package drbg

Standard library – crypto/internal/fips140/drbg Index | Files

import "crypto/internal/fips140/drbg"

Index ¶

Constants
func Read(b []byte)
func ReadWithReader(r io.Reader, b []byte) error
func ReadWithReaderDeterministic(r io.Reader, b []byte) error
type Counter

func NewCounter(entropy *[SeedSize]byte) *Counter
func (c *Counter) Generate(out []byte, additionalInput *[SeedSize]byte) (reseedRequired bool)
func (c *Counter) Reseed(entropy, additionalInput *[SeedSize]byte)

type DefaultReader

Constants ¶

const (
	SeedSize = keySize + aes.BlockSize
)

Functions ¶

func Read ¶

func Read(b []byte)

Read fills b with cryptographically secure random bytes. In FIPS mode, it uses an SP 800-90A Rev. 1 Deterministic Random Bit Generator (DRBG). Otherwise, it uses the operating system's random number generator.

func ReadWithReader ¶

func ReadWithReader(r io.Reader, b []byte) error

ReadWithReader uses Reader to fill b with cryptographically secure random bytes. It is intended for use in APIs that expose a rand io.Reader.

If Reader is not the default Reader from crypto/rand, randutil.MaybeReadByte and fips140.RecordNonApproved are called.

func ReadWithReaderDeterministic ¶

func ReadWithReaderDeterministic(r io.Reader, b []byte) error

ReadWithReaderDeterministic is like ReadWithReader, but it doesn't call randutil.MaybeReadByte on non-default Readers.

Types ¶

type Counter ¶

type Counter struct {
	// contains filtered or unexported fields
}

Counter is an SP 800-90A Rev. 1 CTR_DRBG instantiated with AES-256.

Per Table 3, it has a security strength of 256 bits, a seed size of 384 bits, a counter length of 128 bits, a reseed interval of 2^48 requests, and a maximum request size of 2^19 bits (2^16 bytes, 64 KiB).

We support a narrow range of parameters that fit the needs of our RNG: AES-256, no derivation function, no personalization string, no prediction resistance, and 384-bit additional input.

func NewCounter ¶

func NewCounter(entropy *[SeedSize]byte) *Counter

func (*Counter) Generate ¶

func (c *Counter) Generate(out []byte, additionalInput *[SeedSize]byte) (reseedRequired bool)

Generate produces at most maxRequestSize bytes of random data in out.

func (*Counter) Reseed ¶

func (c *Counter) Reseed(entropy, additionalInput *[SeedSize]byte)

type DefaultReader ¶

type DefaultReader interface {
	// contains filtered or unexported methods
}

DefaultReader is a sentinel type, embedded in the default crypto/rand.Reader, used to recognize it when passed to APIs that accept a rand io.Reader.

Source Files ¶

cast.go ctrdrbg.go rand.go

Version: v1.24.0 (latest)
Published: Feb 10, 2025
Platform: linux/amd64
Imports: 13 packages
Last checked: 33 seconds ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples