1aaa248f6SStephen Hemminger /* 2aaa248f6SStephen Hemminger This is a maximally equidistributed combined Tausworthe generator 3aaa248f6SStephen Hemminger based on code from GNU Scientific Library 1.5 (30 Jun 2004) 4aaa248f6SStephen Hemminger 5aaa248f6SStephen Hemminger x_n = (s1_n ^ s2_n ^ s3_n) 6aaa248f6SStephen Hemminger 7aaa248f6SStephen Hemminger s1_{n+1} = (((s1_n & 4294967294) <<12) ^ (((s1_n <<13) ^ s1_n) >>19)) 8aaa248f6SStephen Hemminger s2_{n+1} = (((s2_n & 4294967288) << 4) ^ (((s2_n << 2) ^ s2_n) >>25)) 9aaa248f6SStephen Hemminger s3_{n+1} = (((s3_n & 4294967280) <<17) ^ (((s3_n << 3) ^ s3_n) >>11)) 10aaa248f6SStephen Hemminger 11aaa248f6SStephen Hemminger The period of this generator is about 2^88. 12aaa248f6SStephen Hemminger 13aaa248f6SStephen Hemminger From: P. L'Ecuyer, "Maximally Equidistributed Combined Tausworthe 14aaa248f6SStephen Hemminger Generators", Mathematics of Computation, 65, 213 (1996), 203--213. 15aaa248f6SStephen Hemminger 16aaa248f6SStephen Hemminger This is available on the net from L'Ecuyer's home page, 17aaa248f6SStephen Hemminger 18aaa248f6SStephen Hemminger http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme.ps 19aaa248f6SStephen Hemminger ftp://ftp.iro.umontreal.ca/pub/simulation/lecuyer/papers/tausme.ps 20aaa248f6SStephen Hemminger 21aaa248f6SStephen Hemminger There is an erratum in the paper "Tables of Maximally 22aaa248f6SStephen Hemminger Equidistributed Combined LFSR Generators", Mathematics of 23aaa248f6SStephen Hemminger Computation, 68, 225 (1999), 261--269: 24aaa248f6SStephen Hemminger http://www.iro.umontreal.ca/~lecuyer/myftp/papers/tausme2.ps 25aaa248f6SStephen Hemminger 26aaa248f6SStephen Hemminger ... the k_j most significant bits of z_j must be non- 27aaa248f6SStephen Hemminger zero, for each j. (Note: this restriction also applies to the 28aaa248f6SStephen Hemminger computer code given in [4], but was mistakenly not mentioned in 29aaa248f6SStephen Hemminger that paper.) 30aaa248f6SStephen Hemminger 31aaa248f6SStephen Hemminger This affects the seeding procedure by imposing the requirement 32aaa248f6SStephen Hemminger s1 > 1, s2 > 7, s3 > 15. 33aaa248f6SStephen Hemminger 34aaa248f6SStephen Hemminger */ 35aaa248f6SStephen Hemminger 36aaa248f6SStephen Hemminger #include <linux/types.h> 37aaa248f6SStephen Hemminger #include <linux/percpu.h> 388bc3bcc9SPaul Gortmaker #include <linux/export.h> 39f6a57033SAl Viro #include <linux/jiffies.h> 40aaa248f6SStephen Hemminger #include <linux/random.h> 41aaa248f6SStephen Hemminger 42aaa248f6SStephen Hemminger static DEFINE_PER_CPU(struct rnd_state, net_rand_state); 43aaa248f6SStephen Hemminger 445960164fSJoe Eykholt /** 45*496f2f93SAkinobu Mita * prandom_u32_state - seeded pseudo-random number generator. 465960164fSJoe Eykholt * @state: pointer to state structure holding seeded state. 475960164fSJoe Eykholt * 485960164fSJoe Eykholt * This is used for pseudo-randomness with no outside seeding. 49*496f2f93SAkinobu Mita * For more random results, use prandom_u32(). 505960164fSJoe Eykholt */ 51*496f2f93SAkinobu Mita u32 prandom_u32_state(struct rnd_state *state) 52aaa248f6SStephen Hemminger { 53aaa248f6SStephen Hemminger #define TAUSWORTHE(s,a,b,c,d) ((s&c)<<d) ^ (((s <<a) ^ s)>>b) 54aaa248f6SStephen Hemminger 55aaa248f6SStephen Hemminger state->s1 = TAUSWORTHE(state->s1, 13, 19, 4294967294UL, 12); 56aaa248f6SStephen Hemminger state->s2 = TAUSWORTHE(state->s2, 2, 25, 4294967288UL, 4); 57aaa248f6SStephen Hemminger state->s3 = TAUSWORTHE(state->s3, 3, 11, 4294967280UL, 17); 58aaa248f6SStephen Hemminger 59aaa248f6SStephen Hemminger return (state->s1 ^ state->s2 ^ state->s3); 60aaa248f6SStephen Hemminger } 61*496f2f93SAkinobu Mita EXPORT_SYMBOL(prandom_u32_state); 62aaa248f6SStephen Hemminger 63aaa248f6SStephen Hemminger /** 64*496f2f93SAkinobu Mita * prandom_u32 - pseudo random number generator 65aaa248f6SStephen Hemminger * 66aaa248f6SStephen Hemminger * A 32 bit pseudo-random number is generated using a fast 67aaa248f6SStephen Hemminger * algorithm suitable for simulation. This algorithm is NOT 68aaa248f6SStephen Hemminger * considered safe for cryptographic use. 69aaa248f6SStephen Hemminger */ 70*496f2f93SAkinobu Mita u32 prandom_u32(void) 71aaa248f6SStephen Hemminger { 72aaa248f6SStephen Hemminger unsigned long r; 73aaa248f6SStephen Hemminger struct rnd_state *state = &get_cpu_var(net_rand_state); 74*496f2f93SAkinobu Mita r = prandom_u32_state(state); 75aaa248f6SStephen Hemminger put_cpu_var(state); 76aaa248f6SStephen Hemminger return r; 77aaa248f6SStephen Hemminger } 78*496f2f93SAkinobu Mita EXPORT_SYMBOL(prandom_u32); 79aaa248f6SStephen Hemminger 80aaa248f6SStephen Hemminger /** 81*496f2f93SAkinobu Mita * prandom_seed - add entropy to pseudo random number generator 82aaa248f6SStephen Hemminger * @seed: seed value 83aaa248f6SStephen Hemminger * 84*496f2f93SAkinobu Mita * Add some additional seeding to the prandom pool. 85aaa248f6SStephen Hemminger */ 86*496f2f93SAkinobu Mita void prandom_seed(u32 entropy) 87aaa248f6SStephen Hemminger { 8861407f80SAndi Kleen int i; 8961407f80SAndi Kleen /* 9061407f80SAndi Kleen * No locking on the CPUs, but then somewhat random results are, well, 9161407f80SAndi Kleen * expected. 9261407f80SAndi Kleen */ 9361407f80SAndi Kleen for_each_possible_cpu (i) { 9461407f80SAndi Kleen struct rnd_state *state = &per_cpu(net_rand_state, i); 95697f8d03SStephen Hemminger state->s1 = __seed(state->s1 ^ entropy, 1); 9661407f80SAndi Kleen } 97aaa248f6SStephen Hemminger } 98*496f2f93SAkinobu Mita EXPORT_SYMBOL(prandom_seed); 99aaa248f6SStephen Hemminger 100aaa248f6SStephen Hemminger /* 101aaa248f6SStephen Hemminger * Generate some initially weak seeding values to allow 102*496f2f93SAkinobu Mita * to start the prandom_u32() engine. 103aaa248f6SStephen Hemminger */ 104*496f2f93SAkinobu Mita static int __init prandom_init(void) 105aaa248f6SStephen Hemminger { 106aaa248f6SStephen Hemminger int i; 107aaa248f6SStephen Hemminger 108aaa248f6SStephen Hemminger for_each_possible_cpu(i) { 109aaa248f6SStephen Hemminger struct rnd_state *state = &per_cpu(net_rand_state,i); 110697f8d03SStephen Hemminger 111697f8d03SStephen Hemminger #define LCG(x) ((x) * 69069) /* super-duper LCG */ 112697f8d03SStephen Hemminger state->s1 = __seed(LCG(i + jiffies), 1); 113697f8d03SStephen Hemminger state->s2 = __seed(LCG(state->s1), 7); 114697f8d03SStephen Hemminger state->s3 = __seed(LCG(state->s2), 15); 115697f8d03SStephen Hemminger 116697f8d03SStephen Hemminger /* "warm it up" */ 117*496f2f93SAkinobu Mita prandom_u32_state(state); 118*496f2f93SAkinobu Mita prandom_u32_state(state); 119*496f2f93SAkinobu Mita prandom_u32_state(state); 120*496f2f93SAkinobu Mita prandom_u32_state(state); 121*496f2f93SAkinobu Mita prandom_u32_state(state); 122*496f2f93SAkinobu Mita prandom_u32_state(state); 123aaa248f6SStephen Hemminger } 124aaa248f6SStephen Hemminger return 0; 125aaa248f6SStephen Hemminger } 126*496f2f93SAkinobu Mita core_initcall(prandom_init); 127aaa248f6SStephen Hemminger 128aaa248f6SStephen Hemminger /* 129aaa248f6SStephen Hemminger * Generate better values after random number generator 130421f91d2SUwe Kleine-König * is fully initialized. 131aaa248f6SStephen Hemminger */ 132*496f2f93SAkinobu Mita static int __init prandom_reseed(void) 133aaa248f6SStephen Hemminger { 134aaa248f6SStephen Hemminger int i; 135aaa248f6SStephen Hemminger 136aaa248f6SStephen Hemminger for_each_possible_cpu(i) { 137aaa248f6SStephen Hemminger struct rnd_state *state = &per_cpu(net_rand_state,i); 138697f8d03SStephen Hemminger u32 seeds[3]; 139aaa248f6SStephen Hemminger 140697f8d03SStephen Hemminger get_random_bytes(&seeds, sizeof(seeds)); 141697f8d03SStephen Hemminger state->s1 = __seed(seeds[0], 1); 142697f8d03SStephen Hemminger state->s2 = __seed(seeds[1], 7); 143697f8d03SStephen Hemminger state->s3 = __seed(seeds[2], 15); 144697f8d03SStephen Hemminger 145697f8d03SStephen Hemminger /* mix it in */ 146*496f2f93SAkinobu Mita prandom_u32_state(state); 147aaa248f6SStephen Hemminger } 148aaa248f6SStephen Hemminger return 0; 149aaa248f6SStephen Hemminger } 150*496f2f93SAkinobu Mita late_initcall(prandom_reseed); 151