From fd091b04316db9dc5fafadbd6bdbe60b127408a9 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Thu, 2 Jan 2020 08:32:06 -0800 Subject: Update nitrokey crate to 0.4.0 This change finally updates the version of the nitrokey crate that we consume to 0.4.0. Along with that we update rand_core, one of its dependencies, to 0.5.1. Further more we add cfg-if in version 0.1.10 and getrandom in version 0.1.13, both of which are now new (non-development) dependencies. Import subrepo nitrokey/:nitrokey at e81057037e9b4f370b64c0a030a725bc6bdfb870 Import subrepo cfg-if/:cfg-if at 4484a6faf816ff8058088ad857b0c6bb2f4b02b2 Import subrepo getrandom/:getrandom at d661aa7e1b8cc80b47dabe3d2135b3b47d2858af Import subrepo rand/:rand at d877ed528248b52d947e0484364a4e1ae59ca502 --- rand/rand_pcg/src/pcg128.rs | 177 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 140 insertions(+), 37 deletions(-) (limited to 'rand/rand_pcg/src/pcg128.rs') diff --git a/rand/rand_pcg/src/pcg128.rs b/rand/rand_pcg/src/pcg128.rs index 9aff506..311a41b 100644 --- a/rand/rand_pcg/src/pcg128.rs +++ b/rand/rand_pcg/src/pcg128.rs @@ -14,8 +14,109 @@ const MULTIPLIER: u128 = 0x2360_ED05_1FC6_5DA4_4385_DF64_9FCC_F645; use core::fmt; -use core::mem::transmute; use rand_core::{RngCore, SeedableRng, Error, le}; +#[cfg(feature="serde1")] use serde::{Serialize, Deserialize}; + +/// A PCG random number generator (XSL RR 128/64 (LCG) variant). +/// +/// Permuted Congruential Generator with 128-bit state, internal Linear +/// Congruential Generator, and 64-bit output via "xorshift low (bits), +/// random rotation" output function. +/// +/// This is a 128-bit LCG with explicitly chosen stream with the PCG-XSL-RR +/// output function. This combination is the standard `pcg64`. +/// +/// Despite the name, this implementation uses 32 bytes (256 bit) space +/// comprising 128 bits of state and 128 bits stream selector. These are both +/// set by `SeedableRng`, using a 256-bit seed. +#[derive(Clone)] +#[cfg_attr(feature="serde1", derive(Serialize,Deserialize))] +pub struct Lcg128Xsl64 { + state: u128, + increment: u128, +} + +/// `Lcg128Xsl64` is also officially known as `pcg64`. +pub type Pcg64 = Lcg128Xsl64; + +impl Lcg128Xsl64 { + /// Construct an instance compatible with PCG seed and stream. + /// + /// Note that PCG specifies default values for both parameters: + /// + /// - `state = 0xcafef00dd15ea5e5` + /// - `stream = 0xa02bdbf7bb3c0a7ac28fa16a64abf96` + pub fn new(state: u128, stream: u128) -> Self { + // The increment must be odd, hence we discard one bit: + let increment = (stream << 1) | 1; + Lcg128Xsl64::from_state_incr(state, increment) + } + + #[inline] + fn from_state_incr(state: u128, increment: u128) -> Self { + let mut pcg = Lcg128Xsl64 { state, increment }; + // Move away from inital value: + pcg.state = pcg.state.wrapping_add(pcg.increment); + pcg.step(); + pcg + } + + #[inline] + fn step(&mut self) { + // prepare the LCG for the next round + self.state = self.state + .wrapping_mul(MULTIPLIER) + .wrapping_add(self.increment); + } +} + +// Custom Debug implementation that does not expose the internal state +impl fmt::Debug for Lcg128Xsl64 { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "Lcg128Xsl64 {{}}") + } +} + +/// We use a single 255-bit seed to initialise the state and select a stream. +/// One `seed` bit (lowest bit of `seed[8]`) is ignored. +impl SeedableRng for Lcg128Xsl64 { + type Seed = [u8; 32]; + + fn from_seed(seed: Self::Seed) -> Self { + let mut seed_u64 = [0u64; 4]; + le::read_u64_into(&seed, &mut seed_u64); + let state = u128::from(seed_u64[0]) | (u128::from(seed_u64[1]) << 64); + let incr = u128::from(seed_u64[2]) | (u128::from(seed_u64[3]) << 64); + + // The increment must be odd, hence we discard one bit: + Lcg128Xsl64::from_state_incr(state, incr | 1) + } +} + +impl RngCore for Lcg128Xsl64 { + #[inline] + fn next_u32(&mut self) -> u32 { + self.next_u64() as u32 + } + + #[inline] + fn next_u64(&mut self) -> u64 { + self.step(); + output_xsl_rr(self.state) + } + + #[inline] + fn fill_bytes(&mut self, dest: &mut [u8]) { + fill_bytes_impl(self, dest) + } + + #[inline] + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + self.fill_bytes(dest); + Ok(()) + } +} + /// A PCG random number generator (XSL 128/64 (MCG) variant). /// @@ -23,19 +124,18 @@ use rand_core::{RngCore, SeedableRng, Error, le}; /// Congruential Generator, and 64-bit output via "xorshift low (bits), /// random rotation" output function. /// -/// This is a 128-bit MCG with the PCG-XSL-RR output function. +/// This is a 128-bit MCG with the PCG-XSL-RR output function, also known as +/// `pcg64_fast`. /// Note that compared to the standard `pcg64` (128-bit LCG with PCG-XSL-RR /// output function), this RNG is faster, also has a long cycle, and still has /// good performance on statistical tests. -/// -/// Note: this RNG is only available using Rust 1.26 or later. #[derive(Clone)] #[cfg_attr(feature="serde1", derive(Serialize,Deserialize))] pub struct Mcg128Xsl64 { state: u128, } -/// A friendly name for `Mcg128Xsl64`. +/// A friendly name for `Mcg128Xsl64` (also known as `pcg64_fast`). pub type Pcg64Mcg = Mcg128Xsl64; impl Mcg128Xsl64 { @@ -66,8 +166,8 @@ impl SeedableRng for Mcg128Xsl64 { // Read as if a little-endian u128 value: let mut seed_u64 = [0u64; 2]; le::read_u64_into(&seed, &mut seed_u64); - let state = (seed_u64[0] as u128) | - (seed_u64[1] as u128) << 64; + let state = u128::from(seed_u64[0]) | + u128::from(seed_u64[1]) << 64; Mcg128Xsl64::new(state) } } @@ -80,43 +180,46 @@ impl RngCore for Mcg128Xsl64 { #[inline] fn next_u64(&mut self) -> u64 { - // prepare the LCG for the next round - let state = self.state.wrapping_mul(MULTIPLIER); - self.state = state; - - // Output function XSL RR ("xorshift low (bits), random rotation") - // Constants are for 128-bit state, 64-bit output - const XSHIFT: u32 = 64; // (128 - 64 + 64) / 2 - const ROTATE: u32 = 122; // 128 - 6 - - let rot = (state >> ROTATE) as u32; - let xsl = ((state >> XSHIFT) as u64) ^ (state as u64); - xsl.rotate_right(rot) + self.state = self.state.wrapping_mul(MULTIPLIER); + output_xsl_rr(self.state) } #[inline] fn fill_bytes(&mut self, dest: &mut [u8]) { - // specialisation of impls::fill_bytes_via_next; approx 3x faster - let mut left = dest; - while left.len() >= 8 { - let (l, r) = {left}.split_at_mut(8); - left = r; - let chunk: [u8; 8] = unsafe { - transmute(self.next_u64().to_le()) - }; - l.copy_from_slice(&chunk); - } - let n = left.len(); - if n > 0 { - let chunk: [u8; 8] = unsafe { - transmute(self.next_u64().to_le()) - }; - left.copy_from_slice(&chunk[..n]); - } + fill_bytes_impl(self, dest) } #[inline] fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - Ok(self.fill_bytes(dest)) + self.fill_bytes(dest); + Ok(()) + } +} + +#[inline(always)] +fn output_xsl_rr(state: u128) -> u64 { + // Output function XSL RR ("xorshift low (bits), random rotation") + // Constants are for 128-bit state, 64-bit output + const XSHIFT: u32 = 64; // (128 - 64 + 64) / 2 + const ROTATE: u32 = 122; // 128 - 6 + + let rot = (state >> ROTATE) as u32; + let xsl = ((state >> XSHIFT) as u64) ^ (state as u64); + xsl.rotate_right(rot) +} + +#[inline(always)] +fn fill_bytes_impl(rng: &mut R, dest: &mut [u8]) { + let mut left = dest; + while left.len() >= 8 { + let (l, r) = {left}.split_at_mut(8); + left = r; + let chunk: [u8; 8] = rng.next_u64().to_le_bytes(); + l.copy_from_slice(&chunk); + } + let n = left.len(); + if n > 0 { + let chunk: [u8; 8] = rng.next_u64().to_le_bytes(); + left.copy_from_slice(&chunk[..n]); } } -- cgit v1.2.1