Bitcoin Core
22.99.0
P2P Digital Currency

#include <random.h>
#include <compat/cpuid.h>
#include <crypto/sha256.h>
#include <crypto/sha512.h>
#include <support/cleanse.h>
#include <logging.h>
#include <randomenv.h>
#include <support/allocators/secure.h>
#include <sync.h>
#include <util/time.h>
#include <cmath>
#include <stdlib.h>
#include <thread>
#include <fcntl.h>
#include <sys/time.h>
Go to the source code of this file.
Enumerations  
enum  RNGLevel { RNGLevel::FAST, RNGLevel::SLOW, RNGLevel::PERIODIC } 
Functions  
static void  RandFailure () 
static int64_t  GetPerformanceCounter () noexcept 
static void  InitHardwareRand () 
static void  ReportHardwareRand () 
static void  SeedHardwareFast (CSHA512 &hasher) noexcept 
Add 64 bits of entropy gathered from hardware to hasher. More...  
static void  SeedHardwareSlow (CSHA512 &hasher) noexcept 
Add 256 bits of entropy gathered from hardware to hasher. More...  
static void  Strengthen (const unsigned char(&seed)[32], int microseconds, CSHA512 &hasher) noexcept 
Use repeated SHA512 to strengthen the randomness in seed32, and feed into hasher. More...  
static void  GetDevURandom (unsigned char *ent32) 
Fallback: get 32 bytes of system entropy from /dev/urandom. More...  
void  GetOSRand (unsigned char *ent32) 
Get 32 bytes of system entropy. More...  
static void  SeedTimestamp (CSHA512 &hasher) noexcept 
static void  SeedFast (CSHA512 &hasher) noexcept 
static void  SeedSlow (CSHA512 &hasher, RNGState &rng) noexcept 
static void  SeedStrengthen (CSHA512 &hasher, RNGState &rng, int microseconds) noexcept 
Extract entropy from rng, strengthen it, and feed it into hasher. More...  
static void  SeedPeriodic (CSHA512 &hasher, RNGState &rng) noexcept 
static void  SeedStartup (CSHA512 &hasher, RNGState &rng) noexcept 
static void  ProcRand (unsigned char *out, int num, RNGLevel level) noexcept 
void  GetRandBytes (unsigned char *buf, int num) noexcept 
Overall design of the RNG and entropy sources. More...  
void  GetStrongRandBytes (unsigned char *buf, int num) noexcept 
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using it. More...  
void  RandAddPeriodic () noexcept 
Gather entropy from various expensive sources, and feed them to the PRNG state. More...  
void  RandAddEvent (const uint32_t event_info) noexcept 
Gathers entropy from the low bits of the time at which events occur. More...  
uint64_t  GetRand (uint64_t nMax) noexcept 
Generate a uniform random integer in the range [0..range). More...  
int  GetRandInt (int nMax) noexcept 
uint256  GetRandHash () noexcept 
bool  Random_SanityCheck () 
Check that OS randomness is available and returning the requested number of bytes. More...  
void  RandomInit () 
Initialize global RNG state and log any CPU features that are used. More...  
std::chrono::microseconds  GetExponentialRand (std::chrono::microseconds now, std::chrono::seconds average_interval) 
Return a timestamp in the future sampled from an exponential distribution (https://en.wikipedia.org/wiki/Exponential_distribution). More...  
Variables  
bool  g_mock_deterministic_tests {false} 
Flag to make GetRand in random.h return the same number. More...  

strong 
Enumerator  

FAST  Automatically called by GetRandBytes. 
SLOW  Automatically called by GetStrongRandBytes. 
PERIODIC  Called by RandAddPeriodic() 
Definition at line 546 of file random.cpp.

static 
Fallback: get 32 bytes of system entropy from /dev/urandom.
The most compatible way to get cryptographic randomness on UNIXish platforms.
Definition at line 255 of file random.cpp.
std::chrono::microseconds GetExponentialRand  (  std::chrono::microseconds  now, 
std::chrono::seconds  average_interval  
) 
Return a timestamp in the future sampled from an exponential distribution (https://en.wikipedia.org/wiki/Exponential_distribution).
This distribution is memoryless and should be used for repeated network events (e.g. sending a certain type of message) to minimize leaking information to observers.
The probability of an event occurring before time x is 1  e^(x/a) where a is the average interval between events.
Definition at line 715 of file random.cpp.
void GetOSRand  (  unsigned char *  ent32  ) 
Get 32 bytes of system entropy.
Do not use this in application code: use GetStrongRandBytes instead.
Definition at line 275 of file random.cpp.

inlinestaticnoexcept 

noexcept 
Generate a uniform random integer in the range [0..range).
Precondition: range > 0
Definition at line 588 of file random.cpp.

noexcept 
Overall design of the RNG and entropy sources.
We maintain a single global 256bit RNG state for all highquality randomness. The following (classes of) functions interact with that state by mixing in new entropy, and optionally extracting random output from it:
On first use of the RNG (regardless of what function is called first), all entropy sources used in the 'slow' seeder are included, but also:
When mixing in new entropy, H = SHA512(entropy  old_rng_state) is computed, and (up to) the first 32 bytes of H are produced as output, while the last 32 bytes become the new RNG state. Generate random data via the internal PRNG.
These functions are designed to be fast (sub microsecond), but do not necessarily meaningfully add entropy to the PRNG state.
Threadsafe.
Definition at line 581 of file random.cpp.

noexcept 
Definition at line 598 of file random.cpp.

noexcept 
Definition at line 593 of file random.cpp.

noexcept 
Gather entropy from various sources, feed it into the internal PRNG, and generate random data using it.
This function will cause failure whenever the OS RNG fails.
Threadsafe.
Definition at line 582 of file random.cpp.

static 
Definition at line 183 of file random.cpp.

staticnoexcept 
Definition at line 552 of file random.cpp.

noexcept 
Gathers entropy from the low bits of the time at which events occur.
Should be called with a uint32_t describing the event at the time an event occurs.
Threadsafe.
Definition at line 584 of file random.cpp.

noexcept 
Gather entropy from various expensive sources, and feed them to the PRNG state.
Threadsafe.
Definition at line 583 of file random.cpp.

static 
bool Random_SanityCheck  (  ) 
Check that OS randomness is available and returning the requested number of bytes.
Definition at line 638 of file random.cpp.
void RandomInit  (  ) 
Initialize global RNG state and log any CPU features that are used.
Calling this function is optional. RNG state will be initialized when first needed if it is not called.
Definition at line 707 of file random.cpp.

static 

staticnoexcept 
Definition at line 460 of file random.cpp.

staticnoexcept 
Add 64 bits of entropy gathered from hardware to hasher.
Do nothing if not supported.
Definition at line 188 of file random.cpp.

staticnoexcept 
Add 256 bits of entropy gathered from hardware to hasher.
Do nothing if not supported.
Definition at line 199 of file random.cpp.

staticnoexcept 
Definition at line 506 of file random.cpp.

staticnoexcept 
Definition at line 475 of file random.cpp.

staticnoexcept 
Definition at line 526 of file random.cpp.

staticnoexcept 
Extract entropy from rng, strengthen it, and feed it into hasher.
Definition at line 497 of file random.cpp.

staticnoexcept 
Definition at line 454 of file random.cpp.

staticnoexcept 
Use repeated SHA512 to strengthen the randomness in seed32, and feed into hasher.
Definition at line 224 of file random.cpp.
bool g_mock_deterministic_tests {false} 
Flag to make GetRand in random.h return the same number.
Definition at line 586 of file random.cpp.