mirror of
https://github.com/ziglang/zig.git
synced 2024-12-03 18:38:45 +00:00
59 lines
1.8 KiB
Zig
59 lines
1.8 KiB
Zig
//! CSPRNG based on the Reverie construction, a permutation-based PRNG
|
|
//! with forward security, instantiated with the Ascon(128,12,8) permutation.
|
|
//!
|
|
//! Compared to ChaCha, this PRNG has a much smaller state, and can be
|
|
//! a better choice for constrained environments.
|
|
//!
|
|
//! References:
|
|
//! - A Robust and Sponge-Like PRNG with Improved Efficiency https://eprint.iacr.org/2016/886.pdf
|
|
//! - Ascon https://ascon.iaik.tugraz.at/files/asconv12-nist.pdf
|
|
|
|
const std = @import("std");
|
|
const mem = std.mem;
|
|
const Self = @This();
|
|
|
|
const Ascon = std.crypto.core.Ascon(.little);
|
|
|
|
state: Ascon,
|
|
|
|
const rate = 16;
|
|
pub const secret_seed_length = 32;
|
|
|
|
/// The seed must be uniform, secret and `secret_seed_length` bytes long.
|
|
pub fn init(secret_seed: [secret_seed_length]u8) Self {
|
|
var self = Self{ .state = Ascon.initXof() };
|
|
self.addEntropy(&secret_seed);
|
|
return self;
|
|
}
|
|
|
|
/// Inserts entropy to refresh the internal state.
|
|
pub fn addEntropy(self: *Self, bytes: []const u8) void {
|
|
comptime std.debug.assert(secret_seed_length % rate == 0);
|
|
var i: usize = 0;
|
|
while (i + rate < bytes.len) : (i += rate) {
|
|
self.state.addBytes(bytes[i..][0..rate]);
|
|
self.state.permuteR(8);
|
|
}
|
|
if (i != bytes.len) self.state.addBytes(bytes[i..]);
|
|
self.state.permute();
|
|
}
|
|
|
|
/// Returns a `std.Random` structure backed by the current RNG.
|
|
pub fn random(self: *Self) std.Random {
|
|
return std.Random.init(self, fill);
|
|
}
|
|
|
|
/// Fills the buffer with random bytes.
|
|
pub fn fill(self: *Self, buf: []u8) void {
|
|
var i: usize = 0;
|
|
while (true) {
|
|
const left = buf.len - i;
|
|
const n = @min(left, rate);
|
|
self.state.extractBytes(buf[i..][0..n]);
|
|
if (left == 0) break;
|
|
self.state.permuteR(8);
|
|
i += n;
|
|
}
|
|
self.state.permuteRatchet(6, rate);
|
|
}
|