diff options
author | Guilherme Andrade <[email protected]> | 2017-03-18 17:32:23 +0000 |
---|---|---|
committer | Guilherme Andrade <[email protected]> | 2017-03-18 18:06:37 +0000 |
commit | 5eae0dacf40ec60b09f0fdf761987e39320c4db0 (patch) | |
tree | c76f69da65b7932b25d0f669a90bc037f4a60250 /lib/crypto | |
parent | 77039e648c8a62bfc4f0242531d5fd4874b29aad (diff) | |
download | otp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.tar.gz otp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.tar.bz2 otp-5eae0dacf40ec60b09f0fdf761987e39320c4db0.zip |
No longer expose strong_rand_(range|float)
Diffstat (limited to 'lib/crypto')
-rw-r--r-- | lib/crypto/doc/src/crypto.xml | 40 | ||||
-rw-r--r-- | lib/crypto/src/crypto.erl | 48 | ||||
-rw-r--r-- | lib/crypto/test/crypto_SUITE.erl | 40 |
3 files changed, 23 insertions, 105 deletions
diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 7a5bd62c26..36a1a2c2ee 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -660,10 +660,8 @@ <p>Set the seed for PRNG to the given binary. This calls the RAND_seed function from openssl. Only use this if the system you are running on does not have enough "randomness" built in. - Normally this is when either - <seealso marker="#strong_rand_bytes/1">strong_rand_bytes/1</seealso>, - <seealso marker="#strong_rand_range/1">strong_rand_range/1</seealso> or - <seealso marker="#strong_rand_float/0">strong_rand_float/0</seealso> + Normally this is when + <seealso marker="#strong_rand_bytes/1">strong_rand_bytes/1</seealso> throws <c>low_entropy</c></p> </desc> </func> @@ -733,40 +731,6 @@ </func> <func> - <name>strong_rand_range(N) -> binary()</name> - <fsummary>Generate a random non-negative integer between 0 and N</fsummary> - <type> - <v>N = pos_integer() | binary()</v> - </type> - <desc> - <p>Generates a random non-negative integer uniformly distributed - in the value range <c><![CDATA[X, 0 =< X < N.]]></c> - Uses a cryptographically secure prng seeded and periodically mixed with operating system - provided entropy. By default this is the <c>BN_rand_range</c> method from OpenSSL.</p> - <p>Returns binary representation.</p> - <p>May throw exception <c>low_entropy</c> in case the random generator - failed due to lack of secure "randomness".</p> - </desc> - </func> - - <func> - <name>strong_rand_float() -> X</name> - <fsummary>Generate a random floating point number between 0.0 and 1.0</fsummary> - <type> - <v>X = float()</v> - </type> - <desc> - <p>Generates a random floating pointer number uniformly distributed - in the value range <c><![CDATA[X, 0.0 =< X < 1.0.]]></c> - Uses a cryptographically secure prng seeded and periodically mixed with operating system - provided entropy. By default this is the <c>BN_rand_range</c> method from OpenSSL.</p> - <p>May throw exception <c>low_entropy</c> in case the random generator - failed due to lack of secure "randomness".</p> - <note><p>The generated values shall present no more than 51 bits of effective entropy.</p></note> - </desc> - </func> - - <func> <name>rand_seed() -> rand:state()</name> <fsummary>Strong random number generation plugin state</fsummary>> <desc> diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 4ae7a9cdd6..ad9245f8f2 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -30,8 +30,6 @@ -export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]). -export([cmac/3, cmac/4]). -export([exor/2, strong_rand_bytes/1, mod_pow/3]). --export([strong_rand_range/1]). --export([strong_rand_float/0]). -export([rand_seed/0]). -export([rand_seed_s/0]). -export([rand_uniform/2]). @@ -290,8 +288,6 @@ stream_decrypt(State, Data0) -> %% RAND - pseudo random numbers using RN_ and BN_ functions in crypto lib %% -spec strong_rand_bytes(non_neg_integer()) -> binary(). --spec strong_rand_range(pos_integer() | binary()) -> binary(). --spec strong_rand_float() -> float(). -spec rand_seed() -> rand:state(). -spec rand_seed_s() -> rand:state(). -spec rand_uniform(crypto_integer(), crypto_integer()) -> @@ -305,29 +301,6 @@ strong_rand_bytes(Bytes) -> strong_rand_bytes_nif(_Bytes) -> ?nif_stub. -strong_rand_range(Range) when is_integer(Range), Range > 0 -> - BinRange = int_to_bin(Range), - strong_rand_range(BinRange); -strong_rand_range(BinRange) when is_binary(BinRange) -> - case strong_rand_range_nif(BinRange) of - false -> - erlang:error(low_entropy); - <<BinResult/binary>> -> - BinResult - end. -strong_rand_range_nif(_BinRange) -> ?nif_stub. - - -strong_rand_float() -> - % This could be optimized by having its own NIF - Sign = 0, % positive - Exponent = 1023, % on the interval [1.0, 2.0[ - BinFraction = strong_rand_range(1 bsl 52), % the whole interval above - Fraction = bin_to_int(BinFraction), - <<Value:64/big-float>> = <<Sign:1, Exponent:11, Fraction:52>>, - Value - 1.0. - - rand_seed() -> rand:seed(rand_seed_s()). @@ -352,6 +325,27 @@ rand_plugin_uniform(Max, State) -> rand_plugin_jump(State) -> State. +strong_rand_range(Range) when is_integer(Range), Range > 0 -> + BinRange = int_to_bin(Range), + strong_rand_range(BinRange); +strong_rand_range(BinRange) when is_binary(BinRange) -> + case strong_rand_range_nif(BinRange) of + false -> + erlang:error(low_entropy); + <<BinResult/binary>> -> + BinResult + end. +strong_rand_range_nif(_BinRange) -> ?nif_stub. + +strong_rand_float() -> + % This could be optimized by having its own NIF + Sign = 0, % positive + Exponent = 1023, % on the interval [1.0, 2.0[ + BinFraction = strong_rand_range(1 bsl 52), % the whole interval above + Fraction = bin_to_int(BinFraction), + <<Value:64/big-float>> = <<Sign:1, Exponent:11, Fraction:52>>, + Value - 1.0. + rand_uniform(From,To) when is_binary(From), is_binary(To) -> case rand_uniform_nif(From,To) of diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 482a07d634..1b7456af18 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -37,8 +37,6 @@ all() -> mod_pow, exor, rand_uniform, - strong_rand_range, - strong_rand_float, rand_plugin, rand_plugin_s ]. @@ -490,44 +488,6 @@ rand_uniform(Config) when is_list(Config) -> 10 = byte_size(crypto:strong_rand_bytes(10)). %%-------------------------------------------------------------------- -strong_rand_range() -> - [{doc, "strong_rand_range testing"}]. -strong_rand_range(Config) when is_list(Config) -> - MaxCeiling = 1 bsl 32, - Ceilings = [1 | % edge case where only 0 can be generated - [binary:decode_unsigned(crypto:strong_rand_range(MaxCeiling), big) - || _ <- lists:seq(1, 99)]], - - allmap( - fun (Ceiling) -> - case Ceiling >= 0 andalso Ceiling < MaxCeiling of - false -> - {false, ct:fail({"Ceiling not in interval", Ceiling, 0, MaxCeiling})}; - true -> - Samples = [binary:decode_unsigned(crypto:strong_rand_range(Ceiling), big) - || _ <- lists:seq(1, 100)], - allmap( - fun (V) -> - (V >= 0 andalso V < Ceiling) - orelse {false, ct:fail({"Sample not in interval", V, 0, Ceiling})} - end, - Samples) - end - end, - Ceilings). - -strong_rand_float() -> - [{doc, "strong_rand_float testing"}]. -strong_rand_float(Config) when is_list(Config) -> - Samples = [crypto:strong_rand_float() || _ <- lists:seq(1, 10000)], - allmap( - fun (V) -> - (V >= 0.0 andalso V < 1.0) - orelse {false, ct:fail({"Not in interval", V, 0.0, 1.0})} - end, - Samples). - -%%-------------------------------------------------------------------- rand_plugin() -> [{doc, "crypto rand plugin testing (implicit state / process dictionary)"}]. rand_plugin(Config) when is_list(Config) -> |