aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto
diff options
context:
space:
mode:
authorGuilherme Andrade <[email protected]>2017-03-18 17:32:23 +0000
committerGuilherme Andrade <[email protected]>2017-03-18 18:06:37 +0000
commit5eae0dacf40ec60b09f0fdf761987e39320c4db0 (patch)
treec76f69da65b7932b25d0f669a90bc037f4a60250 /lib/crypto
parent77039e648c8a62bfc4f0242531d5fd4874b29aad (diff)
downloadotp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.tar.gz
otp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.tar.bz2
otp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.zip
No longer expose strong_rand_(range|float)
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/doc/src/crypto.xml40
-rw-r--r--lib/crypto/src/crypto.erl48
-rw-r--r--lib/crypto/test/crypto_SUITE.erl40
3 files changed, 23 insertions, 105 deletions
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml
index 7a5bd62c26..36a1a2c2ee 100644
--- a/lib/crypto/doc/src/crypto.xml
+++ b/lib/crypto/doc/src/crypto.xml
@@ -660,10 +660,8 @@
<p>Set the seed for PRNG to the given binary. This calls the
RAND_seed function from openssl. Only use this if the system
you are running on does not have enough "randomness" built in.
- Normally this is when either
- <seealso marker="#strong_rand_bytes/1">strong_rand_bytes/1</seealso>,
- <seealso marker="#strong_rand_range/1">strong_rand_range/1</seealso> or
- <seealso marker="#strong_rand_float/0">strong_rand_float/0</seealso>
+ Normally this is when
+ <seealso marker="#strong_rand_bytes/1">strong_rand_bytes/1</seealso>
throws <c>low_entropy</c></p>
</desc>
</func>
@@ -733,40 +731,6 @@
</func>
<func>
- <name>strong_rand_range(N) -> binary()</name>
- <fsummary>Generate a random non-negative integer between 0 and N</fsummary>
- <type>
- <v>N = pos_integer() | binary()</v>
- </type>
- <desc>
- <p>Generates a random non-negative integer uniformly distributed
- in the value range <c><![CDATA[X, 0 =< X < N.]]></c>
- Uses a cryptographically secure prng seeded and periodically mixed with operating system
- provided entropy. By default this is the <c>BN_rand_range</c> method from OpenSSL.</p>
- <p>Returns binary representation.</p>
- <p>May throw exception <c>low_entropy</c> in case the random generator
- failed due to lack of secure "randomness".</p>
- </desc>
- </func>
-
- <func>
- <name>strong_rand_float() -> X</name>
- <fsummary>Generate a random floating point number between 0.0 and 1.0</fsummary>
- <type>
- <v>X = float()</v>
- </type>
- <desc>
- <p>Generates a random floating pointer number uniformly distributed
- in the value range <c><![CDATA[X, 0.0 =< X < 1.0.]]></c>
- Uses a cryptographically secure prng seeded and periodically mixed with operating system
- provided entropy. By default this is the <c>BN_rand_range</c> method from OpenSSL.</p>
- <p>May throw exception <c>low_entropy</c> in case the random generator
- failed due to lack of secure "randomness".</p>
- <note><p>The generated values shall present no more than 51 bits of effective entropy.</p></note>
- </desc>
- </func>
-
- <func>
<name>rand_seed() -> rand:state()</name>
<fsummary>Strong random number generation plugin state</fsummary>>
<desc>
diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl
index 4ae7a9cdd6..ad9245f8f2 100644
--- a/lib/crypto/src/crypto.erl
+++ b/lib/crypto/src/crypto.erl
@@ -30,8 +30,6 @@
-export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]).
-export([cmac/3, cmac/4]).
-export([exor/2, strong_rand_bytes/1, mod_pow/3]).
--export([strong_rand_range/1]).
--export([strong_rand_float/0]).
-export([rand_seed/0]).
-export([rand_seed_s/0]).
-export([rand_uniform/2]).
@@ -290,8 +288,6 @@ stream_decrypt(State, Data0) ->
%% RAND - pseudo random numbers using RN_ and BN_ functions in crypto lib
%%
-spec strong_rand_bytes(non_neg_integer()) -> binary().
--spec strong_rand_range(pos_integer() | binary()) -> binary().
--spec strong_rand_float() -> float().
-spec rand_seed() -> rand:state().
-spec rand_seed_s() -> rand:state().
-spec rand_uniform(crypto_integer(), crypto_integer()) ->
@@ -305,29 +301,6 @@ strong_rand_bytes(Bytes) ->
strong_rand_bytes_nif(_Bytes) -> ?nif_stub.
-strong_rand_range(Range) when is_integer(Range), Range > 0 ->
- BinRange = int_to_bin(Range),
- strong_rand_range(BinRange);
-strong_rand_range(BinRange) when is_binary(BinRange) ->
- case strong_rand_range_nif(BinRange) of
- false ->
- erlang:error(low_entropy);
- <<BinResult/binary>> ->
- BinResult
- end.
-strong_rand_range_nif(_BinRange) -> ?nif_stub.
-
-
-strong_rand_float() ->
- % This could be optimized by having its own NIF
- Sign = 0, % positive
- Exponent = 1023, % on the interval [1.0, 2.0[
- BinFraction = strong_rand_range(1 bsl 52), % the whole interval above
- Fraction = bin_to_int(BinFraction),
- <<Value:64/big-float>> = <<Sign:1, Exponent:11, Fraction:52>>,
- Value - 1.0.
-
-
rand_seed() ->
rand:seed(rand_seed_s()).
@@ -352,6 +325,27 @@ rand_plugin_uniform(Max, State) ->
rand_plugin_jump(State) ->
State.
+strong_rand_range(Range) when is_integer(Range), Range > 0 ->
+ BinRange = int_to_bin(Range),
+ strong_rand_range(BinRange);
+strong_rand_range(BinRange) when is_binary(BinRange) ->
+ case strong_rand_range_nif(BinRange) of
+ false ->
+ erlang:error(low_entropy);
+ <<BinResult/binary>> ->
+ BinResult
+ end.
+strong_rand_range_nif(_BinRange) -> ?nif_stub.
+
+strong_rand_float() ->
+ % This could be optimized by having its own NIF
+ Sign = 0, % positive
+ Exponent = 1023, % on the interval [1.0, 2.0[
+ BinFraction = strong_rand_range(1 bsl 52), % the whole interval above
+ Fraction = bin_to_int(BinFraction),
+ <<Value:64/big-float>> = <<Sign:1, Exponent:11, Fraction:52>>,
+ Value - 1.0.
+
rand_uniform(From,To) when is_binary(From), is_binary(To) ->
case rand_uniform_nif(From,To) of
diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl
index 482a07d634..1b7456af18 100644
--- a/lib/crypto/test/crypto_SUITE.erl
+++ b/lib/crypto/test/crypto_SUITE.erl
@@ -37,8 +37,6 @@ all() ->
mod_pow,
exor,
rand_uniform,
- strong_rand_range,
- strong_rand_float,
rand_plugin,
rand_plugin_s
].
@@ -490,44 +488,6 @@ rand_uniform(Config) when is_list(Config) ->
10 = byte_size(crypto:strong_rand_bytes(10)).
%%--------------------------------------------------------------------
-strong_rand_range() ->
- [{doc, "strong_rand_range testing"}].
-strong_rand_range(Config) when is_list(Config) ->
- MaxCeiling = 1 bsl 32,
- Ceilings = [1 | % edge case where only 0 can be generated
- [binary:decode_unsigned(crypto:strong_rand_range(MaxCeiling), big)
- || _ <- lists:seq(1, 99)]],
-
- allmap(
- fun (Ceiling) ->
- case Ceiling >= 0 andalso Ceiling < MaxCeiling of
- false ->
- {false, ct:fail({"Ceiling not in interval", Ceiling, 0, MaxCeiling})};
- true ->
- Samples = [binary:decode_unsigned(crypto:strong_rand_range(Ceiling), big)
- || _ <- lists:seq(1, 100)],
- allmap(
- fun (V) ->
- (V >= 0 andalso V < Ceiling)
- orelse {false, ct:fail({"Sample not in interval", V, 0, Ceiling})}
- end,
- Samples)
- end
- end,
- Ceilings).
-
-strong_rand_float() ->
- [{doc, "strong_rand_float testing"}].
-strong_rand_float(Config) when is_list(Config) ->
- Samples = [crypto:strong_rand_float() || _ <- lists:seq(1, 10000)],
- allmap(
- fun (V) ->
- (V >= 0.0 andalso V < 1.0)
- orelse {false, ct:fail({"Not in interval", V, 0.0, 1.0})}
- end,
- Samples).
-
-%%--------------------------------------------------------------------
rand_plugin() ->
[{doc, "crypto rand plugin testing (implicit state / process dictionary)"}].
rand_plugin(Config) when is_list(Config) ->