clock-rand 1.0.3

Next-generation random number generation with blockchain-aware RNGs, fork detection, and cryptographic security
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

//! ChaCha20-based cryptographically secure RNG
//!
//! Uses the ChaCha20 stream cipher as a DRBG (Deterministic Random Bit Generator).

use crate::error::Result;
use crate::seed::Seed;
use crate::traits::{CryptoRng, DeterministicRng, Rng, SeedableRng};

#[cfg(feature = "security")]
use zeroize::Zeroize;

/// ChaCha20-based cryptographically secure RNG
///
/// This RNG uses ChaCha20 in counter mode to generate cryptographically
/// secure random bytes. Suitable for key generation, nonces, and other
/// security-critical operations.
#[derive(Clone)]
pub struct ChaCha20Rng {
    key: [u8; 32],
    nonce: [u8; 12],
    counter: u64,
    buffer: [u8; 64],
    buffer_pos: usize,
}

#[cfg(feature = "security")]
impl Zeroize for ChaCha20Rng {
    fn zeroize(&mut self) {
        self.key.zeroize();
        self.nonce.zeroize();
        self.counter = 0;
        self.buffer.zeroize();
        self.buffer_pos = 0;
    }
}

#[cfg(feature = "security")]
impl Drop for ChaCha20Rng {
    fn drop(&mut self) {
        self.zeroize();
    }
}

impl ChaCha20Rng {
    /// Create a new ChaCha20Rng from a seed
    pub fn new(seed: &Seed) -> Result<Self> {
        let seed_bytes = seed.as_ref();
        let mut key = [0u8; 32];
        let mut nonce = [0u8; 12];

        // Derive key and nonce from seed using Blake3
        #[cfg(feature = "crypto_rng")]
        {
            use blake3;
            let mut hasher = blake3::Hasher::new();
            hasher.update(seed_bytes);
            let hash = hasher.finalize();
            key.copy_from_slice(&hash.as_bytes()[..32]);

            // Derive nonce from second hash
            let mut hasher2 = blake3::Hasher::new();
            hasher2.update(seed_bytes);
            hasher2.update(b"nonce");
            let hash2 = hasher2.finalize();
            nonce.copy_from_slice(&hash2.as_bytes()[..12]);
        }

        #[cfg(not(feature = "crypto_rng"))]
        {
            // Fallback: simple key derivation (not cryptographically secure)
            for (i, &byte) in seed_bytes.iter().enumerate() {
                if i < 32 {
                    key[i] = byte;
                } else if i < 44 {
                    nonce[i - 32] = byte;
                }
            }
        }

        let mut rng = Self {
            key,
            nonce,
            counter: 0,
            buffer: [0u8; 64],
            buffer_pos: 64, // Force refill on first use
        };

        // Pre-fill buffer
        rng.refill_buffer()?;
        Ok(rng)
    }

    /// Create from OS entropy (requires std)
    #[cfg(feature = "std")]
    pub fn from_os_entropy() -> Result<Self> {
        use crate::error::EntropyError;
        let mut seed_bytes = vec![0u8; 32];

        use std::fs::File;
        use std::io::Read;

        // Try to read from /dev/urandom (Unix) or use getrandom
        #[cfg(unix)]
        {
            let mut file = File::open("/dev/urandom")
                .map_err(|_| EntropyError::ReadFailed("Failed to open /dev/urandom"))?;
            file.read_exact(&mut seed_bytes)
                .map_err(|_| EntropyError::ReadFailed("Failed to read from /dev/urandom"))?;
        }

        #[cfg(not(unix))]
        {
            // Fallback: use system RNG if available
            return Err(EntropyError::SourceUnavailable.into());
        }

        let seed = Seed::from_bytes(seed_bytes)?;
        Self::new(&seed)
    }

    /// Refill the internal buffer
    fn refill_buffer(&mut self) -> Result<()> {
        #[cfg(feature = "crypto_rng")]
        {
            use chacha20::ChaCha20;
            use chacha20::cipher::{KeyIvInit, StreamCipher};

            let key = chacha20::Key::from_slice(&self.key);

            // ChaCha20 uses the first 4 bytes of nonce as counter in IETF variant
            let mut nonce_bytes = [0u8; 12];
            nonce_bytes[0..4].copy_from_slice(&self.counter.to_le_bytes()[0..4]);
            nonce_bytes[4..12].copy_from_slice(&self.nonce[0..8]);

            let nonce = chacha20::Nonce::from_slice(&nonce_bytes);
            let mut cipher = ChaCha20::new(key, nonce);

            cipher.apply_keystream(&mut self.buffer);
        }

        #[cfg(not(feature = "crypto_rng"))]
        {
            // Fallback: simple counter-based generation (not secure)
            for (i, byte) in self.buffer.iter_mut().enumerate() {
                *byte = (self.counter as u8).wrapping_add(i as u8);
            }
        }

        self.counter = self.counter.wrapping_add(1);
        self.buffer_pos = 0;
        Ok(())
    }

    /// Save the current state
    pub fn save_state(&self) -> ([u8; 32], [u8; 12], u64, usize) {
        (self.key, self.nonce, self.counter, self.buffer_pos)
    }

    /// Restore state from saved state
    pub fn restore_state(
        &mut self,
        key: [u8; 32],
        nonce: [u8; 12],
        counter: u64,
        buffer_pos: usize,
    ) -> Result<()> {
        self.key = key;
        self.nonce = nonce;
        self.counter = counter;
        self.buffer_pos = buffer_pos;
        // If buffer_pos is at end, refill for next use
        if self.buffer_pos >= 64 {
            self.refill_buffer()?;
        }
        Ok(())
    }
}

impl Rng for ChaCha20Rng {
    fn next_u32(&mut self) -> u32 {
        let mut bytes = [0u8; 4];
        self.fill_bytes(&mut bytes);
        u32::from_le_bytes(bytes)
    }

    fn next_u64(&mut self) -> u64 {
        let mut bytes = [0u8; 8];
        self.fill_bytes(&mut bytes);
        u64::from_le_bytes(bytes)
    }

    fn fill_bytes(&mut self, dest: &mut [u8]) {
        for byte in dest.iter_mut() {
            if self.buffer_pos >= 64 {
                self.refill_buffer()
                    .expect("ChaCha20 refill should never fail");
            }
            *byte = self.buffer[self.buffer_pos];
            self.buffer_pos += 1;
        }
    }
}

impl CryptoRng for ChaCha20Rng {}

impl DeterministicRng for ChaCha20Rng {
    fn is_deterministic(&self) -> bool {
        true
    }
}

impl SeedableRng for ChaCha20Rng {
    type Seed = Seed;

    fn from_seed(seed: Self::Seed) -> Self {
        Self::new(&seed).expect("Seed should be valid")
    }

    fn reseed(&mut self, seed: Self::Seed) -> Result<()> {
        *self = Self::new(&seed)?;
        Ok(())
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    #[cfg(feature = "crypto_rng")]
    fn test_chacha20_deterministic() {
        let seed =
            Seed::from_bytes(vec![1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).unwrap();
        let mut rng1 = ChaCha20Rng::new(&seed).unwrap();
        let mut rng2 = ChaCha20Rng::new(&seed).unwrap();

        for _ in 0..10 {
            assert_eq!(rng1.next_u64(), rng2.next_u64());
        }
    }

    #[test]
    #[cfg(feature = "crypto_rng")]
    fn test_chacha20_save_restore() {
        let seed = Seed::from_bytes(vec![42; 32]).unwrap();
        let mut rng = ChaCha20Rng::new(&seed).unwrap();
        let _ = rng.next_u64();
        let (key, nonce, counter, buffer_pos) = rng.save_state();

        let mut rng2 = ChaCha20Rng::new(&seed).unwrap();
        rng2.restore_state(key, nonce, counter, buffer_pos).unwrap();

        assert_eq!(rng.next_u64(), rng2.next_u64());
    }
}