/*
 * Copyright (C) Igor Sysoev
 * Copyright (C) NGINX, Inc.
 */


#include <njs_main.h>
#if (NJS_HAVE_GETRANDOM)
#include <sys/random.h>
#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)
#include <CommonCrypto/CommonCryptoError.h>
#include <CommonCrypto/CommonRandom.h>
#elif (NJS_HAVE_LINUX_SYS_GETRANDOM)
#include <sys/syscall.h>
#include <linux/random.h>
#elif (NJS_HAVE_GETENTROPY_SYS_RANDOM)
#include <sys/random.h>
#endif


/*
 * The pseudorandom generator based on OpenBSD arc4random.  Although
 * it is usually stated that arc4random uses RC4 pseudorandom generation
 * algorithm they are actually different in njs_random_add().
 */


#define NJS_RANDOM_KEY_SIZE  128


njs_inline uint8_t njs_random_byte(njs_random_t *r);


void
njs_random_init(njs_random_t *r, njs_pid_t pid)
{
    njs_uint_t  i;

    r->count = 0;
    r->pid = pid;
    r->i = 0;
    r->j = 0;

    for (i = 0; i < 256; i++) {
        r->s[i] = i;
    }
}


void
njs_random_stir(njs_random_t *r, njs_pid_t pid)
{
    int             fd;
    ssize_t         n;
    struct timeval  tv;
    union {
        uint32_t    value[3];
        u_char      bytes[NJS_RANDOM_KEY_SIZE];
    } key;

    if (r->pid == 0) {
        njs_random_init(r, pid);
    }

    r->pid = pid;

#if (NJS_HAVE_GETRANDOM)

    n = getrandom(&key, NJS_RANDOM_KEY_SIZE, 0);

#elif (NJS_HAVE_LINUX_SYS_GETRANDOM)

    /* Linux 3.17 SYS_getrandom, not available in Glibc prior to 2.25. */

    n = syscall(SYS_getrandom, &key, NJS_RANDOM_KEY_SIZE, 0);

#elif (NJS_HAVE_CCRANDOMGENERATEBYTES)

    /* Apple discourages the use of getentropy. */

    n = 0;

    if (CCRandomGenerateBytes(&key, NJS_RANDOM_KEY_SIZE) == kCCSuccess) {
        n = NJS_RANDOM_KEY_SIZE;
    }

#elif (NJS_HAVE_GETENTROPY || NJS_HAVE_GETENTROPY_SYS_RANDOM)

    n = 0;

    if (getentropy(&key, NJS_RANDOM_KEY_SIZE) == 0) {
        n = NJS_RANDOM_KEY_SIZE;
    }

#else

    n = 0;

#endif

    if (n != NJS_RANDOM_KEY_SIZE) {
        fd = open("/dev/urandom", O_RDONLY);

        if (fd >= 0) {
            n = read(fd, &key, NJS_RANDOM_KEY_SIZE);
            (void) close(fd);
        }
    }

    if (n != NJS_RANDOM_KEY_SIZE) {
        (void) gettimeofday(&tv, NULL);

        /* XOR with stack garbage. */

        key.value[0] ^= tv.tv_usec;
        key.value[1] ^= tv.tv_sec;
        key.value[2] ^= getpid();
    }

    njs_msan_unpoison(&key, NJS_RANDOM_KEY_SIZE);

    njs_random_add(r, key.bytes, NJS_RANDOM_KEY_SIZE);

    /* Drop the first 3072 bytes. */
    for (n = 3072; n != 0; n--) {
        (void) njs_random_byte(r);
    }

    /* Stir again after 1,600,000 bytes. */
    r->count = 400000;
}


void
njs_random_add(njs_random_t *r, const u_char *key, uint32_t len)
{
    uint8_t   val;
    uint32_t  n;

    for (n = 0; n < 256; n++) {
        val = r->s[r->i];
        r->j += val + key[n % len];

        r->s[r->i] = r->s[r->j];
        r->s[r->j] = val;

        r->i++;
    }

    /* This index is not decremented in RC4 algorithm. */
    r->i--;

    r->j = r->i;
}


uint32_t
njs_random(njs_random_t *r)
{
    uint32_t    val;
    njs_pid_t   pid;
    njs_bool_t  new_pid;

    new_pid = 0;
    pid = r->pid;

    if (pid != -1) {
        pid = getpid();

        if (pid != r->pid) {
            new_pid = 1;
        }
    }

    r->count--;

    if (r->count <= 0 || new_pid) {
        njs_random_stir(r, pid);
    }

    val  = (uint32_t) njs_random_byte(r) << 24;
    val |= (uint32_t) njs_random_byte(r) << 16;
    val |= (uint32_t) njs_random_byte(r) << 8;
    val |= (uint32_t) njs_random_byte(r);

    return val;
}


njs_inline uint8_t
njs_random_byte(njs_random_t *r)
{
    uint8_t  si, sj;

    r->i++;
    si = r->s[r->i];
    r->j += si;

    sj = r->s[r->j];
    r->s[r->i] = sj;
    r->s[r->j] = si;

    si += sj;

    return r->s[si];
}