53  * Implementation of a buffered RNG, described in § 1.2-1.4 of the whitepaper.
57  * Initialize a buffered rng instance (either the static root instance, or a
62 fxrng_brng_init(struct fxrng_buffered_rng *rng)  in fxrng_brng_init()  argument
64 	fxrng_rng_init(&rng->brng_rng, rng == &fxrng_root);  in fxrng_brng_init()
67 	rng->brng_avail_idx = sizeof(rng->brng_buffer);  in fxrng_brng_init()
91 	struct fxrng_buffered_rng *rng;  in fxrng_brng_src_reseed()  local
93 	rng = &fxrng_root;  in fxrng_brng_src_reseed()
94 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_src_reseed()
95 	ASSERT_DEBUG(rng->brng_generation > 0, "root RNG not seeded");  in fxrng_brng_src_reseed()
97 	fxrng_rng_src_reseed(&rng->brng_rng, event);  in fxrng_brng_src_reseed()
98 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_src_reseed()
107 	rng->brng_generation++;  in fxrng_brng_src_reseed()
108 	atomic_store_rel_64(&fxrng_root_generation, rng->brng_generation);  in fxrng_brng_src_reseed()
110 	fxrng_push_seed_generation(rng->brng_generation);  in fxrng_brng_src_reseed()
111 	FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_src_reseed()
122 	struct fxrng_buffered_rng *rng;  in fxrng_brng_reseed()  local
124 	rng = &fxrng_root;  in fxrng_brng_reseed()
125 	FXRNG_BRNG_LOCK(rng);  in fxrng_brng_reseed()
127 	fxrng_rng_reseed(&rng->brng_rng, (rng->brng_generation > 0), entr, sz);  in fxrng_brng_reseed()
128 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_reseed()
130 	rng->brng_generation++;  in fxrng_brng_reseed()
131 	atomic_store_rel_64(&fxrng_root_generation, rng->brng_generation);  in fxrng_brng_reseed()
133 	fxrng_push_seed_generation(rng->brng_generation);  in fxrng_brng_reseed()
134 	FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_reseed()
153  * Grab some bytes off an initialized, current generation RNG.
157  * Locking protocol is a bit odd.  The RNG is locked on entrance, but the lock
159  * RNG generation.
162 fxrng_brng_getbytes_internal(struct fxrng_buffered_rng *rng, void *buf,  in fxrng_brng_getbytes_internal()  argument
166 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_getbytes_internal()
170 		FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_getbytes_internal()
175 	if (rng->brng_avail_idx + nbytes <= sizeof(rng->brng_buffer)) {  in fxrng_brng_getbytes_internal()
176 		memcpy(buf, &rng->brng_buffer[rng->brng_avail_idx], nbytes);  in fxrng_brng_getbytes_internal()
177 		explicit_bzero(&rng->brng_buffer[rng->brng_avail_idx], nbytes);  in fxrng_brng_getbytes_internal()
178 		rng->brng_avail_idx += nbytes;  in fxrng_brng_getbytes_internal()
179 		FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_getbytes_internal()
184 	if (nbytes < sizeof(rng->brng_buffer)) {  in fxrng_brng_getbytes_internal()
188 		if (rng->brng_avail_idx < sizeof(rng->brng_buffer)) {  in fxrng_brng_getbytes_internal()
189 			rem = sizeof(rng->brng_buffer) - rng->brng_avail_idx;  in fxrng_brng_getbytes_internal()
192 			memcpy(buf, &rng->brng_buffer[rng->brng_avail_idx], rem);  in fxrng_brng_getbytes_internal()
203 		fxrng_rng_genrandom_internal(&rng->brng_rng, rng->brng_buffer,  in fxrng_brng_getbytes_internal()
204 		    sizeof(rng->brng_buffer), false);  in fxrng_brng_getbytes_internal()
205 		FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_getbytes_internal()
206 		rng->brng_avail_idx = 0;  in fxrng_brng_getbytes_internal()
208 		memcpy(buf, &rng->brng_buffer[rng->brng_avail_idx], nbytes);  in fxrng_brng_getbytes_internal()
209 		explicit_bzero(&rng->brng_buffer[rng->brng_avail_idx], nbytes);  in fxrng_brng_getbytes_internal()
210 		rng->brng_avail_idx += nbytes;  in fxrng_brng_getbytes_internal()
211 		FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_getbytes_internal()
216 	fxrng_rng_genrandom_internal(&rng->brng_rng, buf, nbytes, true);  in fxrng_brng_getbytes_internal()
219 	FXRNG_BRNG_ASSERT_NOT(rng);  in fxrng_brng_getbytes_internal()
224  * API to get a new key for a downstream RNG.  Returns the new key in 'buf', as
227  * 'rng' is locked on entry and unlocked on return.
234 fxrng_brng_produce_seed_data_internal(struct fxrng_buffered_rng *rng,  in fxrng_brng_produce_seed_data_internal()  argument
237 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_produce_seed_data_internal()
240 	*seed_generation = rng->brng_generation;  in fxrng_brng_produce_seed_data_internal()
241 	fxrng_brng_getbytes_internal(rng, buf, keysz);  in fxrng_brng_produce_seed_data_internal()
242 	FXRNG_BRNG_ASSERT_NOT(rng);  in fxrng_brng_produce_seed_data_internal()
252 fxrng_brng_read(struct fxrng_buffered_rng *rng, void *buf, size_t nbytes)  in fxrng_brng_read()  argument
256 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_read()
259 	if (rng->brng_generation == atomic_load_acq_64(&fxrng_root_generation))  in fxrng_brng_read()
262 	ASSERT(rng != &fxrng_root, "root rng inconsistent seed version");  in fxrng_brng_read()
270 	FXRNG_BRNG_UNLOCK(rng);  in fxrng_brng_read()
272 	FXRNG_BRNG_LOCK(rng);  in fxrng_brng_read()
278 	if (__predict_false(rng->brng_generation ==  in fxrng_brng_read()
285 	    sizeof(newkey), &rng->brng_generation);  in fxrng_brng_read()
288 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_read()
290 	fxrng_rng_setkey(&rng->brng_rng, newkey, sizeof(newkey));  in fxrng_brng_read()
304 	rng->brng_avail_idx = sizeof(rng->brng_buffer);  in fxrng_brng_read()
307 	if (rng != &fxrng_root)  in fxrng_brng_read()
309 	FXRNG_BRNG_ASSERT(rng);  in fxrng_brng_read()
311 	fxrng_brng_getbytes_internal(rng, buf, nbytes);  in fxrng_brng_read()
312 	FXRNG_BRNG_ASSERT_NOT(rng);  in fxrng_brng_read()