Rng class

class cryptosyspki.Rng

Random Number Generator to NIST SP800-90A.

class Opts

RNG options.

DEFAULT = 0

Default option

NO_INTEL_DRNG = 524288

Turn off support for Intel(R) DRNG for the current session.

RNG_GUID_CHARS = 36

Length of GUID string

SEED_BYTES = 128

Size in bytes of seed file (increased from 64 in [v22.1])

class Strength

Required security strength for user-prompted entropy.

BITS_112 = 0

112 bits of security (default)

BITS_128 = 1

128 bits of security

BITS_192 = 2

192 bits of security

BITS_256 = 3

256 bits of security

static bytes_with_prompt(n, strength=0, prompt='')

Generate an array of n random bytes with a prompt for user to enter random keystrokes.

Parameters:

  • n (int) -- Required number of random bytes.

  • strength (Rng.Strength) -- Required security strength (default=112 bits).

  • prompt (str) -- Optional prompt for dialog.

Returns:

Array of random bytes.

Return type:

bytes

static bytestring(n)

Generate an array of n random bytes.

Parameters:

n (int) -- Required number of random bytes.

Returns:

Array of random bytes.

Return type:

bytes

static guid()

Generate a random 36-character Global Unique IDentifier (GUID) string according to [RFC4122].

Returns:

String of the form "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" where 'x' is a hexadecimal digit [0-9a-f].

Return type:

str

static initialize(seedfilename)

Initialize the RNG generator using a seed file.

Use a seed file to increase the entropy for the current session. Initialization is recommended but not mandatory. The seed file is automatically updated by this procedure.

Parameters:

seedfilename (str) -- Full path name of seed file. If the seed file does not exist, it will be created.

Returns:

Zero if successful.

Return type:

int

static initialize_ex(opts=0)

Query and initialize the RNG generator using Intel(R) DRNG, if available.

Parameters:

opts (Rng.Opts) -- Specify Rng.Opts.NO_INTEL_DRNG to explicitly turn off support.

Returns:

Support status for Intel(R) DRNG. If available, then returns a positive value (1,2,3); else a negative error code.

Return type:

int

static make_seedfile(seedfilename, strength=1, prompt='')

Create a new seed file suitable for use with Rng.initialize().

This uses a dialog window and expects the user to type in random keystrokes. Such a GUI interface may not be appropriate in all circumstances.

Parameters:

  • seedfilename (str) -- Full path name of seed file to be created. Any existing file of the same name will be overwritten without warning.

  • strength (Rng.Strength) -- Required security strength (default=128 bits).

  • prompt (str) -- Optional prompt for dialog.

Returns:

Zero if successful.

Return type:

int

static number(lower, upper)

Generate a random integer in a given range.

Parameters:

  • lower (int) -- lower value of range

  • upper (int) -- upper value of range

Returns:

Random integer x: lower <= x <= upper

Return type:

int

static octet()

Generate a single random octet (byte).

Returns:

Single byte value randomly chosen between 0 and 255

Return type:

int

static test_drbgvs(returnedBitsLen, entropyInput, nonce, personalizationString, additionalInput1, entropyReseed, additionalInputReseed, additionalInput2)

Test the RNG for conformance to NIST SP800-90A using the relevant test specified in DRBGVS..

The test procedure, the input values and the expected output are described in the DRBGVS document. The relevant DRBG mechanism is HMAC_DRBG SHA-512 without prediction resistance. All input and output values are hexadecimal-encoded strings.

Parameters:

  • returnedBitsLen (int) -- Number of bits to be returned from each call to the generate function in the test.

  • entropyInput (str) -- the EntropyInput value in hex format.

  • nonce (str) -- the Nonce value in hex format.

  • personalizationString (str) -- the PersonalizationString value in hex format.

  • additionalInput1 (str) -- the first AdditionalInput value in hex format.

  • entropyReseed (str) -- the EntropyReseed value in hex format.

  • additionalInputReseed (str) -- the AdditionalInputReseed value in hex format.

  • additionalInput2 (str) -- the second AdditionalInput value in hex format.

Returns:

The ReturnedBits as a string in hexadecimal format.

Return type:

str

static update_seedfile(seedfilename)

Update the RNG seed file with more entropy.

Parameters:

seedfilename (str) -- Full path name of seed file. If the seed file does not exist, it will be created.

Returns:

Zero if successful.

Return type:

int