[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Implement code to manage a per-thread instance of crypto_fast_rng()
commit b25cd5cfe168b85500c160ca538a44d9adba52c1
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date: Tue Feb 19 15:23:31 2019 -0500
Implement code to manage a per-thread instance of crypto_fast_rng()
The subsystems API makes this really simple, fortunately.
Closes ticket 29536
---
changes/ticket29536 | 9 +++++
src/lib/crypt_ops/crypto_init.c | 7 ++++
src/lib/crypt_ops/crypto_rand.h | 9 +++++
src/lib/crypt_ops/crypto_rand_fast.c | 67 +++++++++++++++++++++++++++++++++++-
4 files changed, 91 insertions(+), 1 deletion(-)
diff --git a/changes/ticket29536 b/changes/ticket29536
new file mode 100644
index 000000000..a5ae26b70
--- /dev/null
+++ b/changes/ticket29536
@@ -0,0 +1,9 @@
+ o Minor features (performance, RNG):
+ - Tor now constructs a fast secure pseudorandom number generator for
+ each thread, to use for cases where performance is critical. This PRNG
+ is based on AES-CTR, using a buffering construction similar to
+ libottery and the (newer) OpenBSD arc4random() code. It outperforms
+ OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for small outputs.
+ Although we believe it to be cryptographically strong, we are only
+ using it when necessary for reasonable performance. Implements tickets
+ 29023 and 29536.
diff --git a/src/lib/crypt_ops/crypto_init.c b/src/lib/crypt_ops/crypto_init.c
index 4040085c7..cf491f32d 100644
--- a/src/lib/crypt_ops/crypto_init.c
+++ b/src/lib/crypt_ops/crypto_init.c
@@ -12,6 +12,8 @@
#include "orconfig.h"
+#define CRYPTO_PRIVATE
+
#include "lib/crypt_ops/crypto_init.h"
#include "lib/crypt_ops/crypto_curve25519.h"
@@ -69,6 +71,8 @@ crypto_early_init(void)
if (crypto_init_siphash_key() < 0)
return -1;
+ crypto_rand_fast_init();
+
curve25519_init();
ed25519_init();
}
@@ -111,6 +115,7 @@ crypto_thread_cleanup(void)
#ifdef ENABLE_OPENSSL
crypto_openssl_thread_cleanup();
#endif
+ destroy_thread_fast_rng();
}
/**
@@ -129,6 +134,8 @@ crypto_global_cleanup(void)
crypto_nss_global_cleanup();
#endif
+ crypto_rand_fast_shutdown();
+
crypto_early_initialized_ = 0;
crypto_global_initialized_ = 0;
have_seeded_siphash = 0;
diff --git a/src/lib/crypt_ops/crypto_rand.h b/src/lib/crypt_ops/crypto_rand.h
index 8a81a4acd..6eef22ed4 100644
--- a/src/lib/crypt_ops/crypto_rand.h
+++ b/src/lib/crypt_ops/crypto_rand.h
@@ -68,6 +68,15 @@ unsigned crypto_fast_rng_get_uint(crypto_fast_rng_t *rng, unsigned limit);
uint64_t crypto_fast_rng_get_uint64(crypto_fast_rng_t *rng, uint64_t limit);
double crypto_fast_rng_get_double(crypto_fast_rng_t *rng);
+crypto_fast_rng_t *get_thread_fast_rng(void);
+
+#ifdef CRYPTO_PRIVATE
+/* These are only used from crypto_init.c */
+void destroy_thread_fast_rng(void);
+void crypto_rand_fast_init(void);
+void crypto_rand_fast_shutdown(void);
+#endif
+
#if defined(TOR_UNIT_TESTS)
/* Used for white-box testing */
size_t crypto_fast_rng_get_bytes_used_per_stream(void);
diff --git a/src/lib/crypt_ops/crypto_rand_fast.c b/src/lib/crypt_ops/crypto_rand_fast.c
index 34e763bf5..760e1025e 100644
--- a/src/lib/crypt_ops/crypto_rand_fast.c
+++ b/src/lib/crypt_ops/crypto_rand_fast.c
@@ -33,6 +33,7 @@
*/
#define CRYPTO_RAND_FAST_PRIVATE
+#define CRYPTO_PRIVATE
#include "lib/crypt_ops/crypto_rand.h"
#include "lib/crypt_ops/crypto_cipher.h"
@@ -41,6 +42,7 @@
#include "lib/intmath/cmp.h"
#include "lib/cc/ctassert.h"
#include "lib/malloc/map_anon.h"
+#include "lib/thread/threads.h"
#include "lib/log/util_bug.h"
@@ -122,7 +124,8 @@ crypto_fast_rng_new(void)
* long.
*
* Note that this object is NOT thread-safe. If you need a thread-safe
- * prng, use crypto_rand(), or wrap this in a mutex.
+ * prng, you should probably look at get_thread_fast_rng(). Alternatively,
+ * use crypto_rand(), wrap this in a mutex.
**/
crypto_fast_rng_t *
crypto_fast_rng_new_from_seed(const uint8_t *seed)
@@ -261,3 +264,65 @@ crypto_fast_rng_get_bytes_used_per_stream(void)
return BUFLEN;
}
#endif
+
+/**
+ * Thread-local instance for our fast RNG.
+ **/
+static tor_threadlocal_t thread_rng;
+
+/**
+ * Return a per-thread fast RNG, initializing it if necessary.
+ *
+ * You do not need to free this yourself.
+ *
+ * It is NOT safe to share this value across threads.
+ **/
+crypto_fast_rng_t *
+get_thread_fast_rng(void)
+{
+ crypto_fast_rng_t *rng = tor_threadlocal_get(&thread_rng);
+
+ if (PREDICT_UNLIKELY(rng == NULL)) {
+ rng = crypto_fast_rng_new();
+ tor_threadlocal_set(&thread_rng, rng);
+ }
+
+ return rng;
+}
+
+/**
+ * Used when a thread is exiting: free the per-thread fast RNG if needed.
+ * Invoked from the crypto subsystem's thread-cleanup code.
+ **/
+void
+destroy_thread_fast_rng(void)
+{
+ crypto_fast_rng_t *rng = tor_threadlocal_get(&thread_rng);
+ if (!rng)
+ return;
+ crypto_fast_rng_free(rng);
+ tor_threadlocal_set(&thread_rng, NULL);
+}
+
+/**
+ * Initialize the global thread-local key that will be used to keep track
+ * of per-thread fast RNG instances. Called from the crypto subsystem's
+ * initialization code.
+ **/
+void
+crypto_rand_fast_init(void)
+{
+ tor_threadlocal_init(&thread_rng);
+}
+
+/**
+ * Initialize the global thread-local key that will be used to keep track
+ * of per-thread fast RNG instances. Called from the crypto subsystem's
+ * shutdown code.
+ **/
+void
+crypto_rand_fast_shutdown(void)
+{
+ destroy_thread_fast_rng();
+ tor_threadlocal_destroy(&thread_rng);
+}
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits