krypteia-quantica 0.1.0

Pure-Rust post-quantum cryptography: FIPS 203 ML-KEM, FIPS 204 ML-DSA, and FIPS 205 SLH-DSA. First-order arithmetic masking, shuffled NTT, FORS recompute-and-compare redundancy, constant-time rejection sampling. Targets embedded (no_std), STM32 M0/M4/M33, ESP32-C3 RISC-V. Zero runtime dependencies.
Documentation
//! Minimal cryptographic RNG trait and OS-backed implementation.
//!
//! Provides the [`CryptoRng`] trait used by ML-DSA for key generation and
//! hedged signing, along with [`OsRng`], a simple implementation backed by
//! the operating system's entropy source.

use super::MlDsaError;

/// Trait for cryptographic random byte generation.
///
/// Implementors must fill the destination buffer with cryptographically
/// secure random bytes. This trait is used as a trait object (`&mut dyn CryptoRng`)
/// throughout the ML-DSA API to allow callers to supply their own RNG.
pub trait CryptoRng {
    /// Fill `dest` with cryptographically secure random bytes.
    ///
    /// # Errors
    ///
    /// Returns [`MlDsaError::RngFailure`] if the underlying entropy source
    /// is unavailable or fails.
    fn fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), MlDsaError>;
}

/// OS-backed cryptographic RNG reading from `/dev/urandom`.
///
/// Only available with the `std` feature. In `no_std` builds, callers
/// must supply their own [`CryptoRng`] implementation.
#[cfg(feature = "std")]
pub struct OsRng;

#[cfg(feature = "std")]
impl CryptoRng for OsRng {
    fn fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), MlDsaError> {
        use std::io::Read;
        let mut f = std::fs::File::open("/dev/urandom").map_err(|_| MlDsaError::RngFailure)?;
        f.read_exact(dest).map_err(|_| MlDsaError::RngFailure)
    }
}