Trait Sp80090ADrbg 

pub trait Sp80090ADrbg {
    // Required methods
    fn instantiate(
        &mut self,
        prediction_resistance: bool,
        seed: impl KeyMaterial,
        nonce: &impl KeyMaterial,
        personalization_string: &[u8],
        security_strength: SecurityStrength,
    ) -> Result<(), RNGError>;
    fn reseed(
        &mut self,
        seed: &impl KeyMaterial,
        additional_input: &[u8],
    ) -> Result<(), RNGError>;
    fn generate(
        &mut self,
        additional_input: &[u8],
        len: usize,
    ) -> Result<Vec<u8>, RNGError>;
    fn generate_out(
        &mut self,
        additional_input: &[u8],
        out: &mut [u8],
    ) -> Result<usize, RNGError>;
    fn generate_keymaterial_out(
        &mut self,
        additional_input: &[u8],
        out: &mut impl KeyMaterial,
    ) -> Result<usize, RNGError>;
}

Implements the five functions specified in SP 800-90A section 7.4 are instantate, generate, reseed, uninstantiate, and health_test. Note: this function implements Rust’s Drop on the sensitive working state in place of the explicit Uninstantiate function listed in SP 800-90Ar1.

Required Methods

fn instantiate( &mut self, prediction_resistance: bool, seed: impl KeyMaterial, nonce: &impl KeyMaterial, personalization_string: &[u8], security_strength: SecurityStrength, ) -> Result<(), RNGError>

The input KeyMaterial must be of type KeyType::Seed.

“”“ 8.6.3 Entropy Requirements for the Entropy Input The entropy input shall have entropy that is equal to or greater than the security strength of the instantiation. Additional entropy may be provided in the nonce or the optional personalization string during instantiation, or in the additional input during reseeding and generation, but this is not required and does not increase the “official” security strength of the DRBG instantiation that is recorded in the internal state.

8.6.4 Seed Length The minimum length of the seed depends on the DRBG mechanism and the security strength required by the consuming application, but shall be at least the number of bits of entropy required. “”“

This function takes ownership of the seed KeyMaterial object, to reduce the likelihood of its reuse in a second function call.

There is no entropy requirement on the nonce, but it is expected as a KeyMaterial so that it benefits from the secure erasure and logging protections in the KeyMaterial object.

fn reseed( &mut self, seed: &impl KeyMaterial, additional_input: &[u8], ) -> Result<(), RNGError>

Reseeds the DRBG with the provided seed. TODO: this needs to be thought out to take some sort of EntropySource object that’ll work well with DRBGs that require frequent reseeding.

fn generate( &mut self, additional_input: &[u8], len: usize, ) -> Result<Vec<u8>, RNGError>

Note that for a calling application to be in compliance with SP 800-90A, this requirement from section 8.4 must be met: “The pseudorandom bits returned from a DRBG shall not be used for any application that requires a higher security strength than the DRBG is instantiated to support. The security strength provided in these returned bits is the minimum of the security strength supported by the DRBG and the length of the bit string returned”

As required by SP 800-90A section 8.4, len cannot exceed the initialized SecurityStrength of this instance, although multiple calls to this function can be made, in which case it is the application’s responsibility to track that it is not expecting more entropy than the SecurityStrength to which this instance was instantiated. For example, extracting two 128-bit values from an instance instantiated to SecurityStrength::_128bit and then combining tem to form an AES-256 key would likely not pass FIPS certification.

Throws a RNGError::InsufficientSeedEntropy if len exceeds SecurityStrength.

fn generate_out( &mut self, additional_input: &[u8], out: &mut [u8], ) -> Result<usize, RNGError>

As per Sp80090ADrbg::generate, but writes to the provided output slice. The output slice is filled. Throws a RNGError::InsufficientSeedEntropy if the length of the output slice exceeds SecurityStrength. Retruns the number of bits output.

fn generate_keymaterial_out( &mut self, additional_input: &[u8], out: &mut impl KeyMaterial, ) -> Result<usize, RNGError>

As per Sp80090ADrbg::generate, but writes to the provided KeyMaterial. The output KeyMaterial is filled to capacity. Throws a RNGError::InsufficientSeedEntropy if the capacity of the output KeyMaterial exceeds SecurityStrength. Retruns the number of bits output.

Dyn Compatibility

This trait is not dyn compatible.

In older versions of Rust, dyn compatibility was called "object safety", so this trait is not object safe.

Implementors

impl<H: HashDRBG80090AParams> Sp80090ADrbg for HashDRBG80090A<H>