bevy_prng 0.14.2

A crate providing newtyped RNGs for integration into Bevy.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155

use alloc::rc::Rc;
use core::{cell::UnsafeCell, convert::Infallible};
use std::thread_local;

use chacha20::ChaCha8Rng;
use rand_core::{SeedableRng, TryCryptoRng, TryRng};

thread_local! {
    // We require `Rc` to avoid premature freeing when `ThreadLocalEntropy` is used within thread-local destructors.
    static SOURCE: Rc<UnsafeCell<ChaCha8Rng>> = {
        Rc::new(UnsafeCell::new(ChaCha8Rng::try_from_rng(&mut getrandom::SysRng).expect("Unable to source entropy for initialisation")))
    };
}

/// [`ThreadLocalEntropy`] uses thread local [`ChaCha8Rng`] instances to provide faster alternative for
/// sourcing entropy to OS/Hardware sources. The use of `ChaCha8` with 8 rounds as opposed to 12 or 20 rounds
/// is due to tuning for additional speed/throughput. While this does minimise the quality of the entropy,
/// the output should still be sufficiently secure as per the recommendations set in the
/// [Too Much Crypto](https://eprint.iacr.org/2019/1492.pdf) paper. [`ThreadLocalEntropy`] is not thread-safe and
/// cannot be sent or synchronised between threads, it should be initialised within each thread context it is
/// needed in.
pub struct ThreadLocalEntropy(Rc<UnsafeCell<ChaCha8Rng>>);

impl ThreadLocalEntropy {
    /// Obtain a new [`ThreadLocalEntropy`] instance.
    pub fn get() -> Result<Self, std::thread::AccessError> {
        Ok(Self(SOURCE.try_with(Rc::clone)?))
    }

    /// Initiates an access to the thread local source, passing a `&mut ChaCha8Rng` to the
    /// closure.
    #[inline(always)]
    fn access_local_source<F, O>(&mut self, f: F) -> Result<O, Infallible>
    where
        F: FnOnce(&mut ChaCha8Rng) -> Result<O, Infallible>,
    {
        // SAFETY: The `&mut` reference constructed here will never outlive the closure
        // for the thread local access. It is also will never be a null pointer and is aligned.
        unsafe { f(&mut *self.0.get()) }
    }
}

impl core::fmt::Debug for ThreadLocalEntropy {
    fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result {
        f.debug_tuple("ThreadLocalEntropy").finish()
    }
}

impl TryRng for ThreadLocalEntropy {
    type Error = Infallible;

    fn try_next_u32(&mut self) -> Result<u32, Self::Error> {
        self.access_local_source(TryRng::try_next_u32)
    }

    fn try_next_u64(&mut self) -> Result<u64, Self::Error> {
        self.access_local_source(TryRng::try_next_u64)
    }

    fn try_fill_bytes(&mut self, dst: &mut [u8]) -> Result<(), Self::Error> {
        self.access_local_source(|source| source.try_fill_bytes(dst))
    }
}

impl TryCryptoRng for ThreadLocalEntropy {}

#[cfg(test)]
mod tests {
    use alloc::{format, vec, vec::Vec};

    use rand_core::Rng;

    use super::*;

    #[test]
    fn smoke_test() -> Result<(), std::thread::AccessError> {
        let mut rng1 = ThreadLocalEntropy::get()?;
        let mut rng2 = ThreadLocalEntropy::get()?;

        // Neither instance should interfere with each other
        rng1.next_u32();
        rng2.next_u64();

        let mut bytes1 = vec![0u8; 128];
        let mut bytes2 = vec![0u8; 128];

        rng1.fill_bytes(&mut bytes1);
        rng2.fill_bytes(&mut bytes2);

        // ThreadLocalEntropy instances won't output the same entropy as the
        // underlying thread local source gets mutated each access.
        assert_ne!(&bytes1, &bytes2);

        Ok(())
    }

    #[test]
    fn unique_source_per_thread() {
        let mut bytes1: Vec<u8> = vec![0u8; 128];
        let mut bytes2: Vec<u8> = vec![0u8; 128];

        let b1 = bytes1.as_mut();
        let b2 = bytes2.as_mut();

        let (a, b) = std::thread::scope(|s| {
            let a = s.spawn(move || {
                // Obtain a thread local entropy source from this thread context.
                // It should be initialised with a random state.
                let mut rng =
                    ThreadLocalEntropy::get().expect("Should not fail when accessing local source");

                // Use the source to produce some stored entropy.
                rng.fill_bytes(b1);

                rng.access_local_source(|rng| Ok(rng.next_u64()))
            });
            let b = s.spawn(move || {
                // Obtain a thread local entropy source from this thread context.
                // It should be initialised with a random state.
                let mut rng =
                    ThreadLocalEntropy::get().expect("Should not fail when accessing local source");

                // Use the source to produce some stored entropy.
                rng.fill_bytes(b2);

                rng.access_local_source(|rng| Ok(rng.next_u64()))
            });

            (a.join(), b.join())
        });

        let Ok(a) = a.unwrap();
        let Ok(b) = b.unwrap();

        // The references to the thread local RNG sources will not be
        // the same, as they each were initialised with different random
        // states to each other from OS sources, even though each went
        // through the exact same deterministic steps to fill some bytes.
        // If the tasks ran on the same thread, then the RNG sources should
        // be in different resulting states as the same source was advanced
        // further.
        assert_ne!(a, b);

        // Double check the entropy output in each buffer is not the same either.
        assert_ne!(&bytes1, &bytes2);
    }

    #[test]
    fn non_leaking_debug() {
        assert_eq!(
            "Ok(ThreadLocalEntropy)",
            format!("{:?}", ThreadLocalEntropy::get())
        );
    }
}