getrandom/src/windows.rs

// Copyright 2018 Developers of the Rand project.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.

use crate::Error;
use core::{ffi::c_void, mem::MaybeUninit, num::NonZeroU32, ptr};

const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;

#[link(name = "bcrypt")]
extern "system" {
    fn BCryptGenRandom(
        hAlgorithm: *mut c_void,
        pBuffer: *mut u8,
        cbBuffer: u32,
        dwFlags: u32,
    ) -> u32;
}

// Forbidden when targetting UWP
#[cfg(not(target_vendor = "uwp"))]
#[link(name = "advapi32")]
extern "system" {
    #[link_name = "SystemFunction036"]
    fn RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u8;
}

pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
    // Prevent overflow of u32
    for chunk in dest.chunks_mut(u32::max_value() as usize) {
        // BCryptGenRandom was introduced in Windows Vista
        let ret = unsafe {
            BCryptGenRandom(
                ptr::null_mut(),
                chunk.as_mut_ptr() as *mut u8,
                chunk.len() as u32,
                BCRYPT_USE_SYSTEM_PREFERRED_RNG,
            )
        };
        // NTSTATUS codes use the two highest bits for severity status.
        if ret >> 30 == 0b11 {
            // Failed. Try RtlGenRandom as a fallback.
            #[cfg(not(target_vendor = "uwp"))]
            {
                let ret =
                    unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };
                if ret != 0 {
                    continue;
                }
            }
            // We zeroize the highest bit, so the error code will reside
            // inside the range designated for OS codes.
            let code = ret ^ (1 << 31);
            // SAFETY: the second highest bit is always equal to one,
            // so it's impossible to get zero. Unfortunately the type
            // system does not have a way to express this yet.
            let code = unsafe { NonZeroU32::new_unchecked(code) };
            return Err(Error::from(code));
        }
    }
    Ok(())
}
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`// Copyright 2018 Developers of the Rand project.`
			`//`
			`// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or`
			`// https://www.apache.org/licenses/LICENSE-2.0> or the MIT license`
			`// <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your`
			`// option. This file may not be copied, modified, or distributed`
			`// except according to those terms.`

			`use crate::Error;`
Add `getrandom_uninit_slice(dest: &mut [MaybeUninit<u8>]) -> ...`. (#291) * Add `getrandom_uninit(dest: &mut [MaybeUninit<u8>]) -> ...`. Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes #226. * Revert testing changes Signed-off-by: Joe Richey <joerichey@google.com> * Allow rdrand tests to work with new implementation Signed-off-by: Joe Richey <joerichey@google.com> * Add Additional benchmarks and buffer size Signed-off-by: Joe Richey <joerichey@google.com> * Use pointer casts instead of transmute Signed-off-by: Joe Richey <joerichey@google.com> * Avoid initializing the buffer in `getrandom_uninit` benchmarks. * Benchmarks: Consume the result in `black_box`. Signed-off-by: Joe Richey <joerichey@google.com> Co-authored-by: Joe Richey <joerichey@google.com> 2022-10-20 19:09:20 -07:00			`use core::{ffi::c_void, mem::MaybeUninit, num::NonZeroU32, ptr};`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00
			`const BCRYPT_USE_SYSTEM_PREFERRED_RNG: u32 = 0x00000002;`

Replace build.rs with link attributes (#205) 2021-02-17 02:09:32 +00:00			`#[link(name = "bcrypt")]`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`extern "system" {`
			`fn BCryptGenRandom(`
			`hAlgorithm: *mut c_void,`
			`pBuffer: *mut u8,`
			`cbBuffer: u32,`
			`dwFlags: u32,`
			`) -> u32;`
			`}`

Add in a RtlGenRandom fallback for non-UWP Windows (#337) * Add in a RtlGenRandom fallback for non-UWP Windows In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes #314 * style suggestion Co-authored-by: Artyom Pavlov <newpavlov@gmail.com> * appease clippy --------- Co-authored-by: Artyom Pavlov <newpavlov@gmail.com> 2023-02-22 15:42:52 -05:00			`// Forbidden when targetting UWP`
			`#[cfg(not(target_vendor = "uwp"))]`
			`#[link(name = "advapi32")]`
			`extern "system" {`
			`#[link_name = "SystemFunction036"]`
			`fn RtlGenRandom(RandomBuffer: *mut c_void, RandomBufferLength: u32) -> u8;`
			`}`

Add `getrandom_uninit_slice(dest: &mut [MaybeUninit<u8>]) -> ...`. (#291) * Add `getrandom_uninit(dest: &mut [MaybeUninit<u8>]) -> ...`. Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes #226. * Revert testing changes Signed-off-by: Joe Richey <joerichey@google.com> * Allow rdrand tests to work with new implementation Signed-off-by: Joe Richey <joerichey@google.com> * Add Additional benchmarks and buffer size Signed-off-by: Joe Richey <joerichey@google.com> * Use pointer casts instead of transmute Signed-off-by: Joe Richey <joerichey@google.com> * Avoid initializing the buffer in `getrandom_uninit` benchmarks. * Benchmarks: Consume the result in `black_box`. Signed-off-by: Joe Richey <joerichey@google.com> Co-authored-by: Joe Richey <joerichey@google.com> 2022-10-20 19:09:20 -07:00			`pub fn getrandom_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`// Prevent overflow of u32`
			`for chunk in dest.chunks_mut(u32::max_value() as usize) {`
Add notes when various functions were added (#257) Signed-off-by: Joe Richey <joerichey@google.com> 2022-04-03 12:24:03 -07:00			`// BCryptGenRandom was introduced in Windows Vista`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`let ret = unsafe {`
			`BCryptGenRandom(`
			`ptr::null_mut(),`
Add `getrandom_uninit_slice(dest: &mut [MaybeUninit<u8>]) -> ...`. (#291) * Add `getrandom_uninit(dest: &mut [MaybeUninit<u8>]) -> ...`. Add a public API for filling an `&mut [MaybeUninit<u8>]`. This will primarily serve as the building block for more typeful APIs for constructing random arrays. Increase the MSRV to 1.36, as `MaybeUninit` was added in that release. Fixes #226. * Revert testing changes Signed-off-by: Joe Richey <joerichey@google.com> * Allow rdrand tests to work with new implementation Signed-off-by: Joe Richey <joerichey@google.com> * Add Additional benchmarks and buffer size Signed-off-by: Joe Richey <joerichey@google.com> * Use pointer casts instead of transmute Signed-off-by: Joe Richey <joerichey@google.com> * Avoid initializing the buffer in `getrandom_uninit` benchmarks. * Benchmarks: Consume the result in `black_box`. Signed-off-by: Joe Richey <joerichey@google.com> Co-authored-by: Joe Richey <joerichey@google.com> 2022-10-20 19:09:20 -07:00			`chunk.as_mut_ptr() as *mut u8,`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`chunk.len() as u32,`
			`BCRYPT_USE_SYSTEM_PREFERRED_RNG,`
			`)`
			`};`
log: Remove optional log dependancy (#131) This feature isn't enabled by rand/rand_core and provides very little error information that isn't already conveyed through our Error values. This also simplifies the supported configuration space for getrandom. We update the docs and CI to match this change. 2020-01-09 13:27:09 -08:00			`// NTSTATUS codes use the two highest bits for severity status.`
			`if ret >> 30 == 0b11 {`
Add in a RtlGenRandom fallback for non-UWP Windows (#337) * Add in a RtlGenRandom fallback for non-UWP Windows In some instances BCryptRandom will fail when RtlGenRandom will work. On UWP, we might be unable to actually use RtlGenRandom. Thread the needle and use RtlGenRandom when we have to, when we're able. See also rust-lang/rust#108060 Fixes #314 * style suggestion Co-authored-by: Artyom Pavlov <newpavlov@gmail.com> * appease clippy --------- Co-authored-by: Artyom Pavlov <newpavlov@gmail.com> 2023-02-22 15:42:52 -05:00			`// Failed. Try RtlGenRandom as a fallback.`
			`#[cfg(not(target_vendor = "uwp"))]`
			`{`
			`let ret =`
			`unsafe { RtlGenRandom(chunk.as_mut_ptr() as *mut c_void, chunk.len() as u32) };`
			`if ret != 0 {`
			`continue;`
			`}`
			`}`
log: Remove optional log dependancy (#131) This feature isn't enabled by rand/rand_core and provides very little error information that isn't already conveyed through our Error values. This also simplifies the supported configuration space for getrandom. We update the docs and CI to match this change. 2020-01-09 13:27:09 -08:00			`// We zeroize the highest bit, so the error code will reside`
			`// inside the range designated for OS codes.`
			`let code = ret ^ (1 << 31);`
			`// SAFETY: the second highest bit is always equal to one,`
			`// so it's impossible to get zero. Unfortunately the type`
			`// system does not have a way to express this yet.`
			`let code = unsafe { NonZeroU32::new_unchecked(code) };`
			`return Err(Error::from(code));`
Add Windows UWP support (#69) 2019-08-08 14:31:21 +00:00			`}`
			`}`
			`Ok(())`
			`}`