pub trait RngProvider:
Send
+ Sync
+ 'static {
// Required method
fn fill_bytes(&self, dest: &mut [u8]);
// Provided method
fn next_u64(&self) -> u64 { ... }
}Expand description
Source of cryptographically secure random bytes.
The trait takes &self (not &mut self) on every method so a single
Arc<dyn RngProvider> can be shared across tasks / threads without
callers having to wrap it in a Mutex. Implementations that internally
need mutation (a software DRBG, a ChaChaRng-backed test fixture, …)
must supply their own interior mutability — see the CounterRng
example in the test module.
Send + Sync + 'static lets the provider be held in Arc<dyn …> for
the lifetime of a long-running listener.
§Failure model
Implementations are expected to be infallible at the call boundary
— randomness is required for crypto correctness, and there is no
useful fallback at the Phantom Protocol layer. If the underlying source
can fail (a hardware-RNG health-test trip, an OS RNG that returns
EIO, …) the impl must surface that as a panic so the higher layer
fails loudly rather than silently producing biased keys. The default
OsRng follows this convention via getrandom’s
Result::expect.
Required Methods§
Sourcefn fill_bytes(&self, dest: &mut [u8])
fn fill_bytes(&self, dest: &mut [u8])
Fill dest with cryptographically secure random bytes.
Provided Methods§
Sourcefn next_u64(&self) -> u64
fn next_u64(&self) -> u64
Convenience: return a single fresh u64 of randomness.
Default impl reads 8 bytes from fill_bytes and decodes them
little-endian. Implementations with a faster word-aligned path
(e.g., an HMAC-DRBG outputting 64-bit blocks) may override.
Dyn Compatibility§
This trait is dyn compatible.
In older versions of Rust, dyn compatibility was called "object safety".
Implementors§
impl RngProvider for OsRng
fips only.