset the PRNG to its initial state. These routines accomplish
137** those tasks.
138**
drh2fa18682008-03-19 14:15:34 +0000[diff] [blame]139** The sqlite3_test_control() interface calls these routines to
140** control the PRNG.
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]141*/
drh1875f7a2008-12-08 18:19:17 +0000[diff] [blame]142static SQLITE_WSD struct sqlite3PrngType sqlite3SavedPrng;
drh2fa18682008-03-19 14:15:34 +0000[diff] [blame]143void sqlite3PrngSaveState(void){
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]144 memcpy(
145 &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
146 &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
147 sizeof(sqlite3Prng)
148 );
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]149}
drh2fa18682008-03-19 14:15:34 +0000[diff] [blame]150void sqlite3PrngRestoreState(void){
drh78f82d12008-09-02 00:52:52 +0000[diff] [blame]151 memcpy(
152 &GLOBAL(struct sqlite3PrngType, sqlite3Prng),
153 &GLOBAL(struct sqlite3PrngType, sqlite3SavedPrng),
154 sizeof(sqlite3Prng)
155 );
drh93aed5a2008-01-16 17:46:38 +0000[diff] [blame]156}
drhd12602a2016-12-07 15:49:02 +0000[diff] [blame]157#endif /* SQLITE_UNTESTABLE */