krypteia-quantica 0.1.0

Pure-Rust post-quantum cryptography: FIPS 203 ML-KEM, FIPS 204 ML-DSA, and FIPS 205 SLH-DSA. First-order arithmetic masking, shuffled NTT, FORS recompute-and-compare redundancy, constant-time rejection sampling. Targets embedded (no_std), STM32 M0/M4/M33, ESP32-C3 RISC-V. Zero runtime dependencies.
Documentation
//! Minimal cryptographic RNG trait and OS-backed implementation.
//!
//! SLH-DSA requires a source of cryptographic randomness for key generation and
//! hedged signing. This module provides a simple trait and a default implementation
//! backed by the operating system's entropy source.

use super::SlhDsaError;

/// Trait for cryptographic random byte generation.
///
/// Implementors must provide bytes that are indistinguishable from uniform random
/// to any computationally bounded adversary. The default implementation ([`OsRng`])
/// reads from `/dev/urandom`.
///
/// Custom implementations can be provided for testing (deterministic RNG) or for
/// environments where `/dev/urandom` is unavailable.
pub trait CryptoRng {
    /// Fill `dest` with cryptographically secure random bytes.
    ///
    /// Returns `Err(SlhDsaError::RngFailure)` if the entropy source is unavailable.
    fn fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), SlhDsaError>;
}

/// OS-backed cryptographic RNG reading from `/dev/urandom`.
///
/// Only available with the `std` feature. In `no_std` builds, callers
/// must supply their own [`CryptoRng`] implementation.
#[cfg(feature = "std")]
pub struct OsRng;

#[cfg(feature = "std")]
impl CryptoRng for OsRng {
    fn fill_bytes(&mut self, dest: &mut [u8]) -> Result<(), SlhDsaError> {
        use std::io::Read;
        let mut f = std::fs::File::open("/dev/urandom").map_err(|_| SlhDsaError::RngFailure)?;
        f.read_exact(dest).map_err(|_| SlhDsaError::RngFailure)
    }
}