Intel® Architecture Instruction Set Extensions Programming Reference

ADDITIONAL NEW INSTRUCTIONS
----------------------------------------------------------------------------------------
#define SUCCESS 1
#define RETRY_LIMIT_EXCEEDED 0
#define RETRY_LIMIT 10
int get_random_64( unsigned __int 64 * arand)
{int i ;
for ( i = 0; i < RETRY_LIMIT; i ++) {
if(_rdrand64_step(arand) ) return SUCCESS;
}
return RETRY_LIMIT_EXCEEDED;
}
-------------------------------------------------------------------------------
The RDRAND instruction is first introduced in third-generation Intel Core processors built on 22-nm process.
9.2.2 RDSEED
The RDSEED instruction returns a random number. All Intel processors that support the RDSEED instruction indicate
the availability of the RDSEED instruction via reporting CPUID.(EAX=07H, ECX=0H):EBX.RDSEED[bit 18] =
1.
RDSEED returns random numbers that are supplied by a cryptographically secure, enhanced non-deterministic
random bit generator (Enhanced NRBG). The NRBG is designed to meet the NIST SP 800-90B and NIST SP800-
90C standards.
In order for the hardware design to meet its security goals, the random number generator continuously tests
itself and the random data it is generating. Runtime failures in the random number generator circuitry or statistically
anomalous data occurring by chance will be detected by the self test hardware and flag the resulting data as
being bad. In such extremely rare cases, the RDSEED instruction will return no data instead of bad data.
Under heavy load, with multiple cores executing RDSEED in parallel, it is possible for the demand of random
numbers by software processes/threads to exceed the rate at which the random number generator hardware can
supply them. This will lead to the RDSEED instruction returning no data transitorily. The RDSEED instruction indicates
the occurrence of this situation by clearing the CF flag.
The RDSEED instruction returns with the carry flag set (CF = 1) to indicate valid data is returned. It is recommended
that software using the RDSEED instruction to get random numbers retry for a limited number of iterations
while RDSEED returns CF=0 and complete when valid data is returned, indicated with CF=1. This will deal
with transitory underflows. A retry limit should be employed to prevent a hard failure in the NRBG (expected to
be extremely rare) leading to a busy loop in software.
The intrinsic primitive for RDSEED is defined to address software’s need for the common cases (CF = 1) and the
rare situations (CF = 0). The intrinsic primitive returns a value that reflects the value of the carry flag returned by
the underlying RDRAND instruction. The example below illustrates the recommended usage of an RDRAND
instrinsic in a utility function, a loop to fetch a 64 bit random value with a retry count limit of 10.
9.2.3 RDSEED and VMX interactions
A VM-execution control exists that allows the virtual machine monitor to trap on the instruction. The "RDSEED
exiting" VM-execution control is located at bit 16 of the secondary processor-based VM-execution controls. A VM
exit due to RDSEED will have exit reason 61 (decimal).
9-2 Ref. # 319433-014