Rng class

class crsysapi.Rng

Random Number Generator to NIST SP800-90A.

class Opts

RNG options.

DEFAULT = 0

Default option

NO_INTEL_DRNG = 524288

Turn off support for Intel(R) DRNG for the current session.

SEED_BYTES = 128

Size in bytes of seed file (increased to 128 from 64 in [v6.22])

class Strength

Required security strength for user-prompted entropy.

BITS_112 = 0

112 bits of security (default)

BITS_128 = 1

128 bits of security

BITS_192 = 2

192 bits of security

BITS_256 = 3

256 bits of security

static bytes_with_prompt(n, strength=0, prompt='')

Generate an array of n random bytes with a prompt for user to enter random keystrokes.

Parameters:

  • n (int) -- Required number of random bytes.

  • strength (Rng.Strength) -- Required security strength (default=112 bits).

  • prompt (str) -- Optional prompt for dialog.

Returns:

Array of random bytes.

Return type:

bytes

static bytestring(n)

Generate an array of n random bytes.

Parameters:

n (int) -- Required number of random bytes.

Returns:

Array of random bytes.

Return type:

bytes

static initialize(seedfilename)

Initialize the RNG generator using a seed file.

Use a seed file to increase the entropy for the current session. Initialization is recommended but not mandatory. The seed file is automatically updated by this procedure.

Parameters:

seedfilename (str) -- Full path name of seed file. If the seed file does not exist, it will be created.

Returns:

Zero if successful.

Return type:

int

static initialize_ex(opts=0)

Query and initialize the RNG generator using Intel(R) DRNG, if available.

Parameters:

opts (Rng.Opts) -- Specify Rng.Opts.NO_INTEL_DRNG to explicitly turn off support.

Returns:

Support status for Intel(R) DRNG. If available, then returns a positive value (1,2,3); else a negative error code.

Return type:

int

static make_seedfile(seedfilename, strength=0, prompt='')

Create a new seed file suitable for use with Rng.initialize().

This uses a dialog window and expects the user to type in random keystrokes. Such a GUI interface may not be appropriate in all circumstances.

Parameters:

  • seedfilename (str) -- Full path name of seed file to be created. Any existing file of the same name will be overwritten without warning.

  • strength (Rng.Strength) -- Required security strength (default=112 bits).

  • prompt (str) -- Optional prompt for dialog.

Returns:

Zero if successful.

Return type:

int

static number(lower, upper)

Generate a random integer in a given range.

Parameters:

  • lower (int) -- lower value of range

  • upper (int) -- upper value of range

Returns:

Random integer x: lower <= x <= upper

Return type:

int

static octet()

Generate a single random octet (byte).

Returns:

Single byte value randomly chosen between 0 and 255

Return type:

int

static test_drbgvs(returnedBitsLen, entropyInput, nonce, personalizationString, additionalInput1, entropyReseed, additionalInputReseed, additionalInput2)

Test the random number generator for conformance to NIST SP 800-90A using the relevant test specified in the Deterministic Random Bit Generator Validation System (DRBGVS).

The test procedure, the input values and the expected output are described in the DRBGVS document. The relevant DRBG mechanism is HMAC_DRBG SHA-512 without prediction resistance. All input and output values are hexadecimal-encoded strings.

Parameters:

  • returnedBitsLen (int) -- Number of bits to be returned from each call to the generate function in the test.

  • entropyInput (str) -- the EntropyInput value in hex format.

  • nonce (str) -- the Nonce value in hex format.

  • personalizationString (str) -- the PersonalizationString value in hex format.

  • additionalInput1 (str) -- the first AdditionalInput value in hex format.

  • entropyReseed (str) -- the EntropyReseed value in hex format.

  • additionalInputReseed (str) -- the AdditionalInputReseed value in hex format.

  • additionalInput2 (str) -- the second AdditionalInput value in hex format.

Returns:

The ReturnedBits as a string in hexadecimal format.

Return type:

str

static update_seedfile(seedfilename)

Update the RNG seed file with more entropy.

Parameters:

seedfilename (str) -- Full path name of seed file. If the seed file does not exist, it will be created.

Returns:

Zero if successful.

Return type:

int