Software APIs
random_order.h
Go to the documentation of this file.
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#ifndef OPENTITAN_SW_DEVICE_LIB_BASE_RANDOM_ORDER_H_
6#define OPENTITAN_SW_DEVICE_LIB_BASE_RANDOM_ORDER_H_
7
8#include <stddef.h>
9#include <stdint.h>
10
11#include "sw/device/lib/base/hardened.h"
12
13#ifdef __cplusplus
14extern "C" {
15#endif // __cplusplus
16
17/**
18 * @file
19 * @brief Functions for generating random traversal orders.
20 */
21
22/**
23 * Expects some external implementation of randomness to be linked.
24 *
25 * @return A fresh random word.
26 */
27extern uint32_t random_order_random_word(void);
28
29/**
30 * Context for a random traversal order.
31 *
32 * A "random traversal order" specifies a random order to walk through some
33 * buffer of length `n`, which is an important building block for
34 * constant-power code. Given `n`, the random order emits integers in the
35 * range `[0..n)` with a randomized starting point in that range.
36 */
37typedef struct random_order {
38 /**
39 * Next index to return.
40 */
41 size_t state;
42 /**
43 * Maximum index to return (exclusive).
44 */
45 size_t max;
46 /**
47 * Total number of iterations so far.
48 */
49 size_t ctr;
50} random_order_t;
51
52/**
53 * Hardened check that a random_order iteration is complete.
54 *
55 * @param ctx The context to check.
56 */
57#define RANDOM_ORDER_HARDENED_CHECK_DONE(ctx_) \
58 HARDENED_CHECK_EQ(ctx_.max, ctx_.ctr)
59
60/**
61 * Constructs a new, randomly-seeded traversal order,
62 * running from `0` to at least `min_len`.
63 *
64 * NOTE: although it is not an error to initialize a context with a length of
65 * zero, it is an error to `advance` when the length is zero.
66 *
67 * This function does not take a seed as input; instead, the seed is
68 * extracted, in some manner or another, from the hardware by this function.
69 *
70 * The EDN must be initialized before calling this function, since it uses the
71 * Ibex RND interface and will wait until entropy is available.
72 *
73 * @param rnd Function to call for fresh randomness.
74 * @param ctx The context to initialize.
75 * @param min_len The minimum length this traversal order must visit.
76 */
77void random_order_init(random_order_t *ctx, size_t min_len);
78
79/**
80 * Returns the length of the sequence represented by `ctx`.
81 *
82 * This value represents the number of times `random_order_advance()` may be
83 * called.
84 *
85 * @param ctx The context to query.
86 * @return The length of the sequence.
87 */
88size_t random_order_len(const random_order_t *ctx);
89
90/**
91 * Returns the next element in the sequence represented by `ctx`.
92 *
93 * See `random_order_len()` for discovering how many times this function can
94 * be called.
95 *
96 * @param ctx The context to advance.
97 * @return The next value in the sequence.
98 */
99size_t random_order_advance(random_order_t *ctx);
100
101#ifdef __cplusplus
102} // extern "C"
103#endif // __cplusplus
104
105#endif // OPENTITAN_SW_DEVICE_LIB_BASE_RANDOM_ORDER_H_