Commit fd9f4216 authored by Jesper Louis Andersen's avatar Jesper Louis Andersen
Browse files

Introduce `enacl:randombytes/1`.

parent 6d37abd7
...@@ -19,6 +19,16 @@ In addition, I would like to thank Steve Vinoski, Rickard Green, and Sverker Eri ...@@ -19,6 +19,16 @@ In addition, I would like to thank Steve Vinoski, Rickard Green, and Sverker Eri
# Versions # Versions
## v0.10.x
Ultra-late beta; tuning for the last couple of functions which could be nice to have. Added the function `randombytes/1` to obtain randombytes from the operating system. The system uses the "best" applicable (P)RNG on the target system:
* Windows: `RtlGenRandom()`
* OpenBSD, Bitrig: `arc4random()`
* Unix in general: `/dev/urandom`
Do note that on Linux and FreeBSD at the *least*, this is the best thing you can do. Relying on `/dev/random` is almost always wrong and gives no added security benefit. Key generation in NaCl relies on `/dev/urandom`. Go relies on `/dev/urandom`. It is about time Erlang does as well.
## v0.9.x ## v0.9.x
Ultra-late beta. Code probably works, but it requires some real-world use before it is deemed entirely stable. Ultra-late beta. Code probably works, but it requires some real-world use before it is deemed entirely stable.
......
...@@ -559,6 +559,25 @@ ERL_NIF_TERM enif_crypto_onetimeauth_verify(ErlNifEnv *env, int argc, ERL_NIF_TE ...@@ -559,6 +559,25 @@ ERL_NIF_TERM enif_crypto_onetimeauth_verify(ErlNifEnv *env, int argc, ERL_NIF_TE
} }
} }
static
ERL_NIF_TERM enif_randombytes(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[])
{
size_t req_size;
ErlNifBinary result;
if ((argc != 1) || (!enif_get_uint64(env, argv[0], &req_size))) {
return enif_make_badarg(env);
}
if (!enif_alloc_binary(req_size, &result)) {
return nacl_error_tuple(env, "alloc_failed");
}
randombytes(result.data, result.size);
return enif_make_binary(env, &result);
}
/* Tie the knot to the Erlang world */ /* Tie the knot to the Erlang world */
static ErlNifFunc nif_funcs[] = { static ErlNifFunc nif_funcs[] = {
{"crypto_box_NONCEBYTES", 0, enif_crypto_box_NONCEBYTES}, {"crypto_box_NONCEBYTES", 0, enif_crypto_box_NONCEBYTES},
...@@ -613,7 +632,10 @@ static ErlNifFunc nif_funcs[] = { ...@@ -613,7 +632,10 @@ static ErlNifFunc nif_funcs[] = {
{"crypto_hash_b", 1, enif_crypto_hash}, {"crypto_hash_b", 1, enif_crypto_hash},
{"crypto_hash", 1, enif_crypto_hash, ERL_NIF_DIRTY_JOB_CPU_BOUND}, {"crypto_hash", 1, enif_crypto_hash, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_verify_16", 2, enif_crypto_verify_16}, {"crypto_verify_16", 2, enif_crypto_verify_16},
{"crypto_verify_32", 2, enif_crypto_verify_32} {"crypto_verify_32", 2, enif_crypto_verify_32},
{"randombytes_b", 1, enif_randombytes},
{"randombytes", 1, enif_randombytes, ERL_NIF_DIRTY_JOB_CPU_BOUND}
}; };
......
{application, enacl, {application, enacl,
[ [
{description, "Erlang NaCl bindings"}, {description, "Erlang NaCl bindings"},
{vsn, "0.9.0"}, {vsn, "0.10.0"},
{registered, []}, {registered, []},
{applications, [kernel, stdlib]}, {applications, [kernel, stdlib]},
{env, []} {env, []}
......
...@@ -62,6 +62,11 @@ ...@@ -62,6 +62,11 @@
verify_32/2 verify_32/2
]). ]).
%% Libsodium specific functions (which are also part of the "undocumented" interface to NaCl
-export([
randombytes/1
]).
%% Other helper functions %% Other helper functions
-export([ -export([
reds/1 reds/1
...@@ -85,6 +90,8 @@ ...@@ -85,6 +90,8 @@
-define(AUTH_REDUCTIONS, 102 * 2). -define(AUTH_REDUCTIONS, 102 * 2).
-define(ONETIME_AUTH_SIZE, 128 * 1024). -define(ONETIME_AUTH_SIZE, 128 * 1024).
-define(ONETIME_AUTH_REDUCTIONS, 105 * 2). -define(ONETIME_AUTH_REDUCTIONS, 105 * 2).
-define(RANDOMBYTES_SIZE, 1024).
-define(RANDOMBYTES_REDUCTIONS, 200).
%% Count reductions and number of scheduler yields for Fun. Fun is assumed %% Count reductions and number of scheduler yields for Fun. Fun is assumed
%% to be one of the above exor variants. %% to be one of the above exor variants.
...@@ -481,6 +488,24 @@ onetime_auth_size() -> enacl_nif:crypto_onetimeauth_BYTES(). ...@@ -481,6 +488,24 @@ onetime_auth_size() -> enacl_nif:crypto_onetimeauth_BYTES().
-spec onetime_auth_key_size() -> pos_integer(). -spec onetime_auth_key_size() -> pos_integer().
onetime_auth_key_size() -> enacl_nif:crypto_onetimeauth_KEYBYTES(). onetime_auth_key_size() -> enacl_nif:crypto_onetimeauth_KEYBYTES().
%% Obtaining random bytes
%% @doc randombytes/1 produces a stream of random bytes of the given size
%% The security properties of the random stream are that of the libsodium library. Specifically,
%% we use:
%%
%% * RtlGenRandom() on Windows systems
%% * arc4random() on OpenBSD and Bitrig
%% * /dev/urandom on other Unix environments
%%
%% It is up to you to pick a system with a appropriately strong (P)RNG for your purpose. We refer
%% you to the underlying system implementations for random data.
%% @end
randombytes(N) when N =< ?RANDOMBYTES_SIZE ->
bump(enacl_nif:randombytes_b(N), ?RANDOMBYTES_REDUCTIONS, ?RANDOMBYTES_SIZE, N);
randombytes(N) ->
enacl_nif:randombytes(N).
%% Helpers %% Helpers
p_zerobytes() -> p_zerobytes() ->
binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()). binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()).
......
...@@ -72,6 +72,12 @@ ...@@ -72,6 +72,12 @@
crypto_verify_32/2 crypto_verify_32/2
]). ]).
%% Access to the RNG
-export([
randombytes/1,
randombytes_b/1
]).
-on_load(init/0). -on_load(init/0).
init() -> init() ->
...@@ -143,3 +149,7 @@ crypto_hash(Input) when is_binary(Input) -> not_loaded(). ...@@ -143,3 +149,7 @@ crypto_hash(Input) when is_binary(Input) -> not_loaded().
crypto_hash_b(Input) when is_binary(Input) -> not_loaded(). crypto_hash_b(Input) when is_binary(Input) -> not_loaded().
crypto_verify_16(_X, _Y) -> not_loaded(). crypto_verify_16(_X, _Y) -> not_loaded().
crypto_verify_32(_X, _Y) -> not_loaded(). crypto_verify_32(_X, _Y) -> not_loaded().
randombytes(_RequestedSize) -> not_loaded().
randombytes_b(_RequestedSize) -> not_loaded().
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment