Stowage/ladybird
2
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-11-04 07:10:57 +00:00
Code Issues Projects Releases Packages Wiki Activity
ladybird/AK/Random.cpp
R-Goc 20662f0dc9 AK: Add windows support in AK/Random 
This commit adds support in AK/Random for a high quality RNG on windows.
This requires moving the code into a cpp file not to spread windows
headers around.
2025-05-15 07:41:02 -06:00

100 lines
3.7 KiB
C++
Raw Blame History

/*
* Copyright (c) 2021, the SerenityOS developers.
*
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <AK/Platform.h>
#include <AK/Random.h>
#include <AK/UFixedBigInt.h>
#include <AK/UFixedBigIntDivision.h>
#if defined(AK_OS_WINDOWS)
# include <AK/NumericLimits.h>
# include <AK/Windows.h>
# include <bcrypt.h>
# include <ntstatus.h>
#endif
namespace AK {
// NOTE: This function is supposed to always give a random number. If possible it is of good quality, but it can fall
// back to rand() if it fails on some systems. For high speed you should probably use a different generator.
// See MathObject::random() from LibJS. Where cryptographic security is needed use LibCrypto/SecureRandom.h.
void fill_with_random([[maybe_unused]] Bytes bytes)
{
#if defined(AK_OS_SERENITY) || defined(AK_OS_ANDROID) || defined(AK_OS_BSD_GENERIC) || defined(AK_OS_HAIKU) || AK_LIBC_GLIBC_PREREQ(2, 36)
arc4random_buf(bytes.data(), bytes.size());
#elif defined(OSS_FUZZ)
#else
auto fill_with_random_fallback = [&]() {
for (auto& byte : bytes)
byte = rand();
};
# if defined(__unix__)
// The maximum permitted value for the getentropy length argument.
static constexpr size_t getentropy_length_limit = 256;
auto iterations = bytes.size() / getentropy_length_limit;
for (size_t i = 0; i < iterations; ++i) {
if (getentropy(bytes.data(), getentropy_length_limit) != 0) {
fill_with_random_fallback();
return;
}
bytes = bytes.slice(getentropy_length_limit);
}
if (bytes.is_empty() || getentropy(bytes.data(), bytes.size()) == 0)
return;
# elif defined(AK_OS_WINDOWS)
if (bytes.size() > NumericLimits<u32>::max()) [[unlikely]] {
fill_with_random_fallback();
return;
}
// NOTE: This is more secure than needed. But on modern hardware it be should more than fast enough.
NTSTATUS result = ::BCryptGenRandom(NULL, bytes.data(), bytes.size(), BCRYPT_USE_SYSTEM_PREFERRED_RNG);
if (result == STATUS_SUCCESS)
return;
# endif
fill_with_random_fallback();
#endif
}
u32 get_random_uniform(u32 max_bounds)
{
// If we try to divide all 2**32 numbers into groups of "max_bounds" numbers, we may end up
// with a group around 2**32-1 that is a bit too small. For this reason, the implementation
// `arc4random() % max_bounds` would be insufficient. Here we compute the last number of the
// last "full group". Note that if max_bounds is a divisor of UINT32_MAX,
// then we end up with UINT32_MAX:
u32 const max_usable = UINT32_MAX - (static_cast<u64>(UINT32_MAX) + 1) % max_bounds;
auto random_value = get_random<u32>();
for (int i = 0; i < 20 && random_value > max_usable; ++i) {
// By chance we picked a value from the incomplete group. Note that this group has size at
// most 2**31-1, so picking this group has a chance of less than 50%.
// In practice, this means that for the worst possible input, there is still only a
// once-in-a-million chance to get to iteration 20. In theory we should be able to loop
// forever. Here we prefer marginally imperfect random numbers over weird runtime behavior.
random_value = get_random<u32>();
}
return random_value % max_bounds;
}
u64 get_random_uniform_64(u64 max_bounds)
{
// Uses the same algorithm as `get_random_uniform`,
// by replacing u64 with u128 and u32 with u64.
u64 const max_usable = UINT64_MAX - static_cast<u64>((static_cast<u128>(UINT64_MAX) + 1) % max_bounds);
auto random_value = get_random<u64>();
for (int i = 0; i < 20 && random_value > max_usable; ++i) {
random_value = get_random<u64>();
}
return random_value % max_bounds;
}
}
Reference in a new issue View git blame Copy permalink