wireguard-embed 1.0.0

std + alloc driver for wireguard-sans-io: BoringTun-style API (built-in clock, OS RNG, rate limiter, packet queue) wrapping the no_std core
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33

//! OS entropy → [`EntropySource`].

use wireguard_sans_io::{EntropyError, EntropySource};

/// [`EntropySource`] backed by the operating system's CSPRNG via
/// `getrandom` (RtlGenRandom / getrandom(2) / SecRandomCopyBytes / …).
///
/// This is the only place `wireguard-embed` reaches outside std.
#[derive(Debug, Default, Clone, Copy)]
pub struct OsEntropy;

impl EntropySource for OsEntropy {
    fn fill(&mut self, buf: &mut [u8]) -> Result<(), EntropyError> {
        getrandom::getrandom(buf).map_err(|_| EntropyError)
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    #[test]
    fn fills_nonzero() {
        let mut a = [0u8; 64];
        let mut b = [0u8; 64];
        #[allow(clippy::unwrap_used)]
        {
            OsEntropy.fill(&mut a).unwrap();
            OsEntropy.fill(&mut b).unwrap();
        }
        assert_ne!(a, [0u8; 64]);
        assert_ne!(a, b, "two draws should differ");
    }
}