qcomm-core 0.1.0

Post-quantum cryptographic primitives: ML-KEM-1024, SPHINCS+, Triple Ratchet with forward secrecy
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182

//! Quantum Random Number Generator (QRNG) Integration
//!
//! Provides access to hardware quantum random number sources:
//! - Crypto4A QRNG hardware
//! - /dev/qrandom (when available)
//! - Fallback to OS CSPRNG when hardware unavailable

use crate::{Error, Result};

/// QRNG source types
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum QrngSource {
    /// Crypto4A hardware QRNG
    Crypto4A,
    /// Linux /dev/qrandom device
    DevQrandom,
    /// macOS Secure Enclave (if quantum-enhanced)
    SecureEnclave,
    /// Fallback to OS CSPRNG
    OsCsprng,
}

/// QRNG provider that selects best available source
pub struct QrngProvider {
    source: QrngSource,
}

impl QrngProvider {
    /// Create a new QRNG provider, auto-detecting best source
    pub fn new() -> Self {
        let source = Self::detect_best_source();
        Self { source }
    }

    /// Create with a specific source (for testing)
    pub fn with_source(source: QrngSource) -> Self {
        Self { source }
    }

    /// Detect the best available QRNG source
    fn detect_best_source() -> QrngSource {
        #[cfg(not(target_arch = "wasm32"))]
        {
            // Try Crypto4A first (would check for hardware in production)
            if Self::is_crypto4a_available() {
                return QrngSource::Crypto4A;
            }

            // Try /dev/qrandom
            if std::path::Path::new("/dev/qrandom").exists() {
                return QrngSource::DevQrandom;
            }
        }

        // Fallback to OS CSPRNG
        QrngSource::OsCsprng
    }

    /// Check if Crypto4A hardware is available
    #[cfg(not(target_arch = "wasm32"))]
    fn is_crypto4a_available() -> bool {
        // In production, this would check for actual hardware
        // Could use USB enumeration or specific device files
        false
    }

    /// Get the current source
    pub fn source(&self) -> QrngSource {
        self.source
    }

    /// Get entropy from the QRNG
    pub fn get_entropy(&self, bytes: usize) -> Result<Vec<u8>> {
        match self.source {
            #[cfg(not(target_arch = "wasm32"))]
            QrngSource::Crypto4A => self.get_crypto4a_entropy(bytes),
            #[cfg(not(target_arch = "wasm32"))]
            QrngSource::DevQrandom => self.get_dev_qrandom_entropy(bytes),
            #[cfg(not(target_arch = "wasm32"))]
            QrngSource::SecureEnclave => self.get_secure_enclave_entropy(bytes),
            QrngSource::OsCsprng => self.get_os_csprng_entropy(bytes),
            #[cfg(target_arch = "wasm32")]
            _ => self.get_os_csprng_entropy(bytes),
        }
    }

    /// Get entropy from Crypto4A hardware
    #[cfg(not(target_arch = "wasm32"))]
    fn get_crypto4a_entropy(&self, _bytes: usize) -> Result<Vec<u8>> {
        // In production, this would communicate with Crypto4A hardware
        // via USB HID or similar interface
        Err(Error::QrngUnavailable("Crypto4A not implemented".into()))
    }

    /// Get entropy from /dev/qrandom
    #[cfg(not(target_arch = "wasm32"))]
    fn get_dev_qrandom_entropy(&self, bytes: usize) -> Result<Vec<u8>> {
        use std::fs::File;
        use std::io::Read;

        let mut file = File::open("/dev/qrandom")
            .map_err(|e| Error::QrngUnavailable(e.to_string()))?;

        let mut entropy = vec![0u8; bytes];
        file.read_exact(&mut entropy)
            .map_err(|e| Error::QrngUnavailable(e.to_string()))?;

        Ok(entropy)
    }

    /// Get entropy from Secure Enclave
    #[cfg(not(target_arch = "wasm32"))]
    fn get_secure_enclave_entropy(&self, bytes: usize) -> Result<Vec<u8>> {
        // In production, this would use Security.framework on macOS
        // For now, fallback to OS CSPRNG
        self.get_os_csprng_entropy(bytes)
    }

    /// Get entropy from OS CSPRNG (fallback)
    fn get_os_csprng_entropy(&self, bytes: usize) -> Result<Vec<u8>> {
        use rand::RngCore;

        let mut entropy = vec![0u8; bytes];
        rand::thread_rng().fill_bytes(&mut entropy);
        Ok(entropy)
    }
}

impl Default for QrngProvider {
    fn default() -> Self {
        Self::new()
    }
}

/// Global QRNG instance for convenience
static QRNG: std::sync::OnceLock<QrngProvider> = std::sync::OnceLock::new();

/// Get entropy from the global QRNG provider
pub fn get_entropy(bytes: usize) -> Result<Vec<u8>> {
    QRNG.get_or_init(QrngProvider::new).get_entropy(bytes)
}

/// Get the current QRNG source
pub fn current_source() -> QrngSource {
    QRNG.get_or_init(QrngProvider::new).source()
}

/// Check if hardware QRNG is available
pub fn is_hardware_available() -> bool {
    matches!(
        current_source(),
        QrngSource::Crypto4A | QrngSource::DevQrandom
    )
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_get_entropy() {
        let entropy = get_entropy(32).unwrap();
        assert_eq!(entropy.len(), 32);
    }

    #[test]
    fn test_entropy_uniqueness() {
        let e1 = get_entropy(32).unwrap();
        let e2 = get_entropy(32).unwrap();
        assert_ne!(e1, e2);
    }

    #[test]
    fn test_provider_source() {
        let provider = QrngProvider::new();
        // Should fallback to OS CSPRNG in most test environments
        assert!(matches!(
            provider.source(),
            QrngSource::OsCsprng | QrngSource::DevQrandom | QrngSource::Crypto4A
        ));
    }
}