1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors
2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be
3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file.
4*6777b538SAndroid Build Coastguard Worker
5*6777b538SAndroid Build Coastguard Worker #ifndef BASE_RAND_UTIL_H_
6*6777b538SAndroid Build Coastguard Worker #define BASE_RAND_UTIL_H_
7*6777b538SAndroid Build Coastguard Worker
8*6777b538SAndroid Build Coastguard Worker #include <stddef.h>
9*6777b538SAndroid Build Coastguard Worker #include <stdint.h>
10*6777b538SAndroid Build Coastguard Worker
11*6777b538SAndroid Build Coastguard Worker #include <algorithm>
12*6777b538SAndroid Build Coastguard Worker #include <string>
13*6777b538SAndroid Build Coastguard Worker #include <vector>
14*6777b538SAndroid Build Coastguard Worker
15*6777b538SAndroid Build Coastguard Worker #include "base/base_export.h"
16*6777b538SAndroid Build Coastguard Worker #include "base/compiler_specific.h"
17*6777b538SAndroid Build Coastguard Worker #include "base/containers/span.h"
18*6777b538SAndroid Build Coastguard Worker #include "base/gtest_prod_util.h"
19*6777b538SAndroid Build Coastguard Worker #include "build/build_config.h"
20*6777b538SAndroid Build Coastguard Worker
21*6777b538SAndroid Build Coastguard Worker #if !BUILDFLAG(IS_NACL)
22*6777b538SAndroid Build Coastguard Worker #include "third_party/boringssl/src/include/openssl/rand.h"
23*6777b538SAndroid Build Coastguard Worker #endif
24*6777b538SAndroid Build Coastguard Worker
25*6777b538SAndroid Build Coastguard Worker namespace memory_simulator {
26*6777b538SAndroid Build Coastguard Worker class MemoryHolder;
27*6777b538SAndroid Build Coastguard Worker }
28*6777b538SAndroid Build Coastguard Worker
29*6777b538SAndroid Build Coastguard Worker namespace base {
30*6777b538SAndroid Build Coastguard Worker
31*6777b538SAndroid Build Coastguard Worker class TimeDelta;
32*6777b538SAndroid Build Coastguard Worker
33*6777b538SAndroid Build Coastguard Worker namespace internal {
34*6777b538SAndroid Build Coastguard Worker
35*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_ANDROID)
36*6777b538SAndroid Build Coastguard Worker // Sets the implementation of RandBytes according to the corresponding
37*6777b538SAndroid Build Coastguard Worker // base::Feature. Thread safe: allows to switch while RandBytes() is in use.
38*6777b538SAndroid Build Coastguard Worker void ConfigureRandBytesFieldTrial();
39*6777b538SAndroid Build Coastguard Worker #endif
40*6777b538SAndroid Build Coastguard Worker
41*6777b538SAndroid Build Coastguard Worker #if !BUILDFLAG(IS_NACL)
42*6777b538SAndroid Build Coastguard Worker void ConfigureBoringSSLBackedRandBytesFieldTrial();
43*6777b538SAndroid Build Coastguard Worker #endif
44*6777b538SAndroid Build Coastguard Worker
45*6777b538SAndroid Build Coastguard Worker // Returns a random double in range [0, 1). For use in allocator shim to avoid
46*6777b538SAndroid Build Coastguard Worker // infinite recursion. Thread-safe.
47*6777b538SAndroid Build Coastguard Worker BASE_EXPORT double RandDoubleAvoidAllocation();
48*6777b538SAndroid Build Coastguard Worker
49*6777b538SAndroid Build Coastguard Worker } // namespace internal
50*6777b538SAndroid Build Coastguard Worker
51*6777b538SAndroid Build Coastguard Worker // Returns a random number in range [0, UINT64_MAX]. Thread-safe.
52*6777b538SAndroid Build Coastguard Worker BASE_EXPORT uint64_t RandUint64();
53*6777b538SAndroid Build Coastguard Worker
54*6777b538SAndroid Build Coastguard Worker // Returns a random number between min and max (inclusive). Thread-safe.
55*6777b538SAndroid Build Coastguard Worker //
56*6777b538SAndroid Build Coastguard Worker // TODO(crbug.com/1488681): Change from fully-closed to half-closed (i.e.
57*6777b538SAndroid Build Coastguard Worker // exclude `max`) to parallel other APIs here.
58*6777b538SAndroid Build Coastguard Worker BASE_EXPORT int RandInt(int min, int max);
59*6777b538SAndroid Build Coastguard Worker
60*6777b538SAndroid Build Coastguard Worker // Returns a random number in range [0, range). Thread-safe.
61*6777b538SAndroid Build Coastguard Worker BASE_EXPORT uint64_t RandGenerator(uint64_t range);
62*6777b538SAndroid Build Coastguard Worker
63*6777b538SAndroid Build Coastguard Worker // Returns a random double in range [0, 1). Thread-safe.
64*6777b538SAndroid Build Coastguard Worker BASE_EXPORT double RandDouble();
65*6777b538SAndroid Build Coastguard Worker
66*6777b538SAndroid Build Coastguard Worker // Returns a random float in range [0, 1). Thread-safe.
67*6777b538SAndroid Build Coastguard Worker BASE_EXPORT float RandFloat();
68*6777b538SAndroid Build Coastguard Worker
69*6777b538SAndroid Build Coastguard Worker // Returns a random duration in [`start`, `limit`). Thread-safe.
70*6777b538SAndroid Build Coastguard Worker //
71*6777b538SAndroid Build Coastguard Worker // REQUIRES: `start` < `limit`
72*6777b538SAndroid Build Coastguard Worker BASE_EXPORT TimeDelta RandTimeDelta(TimeDelta start, TimeDelta limit);
73*6777b538SAndroid Build Coastguard Worker
74*6777b538SAndroid Build Coastguard Worker // Returns a random duration in [`TimeDelta()`, `limit`). Thread-safe.
75*6777b538SAndroid Build Coastguard Worker //
76*6777b538SAndroid Build Coastguard Worker // REQUIRES: `limit.is_positive()`
77*6777b538SAndroid Build Coastguard Worker BASE_EXPORT TimeDelta RandTimeDeltaUpTo(TimeDelta limit);
78*6777b538SAndroid Build Coastguard Worker
79*6777b538SAndroid Build Coastguard Worker // Given input |bits|, convert with maximum precision to a double in
80*6777b538SAndroid Build Coastguard Worker // the range [0, 1). Thread-safe.
81*6777b538SAndroid Build Coastguard Worker BASE_EXPORT double BitsToOpenEndedUnitInterval(uint64_t bits);
82*6777b538SAndroid Build Coastguard Worker
83*6777b538SAndroid Build Coastguard Worker // Given input `bits`, convert with maximum precision to a float in the range
84*6777b538SAndroid Build Coastguard Worker // [0, 1). Thread-safe.
85*6777b538SAndroid Build Coastguard Worker BASE_EXPORT float BitsToOpenEndedUnitIntervalF(uint64_t bits);
86*6777b538SAndroid Build Coastguard Worker
87*6777b538SAndroid Build Coastguard Worker // Fills `output` with random data. Thread-safe.
88*6777b538SAndroid Build Coastguard Worker //
89*6777b538SAndroid Build Coastguard Worker // Although implementations are required to use a cryptographically secure
90*6777b538SAndroid Build Coastguard Worker // random number source, code outside of base/ that relies on this should use
91*6777b538SAndroid Build Coastguard Worker // crypto::RandBytes instead to ensure the requirement is easily discoverable.
92*6777b538SAndroid Build Coastguard Worker BASE_EXPORT void RandBytes(span<uint8_t> output);
93*6777b538SAndroid Build Coastguard Worker // TODO(https://crbug.com/1490484): Migrate callers to the span version.
94*6777b538SAndroid Build Coastguard Worker BASE_EXPORT void RandBytes(void* output, size_t output_length);
95*6777b538SAndroid Build Coastguard Worker
96*6777b538SAndroid Build Coastguard Worker // Creates a vector of `length` bytes, fills it with random data, and returns
97*6777b538SAndroid Build Coastguard Worker // it. Thread-safe.
98*6777b538SAndroid Build Coastguard Worker //
99*6777b538SAndroid Build Coastguard Worker // Although implementations are required to use a cryptographically secure
100*6777b538SAndroid Build Coastguard Worker // random number source, code outside of base/ that relies on this should use
101*6777b538SAndroid Build Coastguard Worker // crypto::RandBytes instead to ensure the requirement is easily discoverable.
102*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::vector<uint8_t> RandBytesAsVector(size_t length);
103*6777b538SAndroid Build Coastguard Worker
104*6777b538SAndroid Build Coastguard Worker // DEPRECATED. Prefert RandBytesAsVector() above.
105*6777b538SAndroid Build Coastguard Worker // Fills a string of length |length| with random data and returns it.
106*6777b538SAndroid Build Coastguard Worker // |length| should be nonzero. Thread-safe.
107*6777b538SAndroid Build Coastguard Worker //
108*6777b538SAndroid Build Coastguard Worker // Note that this is a variation of |RandBytes| with a different return type.
109*6777b538SAndroid Build Coastguard Worker // The returned string is likely not ASCII/UTF-8. Use with care.
110*6777b538SAndroid Build Coastguard Worker //
111*6777b538SAndroid Build Coastguard Worker // Although implementations are required to use a cryptographically secure
112*6777b538SAndroid Build Coastguard Worker // random number source, code outside of base/ that relies on this should use
113*6777b538SAndroid Build Coastguard Worker // crypto::RandBytes instead to ensure the requirement is easily discoverable.
114*6777b538SAndroid Build Coastguard Worker BASE_EXPORT std::string RandBytesAsString(size_t length);
115*6777b538SAndroid Build Coastguard Worker
116*6777b538SAndroid Build Coastguard Worker // An STL UniformRandomBitGenerator backed by RandUint64.
117*6777b538SAndroid Build Coastguard Worker class RandomBitGenerator {
118*6777b538SAndroid Build Coastguard Worker public:
119*6777b538SAndroid Build Coastguard Worker using result_type = uint64_t;
min()120*6777b538SAndroid Build Coastguard Worker static constexpr result_type min() { return 0; }
max()121*6777b538SAndroid Build Coastguard Worker static constexpr result_type max() { return UINT64_MAX; }
operator()122*6777b538SAndroid Build Coastguard Worker result_type operator()() const { return RandUint64(); }
123*6777b538SAndroid Build Coastguard Worker
124*6777b538SAndroid Build Coastguard Worker RandomBitGenerator() = default;
125*6777b538SAndroid Build Coastguard Worker ~RandomBitGenerator() = default;
126*6777b538SAndroid Build Coastguard Worker };
127*6777b538SAndroid Build Coastguard Worker
128*6777b538SAndroid Build Coastguard Worker #if !BUILDFLAG(IS_NACL)
129*6777b538SAndroid Build Coastguard Worker class NonAllocatingRandomBitGenerator {
130*6777b538SAndroid Build Coastguard Worker public:
131*6777b538SAndroid Build Coastguard Worker using result_type = uint64_t;
min()132*6777b538SAndroid Build Coastguard Worker static constexpr result_type min() { return 0; }
max()133*6777b538SAndroid Build Coastguard Worker static constexpr result_type max() { return UINT64_MAX; }
operator()134*6777b538SAndroid Build Coastguard Worker result_type operator()() const {
135*6777b538SAndroid Build Coastguard Worker uint64_t result;
136*6777b538SAndroid Build Coastguard Worker RAND_get_system_entropy_for_custom_prng(reinterpret_cast<uint8_t*>(&result),
137*6777b538SAndroid Build Coastguard Worker sizeof(result));
138*6777b538SAndroid Build Coastguard Worker return result;
139*6777b538SAndroid Build Coastguard Worker }
140*6777b538SAndroid Build Coastguard Worker
141*6777b538SAndroid Build Coastguard Worker NonAllocatingRandomBitGenerator() = default;
142*6777b538SAndroid Build Coastguard Worker ~NonAllocatingRandomBitGenerator() = default;
143*6777b538SAndroid Build Coastguard Worker };
144*6777b538SAndroid Build Coastguard Worker #endif
145*6777b538SAndroid Build Coastguard Worker
146*6777b538SAndroid Build Coastguard Worker // Shuffles [first, last) randomly. Thread-safe.
147*6777b538SAndroid Build Coastguard Worker template <typename Itr>
RandomShuffle(Itr first,Itr last)148*6777b538SAndroid Build Coastguard Worker void RandomShuffle(Itr first, Itr last) {
149*6777b538SAndroid Build Coastguard Worker std::shuffle(first, last, RandomBitGenerator());
150*6777b538SAndroid Build Coastguard Worker }
151*6777b538SAndroid Build Coastguard Worker
152*6777b538SAndroid Build Coastguard Worker #if BUILDFLAG(IS_POSIX)
153*6777b538SAndroid Build Coastguard Worker BASE_EXPORT int GetUrandomFD();
154*6777b538SAndroid Build Coastguard Worker #endif
155*6777b538SAndroid Build Coastguard Worker
156*6777b538SAndroid Build Coastguard Worker class MetricsSubSampler;
157*6777b538SAndroid Build Coastguard Worker
158*6777b538SAndroid Build Coastguard Worker // Fast, insecure pseudo-random number generator.
159*6777b538SAndroid Build Coastguard Worker //
160*6777b538SAndroid Build Coastguard Worker // WARNING: This is not the generator you are looking for. This has significant
161*6777b538SAndroid Build Coastguard Worker // caveats:
162*6777b538SAndroid Build Coastguard Worker // - It is non-cryptographic, so easy to miuse
163*6777b538SAndroid Build Coastguard Worker // - It is neither fork() nor clone()-safe.
164*6777b538SAndroid Build Coastguard Worker // - Synchronization is up to the client.
165*6777b538SAndroid Build Coastguard Worker //
166*6777b538SAndroid Build Coastguard Worker // Always prefer base::Rand*() above, unless you have a use case where its
167*6777b538SAndroid Build Coastguard Worker // overhead is too high, or system calls are disallowed.
168*6777b538SAndroid Build Coastguard Worker //
169*6777b538SAndroid Build Coastguard Worker // Performance: As of 2021, rough overhead on Linux on a desktop machine of
170*6777b538SAndroid Build Coastguard Worker // base::RandUint64() is ~800ns per call (it performs a system call). On Windows
171*6777b538SAndroid Build Coastguard Worker // it is lower. On the same machine, this generator's cost is ~2ns per call,
172*6777b538SAndroid Build Coastguard Worker // regardless of platform.
173*6777b538SAndroid Build Coastguard Worker //
174*6777b538SAndroid Build Coastguard Worker // This is different from |Rand*()| above as it is guaranteed to never make a
175*6777b538SAndroid Build Coastguard Worker // system call to generate a new number, except to seed it. This should *never*
176*6777b538SAndroid Build Coastguard Worker // be used for cryptographic applications, and is not thread-safe.
177*6777b538SAndroid Build Coastguard Worker //
178*6777b538SAndroid Build Coastguard Worker // It is seeded using base::RandUint64() in the constructor, meaning that it
179*6777b538SAndroid Build Coastguard Worker // doesn't need to be seeded. It can be re-seeded though, with
180*6777b538SAndroid Build Coastguard Worker // ReseedForTesting(). Its period is long enough that it should not need to be
181*6777b538SAndroid Build Coastguard Worker // re-seeded during use.
182*6777b538SAndroid Build Coastguard Worker //
183*6777b538SAndroid Build Coastguard Worker // Uses the XorShift128+ generator under the hood.
184*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT InsecureRandomGenerator {
185*6777b538SAndroid Build Coastguard Worker public:
186*6777b538SAndroid Build Coastguard Worker // Never use outside testing, not enough entropy.
187*6777b538SAndroid Build Coastguard Worker void ReseedForTesting(uint64_t seed);
188*6777b538SAndroid Build Coastguard Worker
189*6777b538SAndroid Build Coastguard Worker uint32_t RandUint32();
190*6777b538SAndroid Build Coastguard Worker uint64_t RandUint64();
191*6777b538SAndroid Build Coastguard Worker // In [0, 1).
192*6777b538SAndroid Build Coastguard Worker double RandDouble();
193*6777b538SAndroid Build Coastguard Worker
194*6777b538SAndroid Build Coastguard Worker private:
195*6777b538SAndroid Build Coastguard Worker InsecureRandomGenerator();
196*6777b538SAndroid Build Coastguard Worker // State.
197*6777b538SAndroid Build Coastguard Worker uint64_t a_ = 0, b_ = 0;
198*6777b538SAndroid Build Coastguard Worker
199*6777b538SAndroid Build Coastguard Worker // Before adding a new friend class, make sure that the overhead of
200*6777b538SAndroid Build Coastguard Worker // base::Rand*() is too high, using something more representative than a
201*6777b538SAndroid Build Coastguard Worker // microbenchmark.
202*6777b538SAndroid Build Coastguard Worker
203*6777b538SAndroid Build Coastguard Worker // Uses the generator to fill memory pages with random content to make them
204*6777b538SAndroid Build Coastguard Worker // hard to compress, in a simulation tool not bundled with Chrome. CPU
205*6777b538SAndroid Build Coastguard Worker // overhead must be minimized to correctly measure memory effects.
206*6777b538SAndroid Build Coastguard Worker friend class memory_simulator::MemoryHolder;
207*6777b538SAndroid Build Coastguard Worker // Uses the generator to sub-sample metrics.
208*6777b538SAndroid Build Coastguard Worker friend class MetricsSubSampler;
209*6777b538SAndroid Build Coastguard Worker
210*6777b538SAndroid Build Coastguard Worker FRIEND_TEST_ALL_PREFIXES(RandUtilTest,
211*6777b538SAndroid Build Coastguard Worker InsecureRandomGeneratorProducesBothValuesOfAllBits);
212*6777b538SAndroid Build Coastguard Worker FRIEND_TEST_ALL_PREFIXES(RandUtilTest, InsecureRandomGeneratorChiSquared);
213*6777b538SAndroid Build Coastguard Worker FRIEND_TEST_ALL_PREFIXES(RandUtilTest, InsecureRandomGeneratorRandDouble);
214*6777b538SAndroid Build Coastguard Worker FRIEND_TEST_ALL_PREFIXES(RandUtilPerfTest, InsecureRandomRandUint64);
215*6777b538SAndroid Build Coastguard Worker };
216*6777b538SAndroid Build Coastguard Worker
217*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT MetricsSubSampler {
218*6777b538SAndroid Build Coastguard Worker public:
219*6777b538SAndroid Build Coastguard Worker MetricsSubSampler();
220*6777b538SAndroid Build Coastguard Worker bool ShouldSample(double probability);
221*6777b538SAndroid Build Coastguard Worker
222*6777b538SAndroid Build Coastguard Worker // Make any call to ShouldSample for any instance of MetricsSubSampler
223*6777b538SAndroid Build Coastguard Worker // return true for testing. Cannot be used in conjunction with
224*6777b538SAndroid Build Coastguard Worker // ScopedNeverSampleForTesting.
225*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT ScopedAlwaysSampleForTesting {
226*6777b538SAndroid Build Coastguard Worker public:
227*6777b538SAndroid Build Coastguard Worker ScopedAlwaysSampleForTesting();
228*6777b538SAndroid Build Coastguard Worker ~ScopedAlwaysSampleForTesting();
229*6777b538SAndroid Build Coastguard Worker };
230*6777b538SAndroid Build Coastguard Worker
231*6777b538SAndroid Build Coastguard Worker // Make any call to ShouldSample for any instance of MetricsSubSampler
232*6777b538SAndroid Build Coastguard Worker // return false for testing. Cannot be used in conjunction with
233*6777b538SAndroid Build Coastguard Worker // ScopedAlwaysSampleForTesting.
234*6777b538SAndroid Build Coastguard Worker class BASE_EXPORT ScopedNeverSampleForTesting {
235*6777b538SAndroid Build Coastguard Worker public:
236*6777b538SAndroid Build Coastguard Worker ScopedNeverSampleForTesting();
237*6777b538SAndroid Build Coastguard Worker ~ScopedNeverSampleForTesting();
238*6777b538SAndroid Build Coastguard Worker };
239*6777b538SAndroid Build Coastguard Worker
240*6777b538SAndroid Build Coastguard Worker private:
241*6777b538SAndroid Build Coastguard Worker InsecureRandomGenerator generator_;
242*6777b538SAndroid Build Coastguard Worker };
243*6777b538SAndroid Build Coastguard Worker
244*6777b538SAndroid Build Coastguard Worker } // namespace base
245*6777b538SAndroid Build Coastguard Worker
246*6777b538SAndroid Build Coastguard Worker #endif // BASE_RAND_UTIL_H_
247