Skip to main content

Crate nist_rand

Crate nist_rand 

Source
Expand description

§nist-rand — SP 800-90A/B/C CSPRNG Implementation

⚠️ DISCLAIMER: This code is NOT FIPS Verified and has NOT been officially audited by a NIST lab. Furthermore, this code does not receive any formal security audits. It implements the best practices and algorithms described by NIST SP 800-90A/B/C, but does not claim or provide official compliance or certification. Use at your own risk.

A high-assurance, production-ready Cryptographically Secure Pseudorandom Number Generator (CSPRNG) that implements the architectural design and algorithms described in NIST SP 800-90A/B/C.

§Architecture

 ┌───────────────────────────────────────────────────────────────┐
 │                    SP 800-90C Blender                         │
 │  ┌──────────────┐  ┌────────────────┐  ┌──────────────────┐   │
 │  │ OS RNG       │  │ CPU Jitter     │  │ System State     │   │
 │  │ /dev/urandom │  │ (advance feat) │  │ /proc, TSC, ASLR │   │
 │  │ + 90B tests  │  │ Von Neumann    │  │ (advance feat)   │   │
 │  └──────┬───────┘  └───────┬────────┘  └────────┬─────────┘   │
 │         └──────────────────┴────────────────────┘             │
 │                            │ SHA3-512                         │
 └────────────────────────────┼──────────────────────────────────┘
                              │ 512-bit conditioned seed
 ┌────────────────────────────▼──────────────────────────────────┐
 │             Hash_DRBG (SP 800-90A § 10.1.1)                   │
 │                    SHA3-512 (FIPS 202)                        │
 │                reseed every 10 000 requests                   │
 └────────────────────────────┬──────────────────────────────────┘
                              │
                        fill() / NistRng

§SP 800-90 Design Principles

RequirementStandardImplementation
Entropy source health testsSP 800-90B § 4.4rng::HealthTests (RCT + APT)
Multi-source entropy blendingSP 800-90C § 4.1entropy::get_blended_entropy() with SHA3-512
Approved DRBG mechanismSP 800-90A § 10.1.1drbg::HashDrbg
Approved hash functionFIPS 202SHA3-512
Reseed interval enforcementSP 800-90A Table 2Panic-on-overrun after 10 000 calls
Fail-safe on entropy failureFIPS 140-3 § 9.2 (Aligns with)panic! on health-test or reseed failure

§Crate Features

FeatureDefaultDescription
rand_coreExposes NistRng implementing rand_core 0.10 traits
advanceAdds CPU jitter, System state, and Hardware RNG (RDSEED/RDRAND) + extended 90B health tests
build_separatorEmbeds a random build-time salt (via build.rs)
zeroizeDerives zeroize::ZeroizeOnDrop on HashDrbg; wraps all sensitive buffers in zeroize::Zeroizing so keying material is erased even on panic
exp_simd_rngExperimental: AVX-256 thermal jitter (implies advance)
exp_network_rngExperimental: UDP network-latency jitter (implies advance)

Modules§

drbg
Hash_DRBG (SP 800-90A § 10.1.1) backed by SHA3-512.
entropy
Entropy sources and SP 800-90B continuous health tests.
rng
OS RNG reader and HealthTests state machine.

Structs§

NistRngrand_core
A rand_core 0.10-compatible wrapper around the nist-rand pipeline.
NistRngPredictionResistantrand_core
A rand_core 0.10-compatible wrapper providing Prediction Resistance.

Functions§

fill
Fills dest with cryptographically secure random bytes.
fill_prediction_resistant
Fills dest with cryptographically secure random bytes, with guaranteed Prediction Resistance (SP 800-90A § 8.7.2).
reseed
Forces an immediate reseed of the thread-local DRBG using fresh, SP 800-90C-conditioned entropy.