From fd091b04316db9dc5fafadbd6bdbe60b127408a9 Mon Sep 17 00:00:00 2001 From: Daniel Mueller Date: Thu, 2 Jan 2020 08:32:06 -0800 Subject: Update nitrokey crate to 0.4.0 This change finally updates the version of the nitrokey crate that we consume to 0.4.0. Along with that we update rand_core, one of its dependencies, to 0.5.1. Further more we add cfg-if in version 0.1.10 and getrandom in version 0.1.13, both of which are now new (non-development) dependencies. Import subrepo nitrokey/:nitrokey at e81057037e9b4f370b64c0a030a725bc6bdfb870 Import subrepo cfg-if/:cfg-if at 4484a6faf816ff8058088ad857b0c6bb2f4b02b2 Import subrepo getrandom/:getrandom at d661aa7e1b8cc80b47dabe3d2135b3b47d2858af Import subrepo rand/:rand at d877ed528248b52d947e0484364a4e1ae59ca502 --- rand/rand_pcg/src/lib.rs | 21 +++--- rand/rand_pcg/src/pcg128.rs | 177 +++++++++++++++++++++++++++++++++++--------- rand/rand_pcg/src/pcg64.rs | 26 ++----- 3 files changed, 157 insertions(+), 67 deletions(-) (limited to 'rand/rand_pcg/src') diff --git a/rand/rand_pcg/src/lib.rs b/rand/rand_pcg/src/lib.rs index 9648e85..22ba4a0 100644 --- a/rand/rand_pcg/src/lib.rs +++ b/rand/rand_pcg/src/lib.rs @@ -17,11 +17,12 @@ //! - `Pcg32` aka `Lcg64Xsh32`, officially known as `pcg32`, a general //! purpose RNG. This is a good choice on both 32-bit and 64-bit CPUs //! (for 32-bit output). -//! - `Pcg64Mcg` aka `Mcg128Xsl64`, officially known as `mcg_xsl_rr_128_64`, +//! - `Pcg64` aka `Lcg128Xsl64`, officially known as `pcg64`, a general +//! purpose RNG. This is a good choice on 64-bit CPUs. +//! - `Pcg64Mcg` aka `Mcg128Xsl64`, officially known as `pcg64_fast`, //! a general purpose RNG using 128-bit multiplications. This has poor //! performance on 32-bit CPUs but is a good choice on 64-bit CPUs for -//! both 32-bit and 64-bit output. (Note: this RNG is only available using -//! Rust 1.26 or later.) +//! both 32-bit and 64-bit output. //! //! Both of these use 16 bytes of state and 128-bit seeds, and are considered //! value-stable (i.e. any change affecting the output given a fixed seed would @@ -34,15 +35,15 @@ #![deny(missing_docs)] #![deny(missing_debug_implementations)] -#![no_std] - -pub extern crate rand_core; +#![allow(clippy::unreadable_literal)] -#[cfg(feature="serde1")] extern crate serde; -#[cfg(feature="serde1")] #[macro_use] extern crate serde_derive; +#![no_std] mod pcg64; -#[cfg(all(rustc_1_26, not(target_os = "emscripten")))] mod pcg128; +#[cfg(not(target_os = "emscripten"))] mod pcg128; pub use self::pcg64::{Pcg32, Lcg64Xsh32}; -#[cfg(all(rustc_1_26, not(target_os = "emscripten")))] pub use self::pcg128::{Pcg64Mcg, Mcg128Xsl64}; +#[cfg(not(target_os = "emscripten"))] pub use self::pcg128::{ + Pcg64, Lcg128Xsl64, + Pcg64Mcg, Mcg128Xsl64, +}; diff --git a/rand/rand_pcg/src/pcg128.rs b/rand/rand_pcg/src/pcg128.rs index 9aff506..311a41b 100644 --- a/rand/rand_pcg/src/pcg128.rs +++ b/rand/rand_pcg/src/pcg128.rs @@ -14,8 +14,109 @@ const MULTIPLIER: u128 = 0x2360_ED05_1FC6_5DA4_4385_DF64_9FCC_F645; use core::fmt; -use core::mem::transmute; use rand_core::{RngCore, SeedableRng, Error, le}; +#[cfg(feature="serde1")] use serde::{Serialize, Deserialize}; + +/// A PCG random number generator (XSL RR 128/64 (LCG) variant). +/// +/// Permuted Congruential Generator with 128-bit state, internal Linear +/// Congruential Generator, and 64-bit output via "xorshift low (bits), +/// random rotation" output function. +/// +/// This is a 128-bit LCG with explicitly chosen stream with the PCG-XSL-RR +/// output function. This combination is the standard `pcg64`. +/// +/// Despite the name, this implementation uses 32 bytes (256 bit) space +/// comprising 128 bits of state and 128 bits stream selector. These are both +/// set by `SeedableRng`, using a 256-bit seed. +#[derive(Clone)] +#[cfg_attr(feature="serde1", derive(Serialize,Deserialize))] +pub struct Lcg128Xsl64 { + state: u128, + increment: u128, +} + +/// `Lcg128Xsl64` is also officially known as `pcg64`. +pub type Pcg64 = Lcg128Xsl64; + +impl Lcg128Xsl64 { + /// Construct an instance compatible with PCG seed and stream. + /// + /// Note that PCG specifies default values for both parameters: + /// + /// - `state = 0xcafef00dd15ea5e5` + /// - `stream = 0xa02bdbf7bb3c0a7ac28fa16a64abf96` + pub fn new(state: u128, stream: u128) -> Self { + // The increment must be odd, hence we discard one bit: + let increment = (stream << 1) | 1; + Lcg128Xsl64::from_state_incr(state, increment) + } + + #[inline] + fn from_state_incr(state: u128, increment: u128) -> Self { + let mut pcg = Lcg128Xsl64 { state, increment }; + // Move away from inital value: + pcg.state = pcg.state.wrapping_add(pcg.increment); + pcg.step(); + pcg + } + + #[inline] + fn step(&mut self) { + // prepare the LCG for the next round + self.state = self.state + .wrapping_mul(MULTIPLIER) + .wrapping_add(self.increment); + } +} + +// Custom Debug implementation that does not expose the internal state +impl fmt::Debug for Lcg128Xsl64 { + fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { + write!(f, "Lcg128Xsl64 {{}}") + } +} + +/// We use a single 255-bit seed to initialise the state and select a stream. +/// One `seed` bit (lowest bit of `seed[8]`) is ignored. +impl SeedableRng for Lcg128Xsl64 { + type Seed = [u8; 32]; + + fn from_seed(seed: Self::Seed) -> Self { + let mut seed_u64 = [0u64; 4]; + le::read_u64_into(&seed, &mut seed_u64); + let state = u128::from(seed_u64[0]) | (u128::from(seed_u64[1]) << 64); + let incr = u128::from(seed_u64[2]) | (u128::from(seed_u64[3]) << 64); + + // The increment must be odd, hence we discard one bit: + Lcg128Xsl64::from_state_incr(state, incr | 1) + } +} + +impl RngCore for Lcg128Xsl64 { + #[inline] + fn next_u32(&mut self) -> u32 { + self.next_u64() as u32 + } + + #[inline] + fn next_u64(&mut self) -> u64 { + self.step(); + output_xsl_rr(self.state) + } + + #[inline] + fn fill_bytes(&mut self, dest: &mut [u8]) { + fill_bytes_impl(self, dest) + } + + #[inline] + fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { + self.fill_bytes(dest); + Ok(()) + } +} + /// A PCG random number generator (XSL 128/64 (MCG) variant). /// @@ -23,19 +124,18 @@ use rand_core::{RngCore, SeedableRng, Error, le}; /// Congruential Generator, and 64-bit output via "xorshift low (bits), /// random rotation" output function. /// -/// This is a 128-bit MCG with the PCG-XSL-RR output function. +/// This is a 128-bit MCG with the PCG-XSL-RR output function, also known as +/// `pcg64_fast`. /// Note that compared to the standard `pcg64` (128-bit LCG with PCG-XSL-RR /// output function), this RNG is faster, also has a long cycle, and still has /// good performance on statistical tests. -/// -/// Note: this RNG is only available using Rust 1.26 or later. #[derive(Clone)] #[cfg_attr(feature="serde1", derive(Serialize,Deserialize))] pub struct Mcg128Xsl64 { state: u128, } -/// A friendly name for `Mcg128Xsl64`. +/// A friendly name for `Mcg128Xsl64` (also known as `pcg64_fast`). pub type Pcg64Mcg = Mcg128Xsl64; impl Mcg128Xsl64 { @@ -66,8 +166,8 @@ impl SeedableRng for Mcg128Xsl64 { // Read as if a little-endian u128 value: let mut seed_u64 = [0u64; 2]; le::read_u64_into(&seed, &mut seed_u64); - let state = (seed_u64[0] as u128) | - (seed_u64[1] as u128) << 64; + let state = u128::from(seed_u64[0]) | + u128::from(seed_u64[1]) << 64; Mcg128Xsl64::new(state) } } @@ -80,43 +180,46 @@ impl RngCore for Mcg128Xsl64 { #[inline] fn next_u64(&mut self) -> u64 { - // prepare the LCG for the next round - let state = self.state.wrapping_mul(MULTIPLIER); - self.state = state; - - // Output function XSL RR ("xorshift low (bits), random rotation") - // Constants are for 128-bit state, 64-bit output - const XSHIFT: u32 = 64; // (128 - 64 + 64) / 2 - const ROTATE: u32 = 122; // 128 - 6 - - let rot = (state >> ROTATE) as u32; - let xsl = ((state >> XSHIFT) as u64) ^ (state as u64); - xsl.rotate_right(rot) + self.state = self.state.wrapping_mul(MULTIPLIER); + output_xsl_rr(self.state) } #[inline] fn fill_bytes(&mut self, dest: &mut [u8]) { - // specialisation of impls::fill_bytes_via_next; approx 3x faster - let mut left = dest; - while left.len() >= 8 { - let (l, r) = {left}.split_at_mut(8); - left = r; - let chunk: [u8; 8] = unsafe { - transmute(self.next_u64().to_le()) - }; - l.copy_from_slice(&chunk); - } - let n = left.len(); - if n > 0 { - let chunk: [u8; 8] = unsafe { - transmute(self.next_u64().to_le()) - }; - left.copy_from_slice(&chunk[..n]); - } + fill_bytes_impl(self, dest) } #[inline] fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - Ok(self.fill_bytes(dest)) + self.fill_bytes(dest); + Ok(()) + } +} + +#[inline(always)] +fn output_xsl_rr(state: u128) -> u64 { + // Output function XSL RR ("xorshift low (bits), random rotation") + // Constants are for 128-bit state, 64-bit output + const XSHIFT: u32 = 64; // (128 - 64 + 64) / 2 + const ROTATE: u32 = 122; // 128 - 6 + + let rot = (state >> ROTATE) as u32; + let xsl = ((state >> XSHIFT) as u64) ^ (state as u64); + xsl.rotate_right(rot) +} + +#[inline(always)] +fn fill_bytes_impl(rng: &mut R, dest: &mut [u8]) { + let mut left = dest; + while left.len() >= 8 { + let (l, r) = {left}.split_at_mut(8); + left = r; + let chunk: [u8; 8] = rng.next_u64().to_le_bytes(); + l.copy_from_slice(&chunk); + } + let n = left.len(); + if n > 0 { + let chunk: [u8; 8] = rng.next_u64().to_le_bytes(); + left.copy_from_slice(&chunk[..n]); } } diff --git a/rand/rand_pcg/src/pcg64.rs b/rand/rand_pcg/src/pcg64.rs index 9177ec2..fadc6dc 100644 --- a/rand/rand_pcg/src/pcg64.rs +++ b/rand/rand_pcg/src/pcg64.rs @@ -11,8 +11,8 @@ //! PCG random number generators use core::fmt; -use core::mem::transmute; use rand_core::{RngCore, SeedableRng, Error, le, impls}; +#[cfg(feature="serde1")] use serde::{Serialize, Deserialize}; // This is the default multiplier used by PCG for 64-bit state. const MULTIPLIER: u64 = 6364136223846793005; @@ -45,7 +45,8 @@ impl Lcg64Xsh32 { /// Note that PCG specifies default values for both parameters: /// /// - `state = 0xcafef00dd15ea5e5` - /// - `stream = 721347520444481703` + /// - `stream = 0xa02bdbf7bb3c0a7` + // Note: stream is 1442695040888963407u64 >> 1 pub fn new(state: u64, stream: u64) -> Self { // The increment must be odd, hence we discard one bit: let increment = (stream << 1) | 1; @@ -115,27 +116,12 @@ impl RngCore for Lcg64Xsh32 { #[inline] fn fill_bytes(&mut self, dest: &mut [u8]) { - // specialisation of impls::fill_bytes_via_next; approx 40% faster - let mut left = dest; - while left.len() >= 4 { - let (l, r) = {left}.split_at_mut(4); - left = r; - let chunk: [u8; 4] = unsafe { - transmute(self.next_u32().to_le()) - }; - l.copy_from_slice(&chunk); - } - let n = left.len(); - if n > 0 { - let chunk: [u8; 4] = unsafe { - transmute(self.next_u32().to_le()) - }; - left.copy_from_slice(&chunk[..n]); - } + impls::fill_bytes_via_next(self, dest) } #[inline] fn try_fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), Error> { - Ok(self.fill_bytes(dest)) + self.fill_bytes(dest); + Ok(()) } } -- cgit v1.2.1