QuickCheck for randombytes

There are some new randombytes
functions. Implement these as EQC
properties.

CHANGELOG.md

@@ -9,9 +9,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 - Go through all calls and make them return streamlined exceptions if applicable.
   Pretty large change, but OTOH, this ought to happen before a 1.0 release as well.
-  - hash
   - kx
-  - randombytes
   - secret
   - sign
   - enacl_nif
@@ -79,6 +77,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Split Sign Public Key routines from the rest. Modernize the handling of contexts.
 - The multi-part generic hash routines now follow the structure of the crypto
   modules multi-part constructions in API and style.
+- The AEAD constructions have been streamlined so they follow the rules of libsodium
+  closer than before. In particular, some dead code has been removed as a result.
 
 ### Fixed
 - Fix a resource leak in generichash/sign init/update/final.

c_src/hash.c

@@ -2,6 +2,7 @@
 
 #include <erl_nif.h>
 
+#include "enacl.h"
 #include "hash.h"
 
 ERL_NIF_TERM enacl_crypto_shorthash_BYTES(ErlNifEnv *env, int argc,
@@ -28,7 +29,7 @@ ERL_NIF_TERM enacl_crypto_shorthash(ErlNifEnv *env, int argc,
   }
 
   if (!enif_alloc_binary(crypto_shorthash_BYTES, &a)) {
-    return enacl_error_tuple(env, "alloc_failed");
+    return enacl_internal_error(env);
   }
 
   crypto_shorthash(a.data, m.data, m.size, k.data);
@@ -54,9 +55,8 @@ ERL_NIF_TERM enacl_crypto_hash(ErlNifEnv *env, int argc,
 
 bad_arg:
   return enif_make_badarg(env);
-
 err:
-  ret = enacl_error_tuple(env, "alloc_failed");
+  ret = enacl_internal_error(env);
 done:
   return ret;
 }

eqc_test/enacl_eqc.erl

@@ -783,6 +783,25 @@ prop_crypto_hash_neq() ->
         enacl:hash(X) /= enacl:hash(Y)
     ).
 
+prop_crypto_shorthash_eq() ->
+  ?FORALL(X, g_iodata(),
+    case v_iodata(X) of
+      true -> equals(enacl:hash(X), enacl:hash(X));
+      false ->
+        try
+          enacl:hash(X),
+          false
+        catch
+          error:badarg -> true
+        end
+      end
+    ).
+
+prop_crypto_shorthash_neq() ->
+  ?FORALL({X, Y}, diff_pair(),
+    enacl:hash(X) /= enacl:hash(Y)
+  ).
+
 %% STRING COMPARISON
 %% -------------------------
 %% * verify_16/2,
@@ -842,7 +861,8 @@ prop_randombytes() ->
     ?FORALL(X, g_nat(),
         case is_nat(X) of
             true ->
-                is_binary(enacl:randombytes(X));
+              R = enacl:randombytes(X),
+              is_binary(R) andalso (byte_size(R) == X);
             false ->
                 try
                     enacl:randombytes(X),
@@ -853,6 +873,13 @@ prop_randombytes() ->
                 end
        end).
 
+prop_randombytes_uint32() ->
+  ?FORALL(_, return(x),
+    begin
+      V = enacl:randombytes_uint32(),
+      is_integer(V)
+    end).
+
 %% SCRAMBLING
 prop_scramble_block() ->
     ?FORALL({Block, Key}, {binary(16), eqc_gen:largebinary(32)},

src/enacl.erl

@@ -953,6 +953,10 @@ shorthash_size() ->
 %%
 %% Given a `Msg' and a `Key' produce a MAC/Authenticator for that message. The key can be reused for several such Msg/Authenticator pairs.
 %% An eavesdropper will not learn anything extra about the message structure.
+%%
+%% The intended use is to generate a random key and use it as a hash table or bloom filter function.
+%% This avoids an enemy their ability to predict where a collision would occur in the data structure,
+%% since they don't know the key.
 %% @end
 -spec shorthash(Msg, Key) -> Authenticator
     when

test/enacl_SUITE.erl

@@ -44,7 +44,8 @@ groups() ->
                      aead_chacha20poly1305_ietf,
                      pwhash,
                      sign,
-                     kx]},
+                     kx,
+                     randombytes]},
 
     [Neg, Pos].