LCOV - code coverage report
Current view: top level - lib - random32.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 83 88 94.3 %
Date: 2015-04-12 14:34:49 Functions: 13 13 100.0 %

          Line data    Source code
       1             : /*
       2             :  * This is a maximally equidistributed combined Tausworthe generator
       3             :  * based on code from GNU Scientific Library 1.5 (30 Jun 2004)
       4             :  *
       5             :  * lfsr113 version:
       6             :  *
       7             :  * x_n = (s1_n ^ s2_n ^ s3_n ^ s4_n)
       8             :  *
       9             :  * s1_{n+1} = (((s1_n & 4294967294) << 18) ^ (((s1_n <<  6) ^ s1_n) >> 13))
      10             :  * s2_{n+1} = (((s2_n & 4294967288) <<  2) ^ (((s2_n <<  2) ^ s2_n) >> 27))
      11             :  * s3_{n+1} = (((s3_n & 4294967280) <<  7) ^ (((s3_n << 13) ^ s3_n) >> 21))
      12             :  * s4_{n+1} = (((s4_n & 4294967168) << 13) ^ (((s4_n <<  3) ^ s4_n) >> 12))
      13             :  *
      14             :  * The period of this generator is about 2^113 (see erratum paper).
      15             :  *
      16             :  * From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe
      17             :  * Generators", Mathematics of Computation, 65, 213 (1996), 203--213:
      18             :  * http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps
      19             :  * ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps
      20             :  *
      21             :  * There is an erratum in the paper "Tables of Maximally Equidistributed
      22             :  * Combined LFSR Generators", Mathematics of Computation, 68, 225 (1999),
      23             :  * 261--269: http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme2.ps
      24             :  *
      25             :  *      ... the k_j most significant bits of z_j must be non-zero,
      26             :  *      for each j. (Note: this restriction also applies to the
      27             :  *      computer code given in [4], but was mistakenly not mentioned
      28             :  *      in that paper.)
      29             :  *
      30             :  * This affects the seeding procedure by imposing the requirement
      31             :  * s1 > 1, s2 > 7, s3 > 15, s4 > 127.
      32             :  */
      33             : 
      34             : #include <linux/types.h>
      35             : #include <linux/percpu.h>
      36             : #include <linux/export.h>
      37             : #include <linux/jiffies.h>
      38             : #include <linux/random.h>
      39             : #include <linux/sched.h>
      40             : #include <asm/unaligned.h>
      41             : 
      42             : #ifdef CONFIG_RANDOM32_SELFTEST
      43             : static void __init prandom_state_selftest(void);
      44             : #else
      45             : static inline void prandom_state_selftest(void)
      46             : {
      47             : }
      48             : #endif
      49             : 
      50             : static DEFINE_PER_CPU(struct rnd_state, net_rand_state);
      51             : 
      52             : /**
      53             :  *      prandom_u32_state - seeded pseudo-random number generator.
      54             :  *      @state: pointer to state structure holding seeded state.
      55             :  *
      56             :  *      This is used for pseudo-randomness with no outside seeding.
      57             :  *      For more random results, use prandom_u32().
      58             :  */
      59        4905 : u32 prandom_u32_state(struct rnd_state *state)
      60             : {
      61             : #define TAUSWORTHE(s, a, b, c, d) ((s & c) << d) ^ (((s << a) ^ s) >> b)
      62        4905 :         state->s1 = TAUSWORTHE(state->s1,  6U, 13U, 4294967294U, 18U);
      63        4905 :         state->s2 = TAUSWORTHE(state->s2,  2U, 27U, 4294967288U,  2U);
      64        4905 :         state->s3 = TAUSWORTHE(state->s3, 13U, 21U, 4294967280U,  7U);
      65        4905 :         state->s4 = TAUSWORTHE(state->s4,  3U, 12U, 4294967168U, 13U);
      66             : 
      67        4905 :         return (state->s1 ^ state->s2 ^ state->s3 ^ state->s4);
      68             : }
      69             : EXPORT_SYMBOL(prandom_u32_state);
      70             : 
      71             : /**
      72             :  *      prandom_u32 - pseudo random number generator
      73             :  *
      74             :  *      A 32 bit pseudo-random number is generated using a fast
      75             :  *      algorithm suitable for simulation. This algorithm is NOT
      76             :  *      considered safe for cryptographic use.
      77             :  */
      78         359 : u32 prandom_u32(void)
      79             : {
      80         359 :         struct rnd_state *state = &get_cpu_var(net_rand_state);
      81             :         u32 res;
      82             : 
      83         359 :         res = prandom_u32_state(state);
      84         718 :         put_cpu_var(state);
      85             : 
      86         359 :         return res;
      87             : }
      88             : EXPORT_SYMBOL(prandom_u32);
      89             : 
      90             : /**
      91             :  *      prandom_bytes_state - get the requested number of pseudo-random bytes
      92             :  *
      93             :  *      @state: pointer to state structure holding seeded state.
      94             :  *      @buf: where to copy the pseudo-random bytes to
      95             :  *      @bytes: the requested number of bytes
      96             :  *
      97             :  *      This is used for pseudo-randomness with no outside seeding.
      98             :  *      For more random results, use prandom_bytes().
      99             :  */
     100           1 : void prandom_bytes_state(struct rnd_state *state, void *buf, size_t bytes)
     101             : {
     102             :         u8 *ptr = buf;
     103             : 
     104        4098 :         while (bytes >= sizeof(u32)) {
     105        4096 :                 put_unaligned(prandom_u32_state(state), (u32 *) ptr);
     106        4096 :                 ptr += sizeof(u32);
     107        4096 :                 bytes -= sizeof(u32);
     108             :         }
     109             : 
     110           1 :         if (bytes > 0) {
     111           0 :                 u32 rem = prandom_u32_state(state);
     112             :                 do {
     113           0 :                         *ptr++ = (u8) rem;
     114           0 :                         bytes--;
     115           0 :                         rem >>= BITS_PER_BYTE;
     116           0 :                 } while (bytes > 0);
     117             :         }
     118           1 : }
     119             : EXPORT_SYMBOL(prandom_bytes_state);
     120             : 
     121             : /**
     122             :  *      prandom_bytes - get the requested number of pseudo-random bytes
     123             :  *      @buf: where to copy the pseudo-random bytes to
     124             :  *      @bytes: the requested number of bytes
     125             :  */
     126           1 : void prandom_bytes(void *buf, size_t bytes)
     127             : {
     128           1 :         struct rnd_state *state = &get_cpu_var(net_rand_state);
     129             : 
     130           1 :         prandom_bytes_state(state, buf, bytes);
     131           2 :         put_cpu_var(state);
     132           1 : }
     133             : EXPORT_SYMBOL(prandom_bytes);
     134             : 
     135          45 : static void prandom_warmup(struct rnd_state *state)
     136             : {
     137             :         /* Calling RNG ten times to satisfy recurrence condition */
     138          45 :         prandom_u32_state(state);
     139          45 :         prandom_u32_state(state);
     140          45 :         prandom_u32_state(state);
     141          45 :         prandom_u32_state(state);
     142          45 :         prandom_u32_state(state);
     143          45 :         prandom_u32_state(state);
     144          45 :         prandom_u32_state(state);
     145          45 :         prandom_u32_state(state);
     146          45 :         prandom_u32_state(state);
     147          45 :         prandom_u32_state(state);
     148          45 : }
     149             : 
     150             : static u32 __extract_hwseed(void)
     151             : {
     152             :         unsigned int val = 0;
     153             : 
     154             :         (void)(arch_get_random_seed_int(&val) ||
     155             :                arch_get_random_int(&val));
     156             : 
     157             :         return val;
     158             : }
     159             : 
     160           1 : static void prandom_seed_early(struct rnd_state *state, u32 seed,
     161             :                                bool mix_with_hwseed)
     162             : {
     163             : #define LCG(x)   ((x) * 69069U) /* super-duper LCG */
     164             : #define HWSEED() (mix_with_hwseed ? __extract_hwseed() : 0)
     165           2 :         state->s1 = __seed(HWSEED() ^ LCG(seed),        2U);
     166           2 :         state->s2 = __seed(HWSEED() ^ LCG(state->s1),   8U);
     167           2 :         state->s3 = __seed(HWSEED() ^ LCG(state->s2),  16U);
     168           2 :         state->s4 = __seed(HWSEED() ^ LCG(state->s3), 128U);
     169           1 : }
     170             : 
     171             : /**
     172             :  *      prandom_seed - add entropy to pseudo random number generator
     173             :  *      @seed: seed value
     174             :  *
     175             :  *      Add some additional seeding to the prandom pool.
     176             :  */
     177          42 : void prandom_seed(u32 entropy)
     178             : {
     179             :         int i;
     180             :         /*
     181             :          * No locking on the CPUs, but then somewhat random results are, well,
     182             :          * expected.
     183             :          */
     184          84 :         for_each_possible_cpu (i) {
     185             :                 struct rnd_state *state = &per_cpu(net_rand_state, i);
     186             : 
     187          84 :                 state->s1 = __seed(state->s1 ^ entropy, 2U);
     188          42 :                 prandom_warmup(state);
     189             :         }
     190          42 : }
     191             : EXPORT_SYMBOL(prandom_seed);
     192             : 
     193             : /*
     194             :  *      Generate some initially weak seeding values to allow
     195             :  *      to start the prandom_u32() engine.
     196             :  */
     197           1 : static int __init prandom_init(void)
     198             : {
     199             :         int i;
     200             : 
     201             :         prandom_state_selftest();
     202             : 
     203           2 :         for_each_possible_cpu(i) {
     204             :                 struct rnd_state *state = &per_cpu(net_rand_state,i);
     205           1 :                 u32 weak_seed = (i + jiffies) ^ random_get_entropy();
     206             : 
     207           1 :                 prandom_seed_early(state, weak_seed, true);
     208           1 :                 prandom_warmup(state);
     209             :         }
     210             : 
     211           1 :         return 0;
     212             : }
     213             : core_initcall(prandom_init);
     214             : 
     215             : static void __prandom_timer(unsigned long dontcare);
     216             : 
     217             : static DEFINE_TIMER(seed_timer, __prandom_timer, 0, 0);
     218             : 
     219          40 : static void __prandom_timer(unsigned long dontcare)
     220             : {
     221             :         u32 entropy;
     222             :         unsigned long expires;
     223             : 
     224          40 :         get_random_bytes(&entropy, sizeof(entropy));
     225          40 :         prandom_seed(entropy);
     226             : 
     227             :         /* reseed every ~60 seconds, in [40 .. 80) interval with slack */
     228          40 :         expires = 40 + prandom_u32_max(40);
     229          40 :         seed_timer.expires = jiffies + msecs_to_jiffies(expires * MSEC_PER_SEC);
     230             : 
     231          40 :         add_timer(&seed_timer);
     232          40 : }
     233             : 
     234           1 : static void __init __prandom_start_seed_timer(void)
     235             : {
     236           1 :         set_timer_slack(&seed_timer, HZ);
     237           1 :         seed_timer.expires = jiffies + msecs_to_jiffies(40 * MSEC_PER_SEC);
     238           1 :         add_timer(&seed_timer);
     239           1 : }
     240             : 
     241             : /*
     242             :  *      Generate better values after random number generator
     243             :  *      is fully initialized.
     244             :  */
     245           2 : static void __prandom_reseed(bool late)
     246             : {
     247             :         int i;
     248             :         unsigned long flags;
     249             :         static bool latch = false;
     250             :         static DEFINE_SPINLOCK(lock);
     251             : 
     252             :         /* Asking for random bytes might result in bytes getting
     253             :          * moved into the nonblocking pool and thus marking it
     254             :          * as initialized. In this case we would double back into
     255             :          * this function and attempt to do a late reseed.
     256             :          * Ignore the pointless attempt to reseed again if we're
     257             :          * already waiting for bytes when the nonblocking pool
     258             :          * got initialized.
     259             :          */
     260             : 
     261             :         /* only allow initial seeding (late == false) once */
     262           2 :         if (!spin_trylock_irqsave(&lock, flags))
     263           2 :                 return;
     264             : 
     265           2 :         if (latch && !late)
     266             :                 goto out;
     267             : 
     268           2 :         latch = true;
     269             : 
     270           4 :         for_each_possible_cpu(i) {
     271             :                 struct rnd_state *state = &per_cpu(net_rand_state,i);
     272             :                 u32 seeds[4];
     273             : 
     274           2 :                 get_random_bytes(&seeds, sizeof(seeds));
     275           4 :                 state->s1 = __seed(seeds[0],   2U);
     276           4 :                 state->s2 = __seed(seeds[1],   8U);
     277           4 :                 state->s3 = __seed(seeds[2],  16U);
     278           4 :                 state->s4 = __seed(seeds[3], 128U);
     279             : 
     280           2 :                 prandom_warmup(state);
     281             :         }
     282             : out:
     283             :         spin_unlock_irqrestore(&lock, flags);
     284             : }
     285             : 
     286           1 : void prandom_reseed_late(void)
     287             : {
     288           1 :         __prandom_reseed(true);
     289           1 : }
     290             : 
     291           1 : static int __init prandom_reseed(void)
     292             : {
     293           1 :         __prandom_reseed(false);
     294           1 :         __prandom_start_seed_timer();
     295           1 :         return 0;
     296             : }
     297             : late_initcall(prandom_reseed);
     298             : 
     299             : #ifdef CONFIG_RANDOM32_SELFTEST
     300             : static struct prandom_test1 {
     301             :         u32 seed;
     302             :         u32 result;
     303             : } test1[] = {
     304             :         { 1U, 3484351685U },
     305             :         { 2U, 2623130059U },
     306             :         { 3U, 3125133893U },
     307             :         { 4U,  984847254U },
     308             : };
     309             : 
     310             : static struct prandom_test2 {
     311             :         u32 seed;
     312             :         u32 iteration;
     313             :         u32 result;
     314             : } test2[] = {
     315             :         /* Test cases against taus113 from GSL library. */
     316             :         {  931557656U, 959U, 2975593782U },
     317             :         { 1339693295U, 876U, 3887776532U },
     318             :         { 1545556285U, 961U, 1615538833U },
     319             :         {  601730776U, 723U, 1776162651U },
     320             :         { 1027516047U, 687U,  511983079U },
     321             :         {  416526298U, 700U,  916156552U },
     322             :         { 1395522032U, 652U, 2222063676U },
     323             :         {  366221443U, 617U, 2992857763U },
     324             :         { 1539836965U, 714U, 3783265725U },
     325             :         {  556206671U, 994U,  799626459U },
     326             :         {  684907218U, 799U,  367789491U },
     327             :         { 2121230701U, 931U, 2115467001U },
     328             :         { 1668516451U, 644U, 3620590685U },
     329             :         {  768046066U, 883U, 2034077390U },
     330             :         { 1989159136U, 833U, 1195767305U },
     331             :         {  536585145U, 996U, 3577259204U },
     332             :         { 1008129373U, 642U, 1478080776U },
     333             :         { 1740775604U, 939U, 1264980372U },
     334             :         { 1967883163U, 508U,   10734624U },
     335             :         { 1923019697U, 730U, 3821419629U },
     336             :         {  442079932U, 560U, 3440032343U },
     337             :         { 1961302714U, 845U,  841962572U },
     338             :         { 2030205964U, 962U, 1325144227U },
     339             :         { 1160407529U, 507U,  240940858U },
     340             :         {  635482502U, 779U, 4200489746U },
     341             :         { 1252788931U, 699U,  867195434U },
     342             :         { 1961817131U, 719U,  668237657U },
     343             :         { 1071468216U, 983U,  917876630U },
     344             :         { 1281848367U, 932U, 1003100039U },
     345             :         {  582537119U, 780U, 1127273778U },
     346             :         { 1973672777U, 853U, 1071368872U },
     347             :         { 1896756996U, 762U, 1127851055U },
     348             :         {  847917054U, 500U, 1717499075U },
     349             :         { 1240520510U, 951U, 2849576657U },
     350             :         { 1685071682U, 567U, 1961810396U },
     351             :         { 1516232129U, 557U,    3173877U },
     352             :         { 1208118903U, 612U, 1613145022U },
     353             :         { 1817269927U, 693U, 4279122573U },
     354             :         { 1510091701U, 717U,  638191229U },
     355             :         {  365916850U, 807U,  600424314U },
     356             :         {  399324359U, 702U, 1803598116U },
     357             :         { 1318480274U, 779U, 2074237022U },
     358             :         {  697758115U, 840U, 1483639402U },
     359             :         { 1696507773U, 840U,  577415447U },
     360             :         { 2081979121U, 981U, 3041486449U },
     361             :         {  955646687U, 742U, 3846494357U },
     362             :         { 1250683506U, 749U,  836419859U },
     363             :         {  595003102U, 534U,  366794109U },
     364             :         {   47485338U, 558U, 3521120834U },
     365             :         {  619433479U, 610U, 3991783875U },
     366             :         {  704096520U, 518U, 4139493852U },
     367             :         { 1712224984U, 606U, 2393312003U },
     368             :         { 1318233152U, 922U, 3880361134U },
     369             :         {  855572992U, 761U, 1472974787U },
     370             :         {   64721421U, 703U,  683860550U },
     371             :         {  678931758U, 840U,  380616043U },
     372             :         {  692711973U, 778U, 1382361947U },
     373             :         {  677703619U, 530U, 2826914161U },
     374             :         {   92393223U, 586U, 1522128471U },
     375             :         { 1222592920U, 743U, 3466726667U },
     376             :         {  358288986U, 695U, 1091956998U },
     377             :         { 1935056945U, 958U,  514864477U },
     378             :         {  735675993U, 990U, 1294239989U },
     379             :         { 1560089402U, 897U, 2238551287U },
     380             :         {   70616361U, 829U,   22483098U },
     381             :         {  368234700U, 731U, 2913875084U },
     382             :         {   20221190U, 879U, 1564152970U },
     383             :         {  539444654U, 682U, 1835141259U },
     384             :         { 1314987297U, 840U, 1801114136U },
     385             :         { 2019295544U, 645U, 3286438930U },
     386             :         {  469023838U, 716U, 1637918202U },
     387             :         { 1843754496U, 653U, 2562092152U },
     388             :         {  400672036U, 809U, 4264212785U },
     389             :         {  404722249U, 965U, 2704116999U },
     390             :         {  600702209U, 758U,  584979986U },
     391             :         {  519953954U, 667U, 2574436237U },
     392             :         { 1658071126U, 694U, 2214569490U },
     393             :         {  420480037U, 749U, 3430010866U },
     394             :         {  690103647U, 969U, 3700758083U },
     395             :         { 1029424799U, 937U, 3787746841U },
     396             :         { 2012608669U, 506U, 3362628973U },
     397             :         { 1535432887U, 998U,   42610943U },
     398             :         { 1330635533U, 857U, 3040806504U },
     399             :         { 1223800550U, 539U, 3954229517U },
     400             :         { 1322411537U, 680U, 3223250324U },
     401             :         { 1877847898U, 945U, 2915147143U },
     402             :         { 1646356099U, 874U,  965988280U },
     403             :         {  805687536U, 744U, 4032277920U },
     404             :         { 1948093210U, 633U, 1346597684U },
     405             :         {  392609744U, 783U, 1636083295U },
     406             :         {  690241304U, 770U, 1201031298U },
     407             :         { 1360302965U, 696U, 1665394461U },
     408             :         { 1220090946U, 780U, 1316922812U },
     409             :         {  447092251U, 500U, 3438743375U },
     410             :         { 1613868791U, 592U,  828546883U },
     411             :         {  523430951U, 548U, 2552392304U },
     412             :         {  726692899U, 810U, 1656872867U },
     413             :         { 1364340021U, 836U, 3710513486U },
     414             :         { 1986257729U, 931U,  935013962U },
     415             :         {  407983964U, 921U,  728767059U },
     416             : };
     417             : 
     418             : static void __init prandom_state_selftest(void)
     419             : {
     420             :         int i, j, errors = 0, runs = 0;
     421             :         bool error = false;
     422             : 
     423             :         for (i = 0; i < ARRAY_SIZE(test1); i++) {
     424             :                 struct rnd_state state;
     425             : 
     426             :                 prandom_seed_early(&state, test1[i].seed, false);
     427             :                 prandom_warmup(&state);
     428             : 
     429             :                 if (test1[i].result != prandom_u32_state(&state))
     430             :                         error = true;
     431             :         }
     432             : 
     433             :         if (error)
     434             :                 pr_warn("prandom: seed boundary self test failed\n");
     435             :         else
     436             :                 pr_info("prandom: seed boundary self test passed\n");
     437             : 
     438             :         for (i = 0; i < ARRAY_SIZE(test2); i++) {
     439             :                 struct rnd_state state;
     440             : 
     441             :                 prandom_seed_early(&state, test2[i].seed, false);
     442             :                 prandom_warmup(&state);
     443             : 
     444             :                 for (j = 0; j < test2[i].iteration - 1; j++)
     445             :                         prandom_u32_state(&state);
     446             : 
     447             :                 if (test2[i].result != prandom_u32_state(&state))
     448             :                         errors++;
     449             : 
     450             :                 runs++;
     451             :                 cond_resched();
     452             :         }
     453             : 
     454             :         if (errors)
     455             :                 pr_warn("prandom: %d/%d self tests failed\n", errors, runs);
     456             :         else
     457             :                 pr_info("prandom: %d self tests passed\n", runs);
     458             : }
     459             : #endif

Generated by: LCOV version 1.11