From f505644be64cd4844742b361a8ff411d70f4aa88 Mon Sep 17 00:00:00 2001
From: Niclas Eklund <nick@erlang.org>
Date: Fri, 15 Apr 2011 15:49:42 +0200
Subject: Adds NIFs for cryptographically strong random number generation. Also
 adds documentation and unit tests.

Thanks to Geoff Cant.
---
 lib/crypto/c_src/crypto.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)

(limited to 'lib/crypto/c_src/crypto.c')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index b8786f6f94..d4139f0dfa 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -134,7 +134,9 @@ static ERL_NIF_TERM des_ede3_cbc_crypt(ErlNifEnv* env, int argc, const ERL_NIF_T
 static ERL_NIF_TERM aes_cfb_128_crypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -204,7 +206,9 @@ static ErlNifFunc nif_funcs[] = {
     {"aes_ctr_encrypt", 3, aes_ctr_encrypt},
     {"aes_ctr_decrypt", 3, aes_ctr_encrypt},
     {"rand_bytes", 1, rand_bytes_1},
+    {"strong_rand_bytes_nif", 1, strong_rand_bytes_nif},
     {"rand_bytes", 3, rand_bytes_3},
+    {"strong_rand_uniform", 3, strong_rand_uniform_3},
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
@@ -704,6 +708,22 @@ static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
     ERL_VALGRIND_MAKE_MEM_DEFINED(data, bytes);
     return ret;
 }
+static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Bytes) */     
+    unsigned bytes;
+    unsigned char* data;
+    ERL_NIF_TERM ret;
+    if (!enif_get_uint(env, argv[0], &bytes)) {
+	return enif_make_badarg(env);
+    }
+    data = enif_make_new_binary(env, bytes, &ret);
+    if ( RAND_bytes(data, bytes) != 1) {
+        return atom_false;
+    }
+    ERL_VALGRIND_MAKE_MEM_DEFINED(data, bytes);
+    return ret;
+}
+
 static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Bytes, TopMask, BottomMask) */    
     unsigned bytes;
@@ -724,6 +744,46 @@ static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
     }
     return ret;
 }
+static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+{/* (Bytes, TopMask, BottomMask) */    
+    unsigned bits;
+    BIGNUM *bn_rand;
+    int top, bottom;
+    unsigned char* data;
+    unsigned dlen;
+    ERL_NIF_TERM ret;
+    if (!enif_get_uint(env, argv[0], &bits)
+	|| !enif_get_int(env, argv[1], &top)
+	|| !enif_get_int(env, argv[2], &bottom)) {
+	return enif_make_badarg(env);
+    }
+    if (! (top == -1 || top == 0 || top == 1) ) {
+        return enif_make_badarg(env);
+    }
+    if (! (bottom == 0 || bottom == 1) ) {
+        return enif_make_badarg(env);
+    }
+
+    bn_rand = BN_new();
+    if (! bn_rand ) {
+        return enif_make_badarg(env);
+    }
+
+    /* Get a (bits) bit random number */
+    if (! BN_rand(bn_rand, bits, top, bottom) ) {
+        return enif_make_badarg(env);
+    }
+
+    /* Copy the bignum into an erlang mpint binary. */
+    dlen = BN_num_bytes(bn_rand);
+    data = enif_make_new_binary(env, dlen+4, &ret);
+    put_int32(data, dlen);
+    BN_bn2bin(bn_rand, data+4);
+    ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
+    BN_free(bn_rand);
+
+    return ret;
+}
 
 static int get_bn_from_mpint(ErlNifEnv* env, ERL_NIF_TERM term, BIGNUM** bnp)
 {
-- 
cgit v1.2.3


From afe36b58bb77012f94b19213ed9602c2eb9fd420 Mon Sep 17 00:00:00 2001
From: Niclas Eklund <nick@erlang.org>
Date: Tue, 19 Apr 2011 13:35:29 +0200
Subject: Renamed the function strong_rand_uniform to strong_rand_mpint. Added
 some checks in crypto.erl and crypto.c. Changed ssh_bits to use
 strong_rand_mpint.

---
 lib/crypto/c_src/crypto.c | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

(limited to 'lib/crypto/c_src/crypto.c')

diff --git a/lib/crypto/c_src/crypto.c b/lib/crypto/c_src/crypto.c
index d4139f0dfa..3ebf62d87c 100644
--- a/lib/crypto/c_src/crypto.c
+++ b/lib/crypto/c_src/crypto.c
@@ -136,7 +136,7 @@ static ERL_NIF_TERM aes_ctr_encrypt(ErlNifEnv* env, int argc, const ERL_NIF_TERM
 static ERL_NIF_TERM rand_bytes_1(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM strong_rand_bytes_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
-static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
+static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM rand_uniform_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM mod_exp_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
 static ERL_NIF_TERM dss_verify(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[]);
@@ -208,7 +208,7 @@ static ErlNifFunc nif_funcs[] = {
     {"rand_bytes", 1, rand_bytes_1},
     {"strong_rand_bytes_nif", 1, strong_rand_bytes_nif},
     {"rand_bytes", 3, rand_bytes_3},
-    {"strong_rand_uniform", 3, strong_rand_uniform_3},
+    {"strong_rand_mpint_nif", 3, strong_rand_mpint_nif},
     {"rand_uniform_nif", 2, rand_uniform_nif},
     {"mod_exp_nif", 3, mod_exp_nif},
     {"dss_verify", 4, dss_verify},
@@ -744,7 +744,7 @@ static ERL_NIF_TERM rand_bytes_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM ar
     }
     return ret;
 }
-static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
+static ERL_NIF_TERM strong_rand_mpint_nif(ErlNifEnv* env, int argc, const ERL_NIF_TERM argv[])
 {/* (Bytes, TopMask, BottomMask) */    
     unsigned bits;
     BIGNUM *bn_rand;
@@ -770,16 +770,17 @@ static ERL_NIF_TERM strong_rand_uniform_3(ErlNifEnv* env, int argc, const ERL_NI
     }
 
     /* Get a (bits) bit random number */
-    if (! BN_rand(bn_rand, bits, top, bottom) ) {
-        return enif_make_badarg(env);
+    if (!BN_rand(bn_rand, bits, top, bottom)) {
+        ret = atom_false;
+    }
+    else {
+	/* Copy the bignum into an erlang mpint binary. */
+	dlen = BN_num_bytes(bn_rand);
+	data = enif_make_new_binary(env, dlen+4, &ret);
+	put_int32(data, dlen);
+	BN_bn2bin(bn_rand, data+4);
+	ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
     }
-
-    /* Copy the bignum into an erlang mpint binary. */
-    dlen = BN_num_bytes(bn_rand);
-    data = enif_make_new_binary(env, dlen+4, &ret);
-    put_int32(data, dlen);
-    BN_bn2bin(bn_rand, data+4);
-    ERL_VALGRIND_MAKE_MEM_DEFINED(data+4, dlen);
     BN_free(bn_rand);
 
     return ret;
-- 
cgit v1.2.3