source: trunk/third/ssh/random.c @ 12646

Revision 12646, 13.2 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r12645, which included commits to RCS files with non-trunk default branches.
Line 
1/* Note: file is included because gmp uses functions that use random in its
2   primality testing functions. //ylo */
3
4/*
5 * Copyright (c) 1983 Regents of the University of California.
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 *    must display the following acknowledgement:
18 *      This product includes software developed by the University of
19 *      California, Berkeley and its contributors.
20 * 4. Neither the name of the University nor the names of its contributors
21 *    may be used to endorse or promote products derived from this software
22 *    without specific prior written permission.
23 *
24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * SUCH DAMAGE.
35 */
36
37#if defined(LIBC_SCCS) && !defined(lint)
38static char sccsid[] = "@(#)random.c    5.9 (Berkeley) 2/23/91";
39#endif /* LIBC_SCCS and not lint */
40
41#include <stdio.h>
42#include <stdlib.h>
43#include <sys/types.h>
44
45/*
46 * random.c:
47 *
48 * An improved random number generation package.  In addition to the standard
49 * rand()/srand() like interface, this package also has a special state info
50 * interface.  The initstate() routine is called with a seed, an array of
51 * bytes, and a count of how many bytes are being passed in; this array is
52 * then initialized to contain information for random number generation with
53 * that much state information.  Good sizes for the amount of state
54 * information are 32, 64, 128, and 256 bytes.  The state can be switched by
55 * calling the setstate() routine with the same array as was initiallized
56 * with initstate().  By default, the package runs with 128 bytes of state
57 * information and generates far better random numbers than a linear
58 * congruential generator.  If the amount of state information is less than
59 * 32 bytes, a simple linear congruential R.N.G. is used.
60 *
61 * Internally, the state information is treated as an array of longs; the
62 * zeroeth element of the array is the type of R.N.G. being used (small
63 * integer); the remainder of the array is the state information for the
64 * R.N.G.  Thus, 32 bytes of state information will give 7 longs worth of
65 * state information, which will allow a degree seven polynomial.  (Note:
66 * the zeroeth word of state information also has some other information
67 * stored in it -- see setstate() for details).
68 *
69 * The random number generation technique is a linear feedback shift register
70 * approach, employing trinomials (since there are fewer terms to sum up that
71 * way).  In this approach, the least significant bit of all the numbers in
72 * the state table will act as a linear feedback shift register, and will
73 * have period 2^deg - 1 (where deg is the degree of the polynomial being
74 * used, assuming that the polynomial is irreducible and primitive).  The
75 * higher order bits will have longer periods, since their values are also
76 * influenced by pseudo-random carries out of the lower bits.  The total
77 * period of the generator is approximately deg*(2**deg - 1); thus doubling
78 * the amount of state information has a vast influence on the period of the
79 * generator.  Note: the deg*(2**deg - 1) is an approximation only good for
80 * large deg, when the period of the shift register is the dominant factor.
81 * With deg equal to seven, the period is actually much longer than the
82 * 7*(2**7 - 1) predicted by this formula.
83 */
84
85/*
86 * For each of the currently supported random number generators, we have a
87 * break value on the amount of state information (you need at least this
88 * many bytes of state info to support this random number generator), a degree
89 * for the polynomial (actually a trinomial) that the R.N.G. is based on, and
90 * the separation between the two lower order coefficients of the trinomial.
91 */
92#define TYPE_0          0               /* linear congruential */
93#define BREAK_0         8
94#define DEG_0           0
95#define SEP_0           0
96
97#define TYPE_1          1               /* x**7 + x**3 + 1 */
98#define BREAK_1         32
99#define DEG_1           7
100#define SEP_1           3
101
102#define TYPE_2          2               /* x**15 + x + 1 */
103#define BREAK_2         64
104#define DEG_2           15
105#define SEP_2           1
106
107#define TYPE_3          3               /* x**31 + x**3 + 1 */
108#define BREAK_3         128
109#define DEG_3           31
110#define SEP_3           3
111
112#define TYPE_4          4               /* x**63 + x + 1 */
113#define BREAK_4         256
114#define DEG_4           63
115#define SEP_4           1
116
117/*
118 * Array versions of the above information to make code run faster --
119 * relies on fact that TYPE_i == i.
120 */
121#define MAX_TYPES       5               /* max number of types above */
122
123static int degrees[MAX_TYPES] = { DEG_0, DEG_1, DEG_2, DEG_3, DEG_4 };
124static int seps [MAX_TYPES] =   { SEP_0, SEP_1, SEP_2, SEP_3, SEP_4 };
125
126/*
127 * Initially, everything is set up as if from:
128 *
129 *      initstate(1, &randtbl, 128);
130 *
131 * Note that this initialization takes advantage of the fact that srandom()
132 * advances the front and rear pointers 10*rand_deg times, and hence the
133 * rear pointer which starts at 0 will also end up at zero; thus the zeroeth
134 * element of the state information, which contains info about the current
135 * position of the rear pointer is just
136 *
137 *      MAX_TYPES * (rptr - state) + TYPE_3 == TYPE_3.
138 */
139
140static long randtbl[DEG_3 + 1] = {
141        TYPE_3,
142        0x9a319039, 0x32d9c024, 0x9b663182, 0x5da1f342, 0xde3b81e0, 0xdf0a6fb5,
143        0xf103bc02, 0x48f340fb, 0x7449e56b, 0xbeb1dbb0, 0xab5c5918, 0x946554fd,
144        0x8c2e680f, 0xeb3d799f, 0xb11ee0b7, 0x2d436b86, 0xda672e2a, 0x1588ca88,
145        0xe369735d, 0x904f35f7, 0xd7158fd6, 0x6fa6f051, 0x616e6b96, 0xac94efdc,
146        0x36413f93, 0xc622c298, 0xf5a42ab8, 0x8a88d77b, 0xf5ad9d0e, 0x8999220b,
147        0x27fb47b9,
148};
149
150/*
151 * fptr and rptr are two pointers into the state info, a front and a rear
152 * pointer.  These two pointers are always rand_sep places aparts, as they
153 * cycle cyclically through the state information.  (Yes, this does mean we
154 * could get away with just one pointer, but the code for random() is more
155 * efficient this way).  The pointers are left positioned as they would be
156 * from the call
157 *
158 *      initstate(1, randtbl, 128);
159 *
160 * (The position of the rear pointer, rptr, is really 0 (as explained above
161 * in the initialization of randtbl) because the state table pointer is set
162 * to point to randtbl[1] (as explained below).
163 */
164static long *fptr = &randtbl[SEP_3 + 1];
165static long *rptr = &randtbl[1];
166
167/*
168 * The following things are the pointer to the state information table, the
169 * type of the current generator, the degree of the current polynomial being
170 * used, and the separation between the two pointers.  Note that for efficiency
171 * of random(), we remember the first location of the state information, not
172 * the zeroeth.  Hence it is valid to access state[-1], which is used to
173 * store the type of the R.N.G.  Also, we remember the last location, since
174 * this is more efficient than indexing every time to find the address of
175 * the last element to see if the front and rear pointers have wrapped.
176 */
177static long *state = &randtbl[1];
178static int rand_type = TYPE_3;
179static int rand_deg = DEG_3;
180static int rand_sep = SEP_3;
181static long *end_ptr = &randtbl[DEG_3 + 1];
182
183long random();
184
185/*
186 * srandom:
187 *
188 * Initialize the random number generator based on the given seed.  If the
189 * type is the trivial no-state-information type, just remember the seed.
190 * Otherwise, initializes state[] based on the given "seed" via a linear
191 * congruential generator.  Then, the pointers are set to known locations
192 * that are exactly rand_sep places apart.  Lastly, it cycles the state
193 * information a given number of times to get rid of any initial dependencies
194 * introduced by the L.C.R.N.G.  Note that the initialization of randtbl[]
195 * for default usage relies on values produced by this routine.
196 */
197void
198srandom(x)
199        unsigned int x;
200{
201        register int i, j;
202
203        if (rand_type == TYPE_0)
204                state[0] = x;
205        else {
206                j = 1;
207                state[0] = x;
208                for (i = 1; i < rand_deg; i++)
209                        state[i] = 1103515245 * state[i - 1] + 12345;
210                fptr = &state[rand_sep];
211                rptr = &state[0];
212                for (i = 0; i < 10 * rand_deg; i++)
213                        (void)random();
214        }
215}
216
217/*
218 * initstate:
219 *
220 * Initialize the state information in the given array of n bytes for future
221 * random number generation.  Based on the number of bytes we are given, and
222 * the break values for the different R.N.G.'s, we choose the best (largest)
223 * one we can and set things up for it.  srandom() is then called to
224 * initialize the state information.
225 *
226 * Note that on return from srandom(), we set state[-1] to be the type
227 * multiplexed with the current value of the rear pointer; this is so
228 * successive calls to initstate() won't lose this information and will be
229 * able to restart with setstate().
230 *
231 * Note: the first thing we do is save the current state, if any, just like
232 * setstate() so that it doesn't matter when initstate is called.
233 *
234 * Returns a pointer to the old state.
235 */
236char *
237initstate(seed, arg_state, n)
238        unsigned int seed;                      /* seed for R.N.G. */
239        char *arg_state;                /* pointer to state array */
240        int n;                          /* # bytes of state info */
241{
242        register char *ostate = (char *)(&state[-1]);
243
244        if (rand_type == TYPE_0)
245                state[-1] = rand_type;
246        else
247                state[-1] = MAX_TYPES * (rptr - state) + rand_type;
248        if (n < BREAK_0) {
249                (void)fprintf(stderr,
250                    "random: not enough state (%d bytes); ignored.\n", n);
251                return(0);
252        }
253        if (n < BREAK_1) {
254                rand_type = TYPE_0;
255                rand_deg = DEG_0;
256                rand_sep = SEP_0;
257        } else if (n < BREAK_2) {
258                rand_type = TYPE_1;
259                rand_deg = DEG_1;
260                rand_sep = SEP_1;
261        } else if (n < BREAK_3) {
262                rand_type = TYPE_2;
263                rand_deg = DEG_2;
264                rand_sep = SEP_2;
265        } else if (n < BREAK_4) {
266                rand_type = TYPE_3;
267                rand_deg = DEG_3;
268                rand_sep = SEP_3;
269        } else {
270                rand_type = TYPE_4;
271                rand_deg = DEG_4;
272                rand_sep = SEP_4;
273        }
274        state = &(((long *)arg_state)[1]);      /* first location */
275        end_ptr = &state[rand_deg];     /* must set end_ptr before srandom */
276        srandom(seed);
277        if (rand_type == TYPE_0)
278                state[-1] = rand_type;
279        else
280                state[-1] = MAX_TYPES*(rptr - state) + rand_type;
281        return(ostate);
282}
283
284/*
285 * setstate:
286 *
287 * Restore the state from the given state array.
288 *
289 * Note: it is important that we also remember the locations of the pointers
290 * in the current state information, and restore the locations of the pointers
291 * from the old state information.  This is done by multiplexing the pointer
292 * location into the zeroeth word of the state information.
293 *
294 * Note that due to the order in which things are done, it is OK to call
295 * setstate() with the same state as the current state.
296 *
297 * Returns a pointer to the old state information.
298 */
299char *
300setstate(arg_state)
301        char *arg_state;
302{
303        register long *new_state = (long *)arg_state;
304        register int type = new_state[0] % MAX_TYPES;
305        register int rear = new_state[0] / MAX_TYPES;
306        char *ostate = (char *)(&state[-1]);
307
308        if (rand_type == TYPE_0)
309                state[-1] = rand_type;
310        else
311                state[-1] = MAX_TYPES * (rptr - state) + rand_type;
312        switch(type) {
313        case TYPE_0:
314        case TYPE_1:
315        case TYPE_2:
316        case TYPE_3:
317        case TYPE_4:
318                rand_type = type;
319                rand_deg = degrees[type];
320                rand_sep = seps[type];
321                break;
322        default:
323                (void)fprintf(stderr,
324                    "random: state info corrupted; not changed.\n");
325        }
326        state = &new_state[1];
327        if (rand_type != TYPE_0) {
328                rptr = &state[rear];
329                fptr = &state[(rear + rand_sep) % rand_deg];
330        }
331        end_ptr = &state[rand_deg];             /* set end_ptr too */
332        return(ostate);
333}
334
335/*
336 * random:
337 *
338 * If we are using the trivial TYPE_0 R.N.G., just do the old linear
339 * congruential bit.  Otherwise, we do our fancy trinomial stuff, which is
340 * the same in all the other cases due to all the global variables that have
341 * been set up.  The basic operation is to add the number at the rear pointer
342 * into the one at the front pointer.  Then both pointers are advanced to
343 * the next location cyclically in the table.  The value returned is the sum
344 * generated, reduced to 31 bits by throwing away the "least random" low bit.
345 *
346 * Note: the code takes advantage of the fact that both the front and
347 * rear pointers can't wrap on the same call by not testing the rear
348 * pointer if the front one has wrapped.
349 *
350 * Returns a 31-bit random number.
351 */
352long
353random(void)
354{
355        long i;
356
357        if (rand_type == TYPE_0)
358                i = state[0] = (state[0] * 1103515245 + 12345) & 0x7fffffff;
359        else {
360                *fptr += *rptr;
361                i = (*fptr >> 1) & 0x7fffffff;  /* chucking least random bit */
362                if (++fptr >= end_ptr) {
363                        fptr = state;
364                        ++rptr;
365                } else if (++rptr >= end_ptr)
366                        rptr = state;
367        }
368        return(i);
369}
370
Note: See TracBrowser for help on using the repository browser.