From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-oi1-x233.google.com (mail-oi1-x233.google.com [IPv6:2607:f8b0:4864:20::233]) by sourceware.org (Postfix) with ESMTPS id 0BA633858C50 for ; Tue, 29 Mar 2022 19:51:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 0BA633858C50 Received: by mail-oi1-x233.google.com with SMTP id 12so20087367oix.12 for ; Tue, 29 Mar 2022 12:51:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:references:from:in-reply-to :content-transfer-encoding; bh=SpHU7p7G43dSCt6aCFfs3If/+3gfxKNkc0qGQWTHEmM=; b=a0UXuUVXyW1kFWYf2RDMlVajawK2yN8F1wi/RJgHEMFf7BoSajQHZZT8u8ZrO3eYuR wTDaAqqTSrEfQdZVm3wa/FGl1x9vw0Tz5MSOg7oZG6FObOHYxwPt0hw5t27dGx0xlR0i njGVIrAYtiR/ru8759NUEeXPoiyu+33dLHTDlV2UnDjd5sw/+eNifZZza8Lr7X8s+Uwf KRmLrGa2/XzNnVPRWGXxYbNwMQFBBcLiL4nOt1rpIqirS3eHhW6AsAXb4NhnAj6LLZXc W4pt/IFZFoKaH3eJzLqb5rcqjGrMTJ1nPB6SBKOngOgDSAbqhJOkeYhRgtWyYdpQG+2r EW5w== X-Gm-Message-State: AOAM5328/5z4UW09s40M1wYtmfjBAcDMTO3xJYLDrfp7LVzbSZ5Nws2C WOxSBiwnIvOfnMCFrVavF9Epag== X-Google-Smtp-Source: ABdhPJy3vrLnRsrEG9OP5A3hRCaujyVcpRvBbkT0c2bTPmrpiRYiXEhEpodXyar+M+JLkp1jp7QJGQ== X-Received: by 2002:a05:6808:124b:b0:2da:38f0:945f with SMTP id o11-20020a056808124b00b002da38f0945fmr386345oiv.171.1648583474320; Tue, 29 Mar 2022 12:51:14 -0700 (PDT) Received: from ?IPV6:2804:431:c7cb:a6c0:f1e1:dcf6:8c18:df3b? ([2804:431:c7cb:a6c0:f1e1:dcf6:8c18:df3b]) by smtp.gmail.com with ESMTPSA id ej35-20020a056870f72300b000d75f1d9b8asm8502851oab.55.2022.03.29.12.51.12 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 29 Mar 2022 12:51:13 -0700 (PDT) Message-ID: Date: Tue, 29 Mar 2022 16:51:11 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.7.0 Subject: Re: [PATCH v1 1/2] random-bits: Factor out entropy generating function Content-Language: en-US To: Noah Goldstein , libc-alpha@sourceware.org References: <20220328220936.2724834-1-goldstein.w.n@gmail.com> From: Adhemerval Zanella In-Reply-To: <20220328220936.2724834-1-goldstein.w.n@gmail.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-12.1 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Mar 2022 19:51:17 -0000 On 28/03/2022 19:09, Noah Goldstein via Libc-alpha wrote: > On some architectures `clock_gettime` is undesirable as > it may use a syscall or there may be a faster alternative. > Future architecture specific functions can be added in > sysdeps//random-bits-entropy.h to provide a version of > 'random_bits_entropy' that doesn't use 'clock_gettime'. > --- > include/random-bits.h | 16 ++++++-------- > sysdeps/generic/random-bits-entropy.h | 31 +++++++++++++++++++++++++++ > 2 files changed, 37 insertions(+), 10 deletions(-) > create mode 100644 sysdeps/generic/random-bits-entropy.h > > diff --git a/include/random-bits.h b/include/random-bits.h > index 17665b479a..016b87576c 100644 > --- a/include/random-bits.h > +++ b/include/random-bits.h > @@ -19,21 +19,17 @@ > #ifndef _RANDOM_BITS_H > # define _RANDOM_BITS_H > > -#include > -#include > +# include > +# include > > -/* Provides fast pseudo-random bits through clock_gettime. It has unspecified > - starting time, nano-second accuracy, its randomness is significantly better > - than gettimeofday, and for mostly architectures it is implemented through > - vDSO instead of a syscall. Since the source is a system clock, the upper > - bits will have less entropy. */ > +/* Provides fast pseudo-random bits through architecture specific > + random_bits_entropy. Expectation is source is some timing function so > + the upper bits have less entropy. */ > static inline uint32_t > random_bits (void) > { > - struct __timespec64 tv; > - __clock_gettime64 (CLOCK_MONOTONIC, &tv); > + uint32_t ret = random_bits_entropy (); > /* Shuffle the lower bits to minimize the clock bias. */ > - uint32_t ret = tv.tv_nsec ^ tv.tv_sec; > ret ^= (ret << 24) | (ret >> 8); > return ret; > } We already provide hp-timing.h, which uses rdtsc on x86 and clock_gettime on generic interface (and other high precision timing on other architectures). So I think a better way would be to: static inline uint32_t random_bits (void) { hp_timing_t hp; HP_TIMING_NOW (hp); /* Shuffle the lower bits to minimize the clock bias. */ uint32_t ret = hp >> 32 ^ (uint32_t) hp; ret ^= (ret << 24) | (ret >> 8); return ret; } And keep the XOR on with higher bits to keep the clock bias. > diff --git a/sysdeps/generic/random-bits-entropy.h b/sysdeps/generic/random-bits-entropy.h > new file mode 100644 > index 0000000000..53290c7f7a > --- /dev/null > +++ b/sysdeps/generic/random-bits-entropy.h > @@ -0,0 +1,31 @@ > +/* Fast function for generating entropy of random_bits. > + Copyright (C) 2022 Free Software Foundation, Inc. > + This file is part of the GNU C Library. > + > + The GNU C Library is free software; you can redistribute it and/or > + modify it under the terms of the GNU Lesser General Public > + License as published by the Free Software Foundation; either > + version 2.1 of the License, or (at your option) any later version. > + > + The GNU C Library is distributed in the hope that it will be useful, > + but WITHOUT ANY WARRANTY; without even the implied warranty of > + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU > + Lesser General Public License for more details. > + > + You should have received a copy of the GNU Lesser General Public > + License along with the GNU C Library; if not, see > + . */ > + > +#include > +#include > + > +/* Generically use clock_gettime. It has unspecified starting time, nano-second > + accuracy, its randomness is significantly better than gettimeofday, and for > + mostly architectures it is implemented through vDSO instead of a syscall. */ > +static inline uint32_t > +random_bits_entropy (void) > +{ > + struct __timespec64 tv; > + __clock_gettime64 (CLOCK_MONOTONIC, &tv); > + return tv.tv_nsec ^ tv.tv_sec; > +}