From 5eae0dacf40ec60b09f0fdf761987e39320c4db0 Mon Sep 17 00:00:00 2001 From: Guilherme Andrade Date: Sat, 18 Mar 2017 17:32:23 +0000 Subject: No longer expose strong_rand_(range|float) --- lib/crypto/doc/src/crypto.xml | 40 ++------------------------------- lib/crypto/src/crypto.erl | 48 ++++++++++++++++++---------------------- lib/crypto/test/crypto_SUITE.erl | 40 --------------------------------- 3 files changed, 23 insertions(+), 105 deletions(-) (limited to 'lib/crypto') diff --git a/lib/crypto/doc/src/crypto.xml b/lib/crypto/doc/src/crypto.xml index 7a5bd62c26..36a1a2c2ee 100644 --- a/lib/crypto/doc/src/crypto.xml +++ b/lib/crypto/doc/src/crypto.xml @@ -660,10 +660,8 @@

Set the seed for PRNG to the given binary. This calls the RAND_seed function from openssl. Only use this if the system you are running on does not have enough "randomness" built in. - Normally this is when either - strong_rand_bytes/1, - strong_rand_range/1 or - strong_rand_float/0 + Normally this is when + strong_rand_bytes/1 throws low_entropy

@@ -732,40 +730,6 @@ - - strong_rand_range(N) -> binary() - Generate a random non-negative integer between 0 and N - - N = pos_integer() | binary() - - -

Generates a random non-negative integer uniformly distributed - in the value range - Uses a cryptographically secure prng seeded and periodically mixed with operating system - provided entropy. By default this is the BN_rand_range method from OpenSSL.

-

Returns binary representation.

-

May throw exception low_entropy in case the random generator - failed due to lack of secure "randomness".

-
-
- - - strong_rand_float() -> X - Generate a random floating point number between 0.0 and 1.0 - - X = float() - - -

Generates a random floating pointer number uniformly distributed - in the value range - Uses a cryptographically secure prng seeded and periodically mixed with operating system - provided entropy. By default this is the BN_rand_range method from OpenSSL.

-

May throw exception low_entropy in case the random generator - failed due to lack of secure "randomness".

-

The generated values shall present no more than 51 bits of effective entropy.

-
-
- rand_seed() -> rand:state() Strong random number generation plugin state> diff --git a/lib/crypto/src/crypto.erl b/lib/crypto/src/crypto.erl index 4ae7a9cdd6..ad9245f8f2 100644 --- a/lib/crypto/src/crypto.erl +++ b/lib/crypto/src/crypto.erl @@ -30,8 +30,6 @@ -export([hmac/3, hmac/4, hmac_init/2, hmac_update/2, hmac_final/1, hmac_final_n/2]). -export([cmac/3, cmac/4]). -export([exor/2, strong_rand_bytes/1, mod_pow/3]). --export([strong_rand_range/1]). --export([strong_rand_float/0]). -export([rand_seed/0]). -export([rand_seed_s/0]). -export([rand_uniform/2]). @@ -290,8 +288,6 @@ stream_decrypt(State, Data0) -> %% RAND - pseudo random numbers using RN_ and BN_ functions in crypto lib %% -spec strong_rand_bytes(non_neg_integer()) -> binary(). --spec strong_rand_range(pos_integer() | binary()) -> binary(). --spec strong_rand_float() -> float(). -spec rand_seed() -> rand:state(). -spec rand_seed_s() -> rand:state(). -spec rand_uniform(crypto_integer(), crypto_integer()) -> @@ -305,29 +301,6 @@ strong_rand_bytes(Bytes) -> strong_rand_bytes_nif(_Bytes) -> ?nif_stub. -strong_rand_range(Range) when is_integer(Range), Range > 0 -> - BinRange = int_to_bin(Range), - strong_rand_range(BinRange); -strong_rand_range(BinRange) when is_binary(BinRange) -> - case strong_rand_range_nif(BinRange) of - false -> - erlang:error(low_entropy); - <> -> - BinResult - end. -strong_rand_range_nif(_BinRange) -> ?nif_stub. - - -strong_rand_float() -> - % This could be optimized by having its own NIF - Sign = 0, % positive - Exponent = 1023, % on the interval [1.0, 2.0[ - BinFraction = strong_rand_range(1 bsl 52), % the whole interval above - Fraction = bin_to_int(BinFraction), - <> = <>, - Value - 1.0. - - rand_seed() -> rand:seed(rand_seed_s()). @@ -352,6 +325,27 @@ rand_plugin_uniform(Max, State) -> rand_plugin_jump(State) -> State. +strong_rand_range(Range) when is_integer(Range), Range > 0 -> + BinRange = int_to_bin(Range), + strong_rand_range(BinRange); +strong_rand_range(BinRange) when is_binary(BinRange) -> + case strong_rand_range_nif(BinRange) of + false -> + erlang:error(low_entropy); + <> -> + BinResult + end. +strong_rand_range_nif(_BinRange) -> ?nif_stub. + +strong_rand_float() -> + % This could be optimized by having its own NIF + Sign = 0, % positive + Exponent = 1023, % on the interval [1.0, 2.0[ + BinFraction = strong_rand_range(1 bsl 52), % the whole interval above + Fraction = bin_to_int(BinFraction), + <> = <>, + Value - 1.0. + rand_uniform(From,To) when is_binary(From), is_binary(To) -> case rand_uniform_nif(From,To) of diff --git a/lib/crypto/test/crypto_SUITE.erl b/lib/crypto/test/crypto_SUITE.erl index 482a07d634..1b7456af18 100644 --- a/lib/crypto/test/crypto_SUITE.erl +++ b/lib/crypto/test/crypto_SUITE.erl @@ -37,8 +37,6 @@ all() -> mod_pow, exor, rand_uniform, - strong_rand_range, - strong_rand_float, rand_plugin, rand_plugin_s ]. @@ -489,44 +487,6 @@ rand_uniform(Config) when is_list(Config) -> rand_uniform_aux_test(10), 10 = byte_size(crypto:strong_rand_bytes(10)). -%%-------------------------------------------------------------------- -strong_rand_range() -> - [{doc, "strong_rand_range testing"}]. -strong_rand_range(Config) when is_list(Config) -> - MaxCeiling = 1 bsl 32, - Ceilings = [1 | % edge case where only 0 can be generated - [binary:decode_unsigned(crypto:strong_rand_range(MaxCeiling), big) - || _ <- lists:seq(1, 99)]], - - allmap( - fun (Ceiling) -> - case Ceiling >= 0 andalso Ceiling < MaxCeiling of - false -> - {false, ct:fail({"Ceiling not in interval", Ceiling, 0, MaxCeiling})}; - true -> - Samples = [binary:decode_unsigned(crypto:strong_rand_range(Ceiling), big) - || _ <- lists:seq(1, 100)], - allmap( - fun (V) -> - (V >= 0 andalso V < Ceiling) - orelse {false, ct:fail({"Sample not in interval", V, 0, Ceiling})} - end, - Samples) - end - end, - Ceilings). - -strong_rand_float() -> - [{doc, "strong_rand_float testing"}]. -strong_rand_float(Config) when is_list(Config) -> - Samples = [crypto:strong_rand_float() || _ <- lists:seq(1, 10000)], - allmap( - fun (V) -> - (V >= 0.0 andalso V < 1.0) - orelse {false, ct:fail({"Not in interval", V, 0.0, 1.0})} - end, - Samples). - %%-------------------------------------------------------------------- rand_plugin() -> [{doc, "crypto rand plugin testing (implicit state / process dictionary)"}]. -- cgit v1.2.3