diff --git a/backends/concrete-cpu/implementation/src/c_api/csprng.rs b/backends/concrete-cpu/implementation/src/c_api/csprng.rs index 7dda82c3e..275cc39fd 100644 --- a/backends/concrete-cpu/implementation/src/c_api/csprng.rs +++ b/backends/concrete-cpu/implementation/src/c_api/csprng.rs @@ -70,24 +70,50 @@ pub unsafe extern "C" fn concrete_cpu_destroy_concrete_csprng(mem: *mut Csprng) // Returns 1 if the random is crypto secure, -1 if it not secure, 0 if fail. #[no_mangle] pub unsafe extern "C" fn concrete_cpu_crypto_secure_random_128(u128: *mut Uint128) -> c_int { + let buf = &mut (*u128).little_endian_bytes[0..16]; + #[cfg(any(target_arch = "x86_64", target_arch = "x86"))] if is_x86_feature_detected!("rdseed") { let mut rand: u64 = 0; loop { if core::arch::x86_64::_rdseed64_step(&mut rand) == 1 { - (*u128).little_endian_bytes[0..8].copy_from_slice(&rand.to_ne_bytes()); + buf[0..8].copy_from_slice(&rand.to_ne_bytes()); break; } } loop { if core::arch::x86_64::_rdseed64_step(&mut rand) == 1 { - (*u128).little_endian_bytes[8..16].copy_from_slice(&rand.to_ne_bytes()); + buf[8..16].copy_from_slice(&rand.to_ne_bytes()); break; } } return 1; } - let buf = &mut (*u128).little_endian_bytes[0..16]; + #[cfg(all(target_os = "macos", target_arch = "aarch64"))] + { + // SecRandomCopyBytes is available starting with Mac OS 10.7 + // https://developer.apple.com/documentation/security/1399291-secrandomcopybytes?language=objc + // M1 processors started with Mac OS Big Sur 11 + pub enum __SecRandom {} + pub type SecRandomRef = *const __SecRandom; + + #[link(name = "Security", kind = "framework")] + extern "C" { + pub static kSecRandomDefault: SecRandomRef; + + pub fn SecRandomCopyBytes( + rnd: SecRandomRef, + count: usize, + bytes: *mut libc::c_void, + ) -> c_int; + } + unsafe { + let err = SecRandomCopyBytes(kSecRandomDefault, 16, buf.as_ptr() as *mut libc::c_void); + if err == 0 { + return 1; + } + } + } if let Ok(mut random) = std::fs::File::open("/dev/random") { if let Ok(16) = random.read(buf) { return -1;