From f505644be64cd4844742b361a8ff411d70f4aa88 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Fri, 15 Apr 2011 15:49:42 +0200 Subject: Adds NIFs for cryptographically strong random number generation. Also adds documentation and unit tests. Thanks to Geoff Cant. --- lib/crypto/doc/src/crypto.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index c407350c47..087e9ac00c 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -614,6 +614,19 @@ Mpint() = >]]> number generator.

+ + strong_rand_bytes(N) -> binary() + Generate a binary of random bytes + + N = integer() + + +

Generates N bytes randomly uniform 0..255, and returns the + result in a binary. Uses a cryptographically secure prng seeded and + periodically mixed with operating system provided entropy. By default + this is the RAND_bytes method from OpenSSL.

+ + rand_uniform(Lo, Hi) -> N Generate a random number @@ -628,6 +641,29 @@ Mpint() = >]]> multi-precision integers.

 + + strong_rand_uniform(N, Top, Bottom) -> Mpint + Generate an N bit random number + + N = non_neg_integer() + Top = -1 | 0 | 1 + Bottom = 0 | 1 + Mpint = binary() + + +

Generate an N bit random number using OpenSSL's + cryptographically strong pseudo random number generator + BN_rand.

+

The parameter Top places constraints on the most + significant bits of the generated number. If Top is 1, then the + two most significant bits will be set to 1, if Top is 0, the + most significant bit will be 1, and if Top is -1 then no + constraints are applied and thus the generated number may be less than + N bits long.

+

If Bottom is 1, then the generated number is + constrained to be odd.

+ + mod_exp(N, P, M) -> Result Perform N ^ P mod M -- cgit v1.2.3 From afe36b58bb77012f94b19213ed9602c2eb9fd420 Mon Sep 17 00:00:00 2001 From: Niclas Eklund Date: Tue, 19 Apr 2011 13:35:29 +0200 Subject: Renamed the function strong_rand_uniform to strong_rand_mpint. Added some checks in crypto.erl and crypto.c. Changed ssh_bits to use strong_rand_mpint. --- lib/crypto/doc/src/crypto.xml | 8 ++++++-- lib/crypto/doc/src/notes.xml | 17 ++++++++++++++++- 2 files changed, 22 insertions(+), 3 deletions(-) (limited to 'lib/crypto/doc') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 087e9ac00c..dd40378f29 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -4,7 +4,7 @@
- 19992010 + 19992011 Ericsson AB. All Rights Reserved. @@ -625,6 +625,8 @@ Mpint() = >]]> result in a binary. Uses a cryptographically secure prng seeded and periodically mixed with operating system provided entropy. By default this is the RAND_bytes method from OpenSSL.

+

May throw exception low_entropy in case the random generator + failed due to lack of secure "randomness".

@@ -642,7 +644,7 @@ Mpint() = >]]> - strong_rand_uniform(N, Top, Bottom) -> Mpint + strong_rand_mpint(N, Top, Bottom) -> Mpint Generate an N bit random number N = non_neg_integer() @@ -662,6 +664,8 @@ Mpint() = >]]> N bits long.

If Bottom is 1, then the generated number is constrained to be odd.

+

May throw exception low_entropy in case the random generator + failed due to lack of secure "randomness".

 diff --git a/lib/crypto/doc/src/notes.xml b/lib/crypto/doc/src/notes.xml index 5e9bda3920..ab1ffa9e5c 100644 --- a/lib/crypto/doc/src/notes.xml +++ b/lib/crypto/doc/src/notes.xml @@ -4,7 +4,7 @@
- 19992010 + 19992011 Ericsson AB. All Rights Reserved. @@ -30,6 +30,21 @@

This document describes the changes made to the Crypto application.

+
Crypto 2.0.2.2 + +
Improvements and New Features + + +

+ Strengthened random number generation. (Thanks to Geoff Cant)

+

+ Own Id: OTP-9225

+ + +
+ +
+
Crypto 2.0.2.1
Improvements and New Features -- cgit v1.2.3