drbg

Imports

Imports #

"bytes"
"crypto/internal/fips140"
_ "crypto/internal/fips140/check"
"errors"
"crypto/internal/fips140"
"crypto/internal/fips140/aes"
"crypto/internal/fips140/subtle"
"crypto/internal/fips140deps/byteorder"
"math/bits"
"crypto/internal/entropy"
"crypto/internal/fips140"
"crypto/internal/randutil"
"crypto/internal/sysrand"
"io"
"sync"

Constants & Variables

SeedSize const #

const SeedSize = *ast.BinaryExpr

drbgs var #

var drbgs = sync.Pool{...}

keySize const #

const keySize = *ast.BinaryExpr

maxRequestSize const #

const maxRequestSize = *ast.BinaryExpr

reseedInterval const #

const reseedInterval = *ast.BinaryExpr

Interfaces

DefaultReader interface #

DefaultReader is a sentinel type, embedded in the default [crypto/rand.Reader], used to recognize it when passed to APIs that accept a rand io.Reader.

type DefaultReader interface {
defaultReader()
}

Structs

Counter struct #

Counter is an SP 800-90A Rev. 1 CTR_DRBG instantiated with AES-256. Per Table 3, it has a security strength of 256 bits, a seed size of 384 bits, a counter length of 128 bits, a reseed interval of 2^48 requests, and a maximum request size of 2^19 bits (2^16 bytes, 64 KiB). We support a narrow range of parameters that fit the needs of our RNG: AES-256, no derivation function, no personalization string, no prediction resistance, and 384-bit additional input.

type Counter struct {
c aes.CTR
reseedCounter uint64
}

Functions

Generate method #

Generate produces at most maxRequestSize bytes of random data in out.

func (c *Counter) Generate(out []byte, additionalInput *[SeedSize]byte) (reseedRequired bool)

NewCounter function #

func NewCounter(entropy *[SeedSize]byte) *Counter

Read function #

Read fills b with cryptographically secure random bytes. In FIPS mode, it uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG). Otherwise, it uses the operating system's random number generator.

func Read(b []byte)

ReadWithReader function #

ReadWithReader uses Reader to fill b with cryptographically secure random bytes. It is intended for use in APIs that expose a rand io.Reader. If Reader is not the default Reader from crypto/rand, [randutil.MaybeReadByte] and [fips140.RecordNonApproved] are called.

func ReadWithReader(r io.Reader, b []byte) error

ReadWithReaderDeterministic function #

ReadWithReaderDeterministic is like ReadWithReader, but it doesn't call [randutil.MaybeReadByte] on non-default Readers.

func ReadWithReaderDeterministic(r io.Reader, b []byte) error

Reseed method #

func (c *Counter) Reseed(entropy *[SeedSize]byte, additionalInput *[SeedSize]byte)

increment function #

func increment(v *[aes.BlockSize]byte)

init function #

func init()

update method #

func (c *Counter) update(seed *[SeedSize]byte)

Generated with Arrow