diff options
| author | Yawning Angel <yawning@schwanenlied.me> | 2025-11-29 09:18:11 +0900 |
|---|---|---|
| committer | Yawning Angel <yawning@schwanenlied.me> | 2025-11-29 10:45:53 +0900 |
| commit | e1ba69ea5192a245263b6a5ea5b4359cae7c0220 (patch) | |
| tree | 5d6b90e5ebe131495bf1b3cd5297a4c19df20790 /base | |
| parent | 0bd6410ea3b2b76eeafaa52c0fa626b4477190e2 (diff) | |
base/runtime: Add `rand_bytes` and `HAS_RAND_BYTES`
Having the OS/runtime provide a cryptographic entropy source is the
right thing to do, and we need it to initialize the default random
number generator.
Diffstat (limited to 'base')
| -rw-r--r-- | base/runtime/os_specific.odin | 10 | ||||
| -rw-r--r-- | base/runtime/os_specific_bsd.odin | 8 | ||||
| -rw-r--r-- | base/runtime/os_specific_darwin.odin | 14 | ||||
| -rw-r--r-- | base/runtime/os_specific_freestanding.odin | 2 | ||||
| -rw-r--r-- | base/runtime/os_specific_haiku.odin | 8 | ||||
| -rw-r--r-- | base/runtime/os_specific_js.odin | 18 | ||||
| -rw-r--r-- | base/runtime/os_specific_linux.odin | 49 | ||||
| -rw-r--r-- | base/runtime/os_specific_orca.odin | 2 | ||||
| -rw-r--r-- | base/runtime/os_specific_wasi.odin | 11 | ||||
| -rw-r--r-- | base/runtime/os_specific_windows.odin | 33 |
10 files changed, 154 insertions, 1 deletions
diff --git a/base/runtime/os_specific.odin b/base/runtime/os_specific.odin index b6c1288d0..16e7e4751 100644 --- a/base/runtime/os_specific.odin +++ b/base/runtime/os_specific.odin @@ -2,10 +2,20 @@ package runtime _OS_Errno :: distinct int +HAS_RAND_BYTES :: _HAS_RAND_BYTES + stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return _stderr_write(data) } +rand_bytes :: proc "contextless" (dst: []byte) { + when HAS_RAND_BYTES { + _rand_bytes(dst) + } else { + panic_contextless("base/runtime: no runtime entropy source") + } +} + exit :: proc "contextless" (code: int) -> ! { _exit(code) }
\ No newline at end of file diff --git a/base/runtime/os_specific_bsd.odin b/base/runtime/os_specific_bsd.odin index de300f1e0..ab8eabb6c 100644 --- a/base/runtime/os_specific_bsd.odin +++ b/base/runtime/os_specific_bsd.odin @@ -4,6 +4,8 @@ package runtime foreign import libc "system:c" +_HAS_RAND_BYTES :: true + @(default_calling_convention="c") foreign libc { @(link_name="write") @@ -14,6 +16,8 @@ foreign libc { } else { __error :: proc() -> ^i32 --- } + + arc4random_buf :: proc(buf: [^]byte, nbytes: uint) --- } _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { @@ -25,6 +29,10 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return int(ret), 0 } +_rand_bytes :: proc "contextless" (dst: []byte) { + arc4random_buf(raw_data(dst), len(dst)) +} + _exit :: proc "contextless" (code: int) -> ! { @(default_calling_convention="c") foreign libc { diff --git a/base/runtime/os_specific_darwin.odin b/base/runtime/os_specific_darwin.odin index 37315240f..576725a1c 100644 --- a/base/runtime/os_specific_darwin.odin +++ b/base/runtime/os_specific_darwin.odin @@ -4,6 +4,8 @@ package runtime import "base:intrinsics" +_HAS_RAND_BYTES :: true + _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { STDERR :: 2 when ODIN_NO_CRT { @@ -29,6 +31,18 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { foreign import libc "system:System" +_rand_bytes :: proc "contextless" (dst: []byte) { + // This process used to use Security/RandomCopyBytes, however + // on every version of MacOS (>= 10.12) that we care about, + // arc4random is implemented securely. + + @(default_calling_convention="c") + foreign libc { + arc4random_buf :: proc(buf: [^]byte, nbytes: uint) --- + } + arc4random_buf(raw_data(dst), len(dst)) +} + _exit :: proc "contextless" (code: int) -> ! { @(default_calling_convention="c") foreign libc { diff --git a/base/runtime/os_specific_freestanding.odin b/base/runtime/os_specific_freestanding.odin index b5a5fb146..3b2b5a714 100644 --- a/base/runtime/os_specific_freestanding.odin +++ b/base/runtime/os_specific_freestanding.odin @@ -2,6 +2,8 @@ #+private package runtime +_HAS_RAND_BYTES :: false + // TODO(bill): reimplement `os.write` _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return 0, -1 diff --git a/base/runtime/os_specific_haiku.odin b/base/runtime/os_specific_haiku.odin index 74ff58cde..7e53539a1 100644 --- a/base/runtime/os_specific_haiku.odin +++ b/base/runtime/os_specific_haiku.odin @@ -4,11 +4,15 @@ package runtime foreign import libc "system:c" +_HAS_RAND_BYTES :: true + foreign libc { @(link_name="write") _unix_write :: proc(fd: i32, buf: rawptr, size: int) -> int --- _errnop :: proc() -> ^i32 --- + + arc4random_buf :: proc(buf: [^]byte, nbytes: uint) --- } _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { @@ -20,7 +24,9 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return int(ret), 0 } - +_rand_bytes :: proc "contextless" (dst: []byte) { + arc4random_buf(raw_data(dst), len(dst)) +} _exit :: proc "contextless" (code: int) -> ! { trap() diff --git a/base/runtime/os_specific_js.odin b/base/runtime/os_specific_js.odin index bd88b1871..8676f3a6e 100644 --- a/base/runtime/os_specific_js.odin +++ b/base/runtime/os_specific_js.odin @@ -4,6 +4,8 @@ package runtime foreign import "odin_env" +_HAS_RAND_BYTES :: true + _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { foreign odin_env { write :: proc "contextless" (fd: u32, p: []byte) --- @@ -12,6 +14,22 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return len(data), 0 } +_rand_bytes :: proc "contextless" (dst: []byte) { + foreign odin_env { + @(link_name = "rand_bytes") + env_rand_bytes :: proc "contextless" (buf: []byte) --- + } + + MAX_PER_CALL_BYTES :: 65536 // 64kiB + + dst := dst + for len(dst) > 0 { + to_read := min(len(dst), MAX_PER_CALL_BYTES) + env_rand_bytes(dst[:to_read]) + + dst = dst[to_read:] + } +} _exit :: proc "contextless" (code: int) -> ! { trap() diff --git a/base/runtime/os_specific_linux.odin b/base/runtime/os_specific_linux.odin index dfe3c8841..1abcc03e5 100644 --- a/base/runtime/os_specific_linux.odin +++ b/base/runtime/os_specific_linux.odin @@ -3,6 +3,8 @@ package runtime import "base:intrinsics" +_HAS_RAND_BYTES :: true + _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { when ODIN_ARCH == .amd64 { SYS_write :: uintptr(1) @@ -25,6 +27,53 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return ret, 0 } +_rand_bytes :: proc "contextless" (dst: []byte) { + when ODIN_ARCH == .amd64 { + SYS_getrandom :: uintptr(318) + } else when ODIN_ARCH == .arm64 { + SYS_getrandom :: uintptr(278) + } else when ODIN_ARCH == .i386 { + SYS_getrandom :: uintptr(355) + } else when ODIN_ARCH == .arm32 { + SYS_getrandom :: uintptr(384) + } else when ODIN_ARCH == .riscv64 { + SYS_getrandom :: uintptr(278) + } else { + #panic("base/runtime: no SYS_getrandom definition for target") + } + + ERR_EINTR :: 4 + ERR_ENOSYS :: 38 + + MAX_PER_CALL_BYTES :: 33554431 // 2^25 - 1 + + dst := dst + l := len(dst) + + for l > 0 { + to_read := min(l, MAX_PER_CALL_BYTES) + ret := int(intrinsics.syscall(SYS_getrandom, uintptr(raw_data(dst[:to_read])), uintptr(to_read), uintptr(0))) + switch ret { + case -ERR_EINTR: + // Call interupted by a signal handler, just retry the + // request. + continue + case -ERR_ENOSYS: + // The kernel is apparently prehistoric (< 3.17 circa 2014) + // and does not support getrandom. + panic_contextless("base/runtime: getrandom not available in kernel") + case: + if ret < 0 { + // All other failures are things that should NEVER happen + // unless the kernel interface changes (ie: the Linux + // developers break userland). + panic_contextless("base/runtime: getrandom failed") + } + } + l -= ret + dst = dst[ret:] + } +} _exit :: proc "contextless" (code: int) -> ! { SYS_exit_group :: diff --git a/base/runtime/os_specific_orca.odin b/base/runtime/os_specific_orca.odin index 491edcfa4..f5ce50411 100644 --- a/base/runtime/os_specific_orca.odin +++ b/base/runtime/os_specific_orca.odin @@ -4,6 +4,8 @@ package runtime import "base:intrinsics" +_HAS_RAND_BYTES :: false + // Constants allowing to specify the level of logging verbosity. log_level :: enum u32 { // Only errors are logged. diff --git a/base/runtime/os_specific_wasi.odin b/base/runtime/os_specific_wasi.odin index 194034865..c5e94653a 100644 --- a/base/runtime/os_specific_wasi.odin +++ b/base/runtime/os_specific_wasi.odin @@ -4,6 +4,8 @@ package runtime foreign import wasi "wasi_snapshot_preview1" +_HAS_RAND_BYTES :: true + @(default_calling_convention="contextless") foreign wasi { fd_write :: proc( @@ -26,6 +28,9 @@ foreign wasi { @(private="file") proc_exit :: proc(rval: u32) -> ! --- + + @(private ="file") + random_get :: proc(buf: []u8) -> u16 --- } _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { @@ -34,6 +39,12 @@ _stderr_write :: proc "contextless" (data: []byte) -> (int, _OS_Errno) { return int(n), _OS_Errno(err) } +_rand_bytes :: proc "contextless" (dst: []byte) { + if errno := random_get(dst); errno != 0 { + panic_contextless("base/runtime: wasi.random_get failed") + } +} + _wasi_setup_args :: proc() { num_of_args, size_of_args: uint if errno := args_sizes_get(&num_of_args, &size_of_args); errno != 0 { diff --git a/base/runtime/os_specific_windows.odin b/base/runtime/os_specific_windows.odin index c5ca1e4c5..d938e87ea 100644 --- a/base/runtime/os_specific_windows.odin +++ b/base/runtime/os_specific_windows.odin @@ -2,8 +2,11 @@ #+private package runtime +foreign import bcrypt "system:Bcrypt.lib" foreign import kernel32 "system:Kernel32.lib" +_HAS_RAND_BYTES :: true + @(private="file") @(default_calling_convention="system") foreign kernel32 { @@ -18,6 +21,12 @@ foreign kernel32 { ExitProcess :: proc(code: u32) -> ! --- } +@(private="file") +@(default_calling_convention="system") +foreign bcrypt { + BCryptGenRandom :: proc(hAlgorithm: rawptr, pBuffer: [^]u8, cbBuffer: u32, dwFlags: u32) -> i32 --- +} + _stderr_write :: proc "contextless" (data: []byte) -> (n: int, err: _OS_Errno) #no_bounds_check { if len(data) == 0 { return 0, 0 @@ -52,6 +61,30 @@ _stderr_write :: proc "contextless" (data: []byte) -> (n: int, err: _OS_Errno) # return } +_rand_bytes :: proc "contextless" (dst: []byte) { + ensure_contextless(u64(len(dst)) <= u64(max(u32)), "base/runtime: oversized rand_bytes request") + + BCRYPT_USE_SYSTEM_PREFERRED_RNG :: 0x00000002 + + ERROR_INVALID_HANDLE :: 6 + ERROR_INVALID_PARAMETER :: 87 + + ret := BCryptGenRandom(nil, raw_data(dst), u32(len(dst)), BCRYPT_USE_SYSTEM_PREFERRED_RNG) + switch ret { + case 0: + case ERROR_INVALID_HANDLE: + // The handle to the first parameter is invalid. + // This should not happen here, since we explicitly pass nil to it + panic_contextless("base/runtime: BCryptGenRandom Invalid handle for hAlgorithm") + case ERROR_INVALID_PARAMETER: + // One of the parameters was invalid + panic_contextless("base/runtime: BCryptGenRandom Invalid parameter") + case: + // Unknown error + panic_contextless("base/runtime: BCryptGenRandom failed") + } +} + _exit :: proc "contextless" (code: int) -> ! { ExitProcess(u32(code)) }
\ No newline at end of file |