From fd9f421621250e3fd811e14a9c2ce352d760ee99 Mon Sep 17 00:00:00 2001
From: Jesper Louis Andersen <jesper.louis.andersen@gmail.com>
Date: Tue, 9 Dec 2014 00:33:55 +0100
Subject: [PATCH] Introduce `enacl:randombytes/1`.

---
 README.md         | 10 ++++++++++
 c_src/enacl_nif.c | 24 +++++++++++++++++++++++-
 src/enacl.app.src |  2 +-
 src/enacl.erl     | 25 +++++++++++++++++++++++++
 src/enacl_nif.erl | 10 ++++++++++
 5 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index df09c4f..3240775 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,16 @@ In addition, I would like to thank Steve Vinoski, Rickard Green, and Sverker Eri
 
 # Versions
 
+## v0.10.x
+
+Ultra-late beta; tuning for the last couple of functions which could be nice to have. Added the function `randombytes/1` to obtain randombytes from the operating system. The system uses the "best" applicable (P)RNG on the target system:
+
+* Windows: `RtlGenRandom()`
+* OpenBSD, Bitrig: `arc4random()`
+* Unix in general: `/dev/urandom`
+
+Do note that on Linux and FreeBSD at the *least*, this is the best thing you can do. Relying on `/dev/random` is almost always wrong and gives no added security benefit. Key generation in NaCl relies on `/dev/urandom`. Go relies on `/dev/urandom`. It is about time Erlang does as well.
+
 ## v0.9.x
 
 Ultra-late beta. Code probably works, but it requires some real-world use before it is deemed entirely stable.
diff --git a/c_src/enacl_nif.c b/c_src/enacl_nif.c
index 4b31333..8bbd417 100644
--- a/c_src/enacl_nif.c
+++ b/c_src/enacl_nif.c
@@ -559,6 +559,25 @@ ERL_NIF_TERM enif_crypto_onetimeauth_verify(ErlNifEnv *env, int argc, ERL_NIF_TE
 	}
 }
 
+static
+ERL_NIF_TERM enif_randombytes(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[])
+{
+	size_t req_size;
+	ErlNifBinary result;
+	
+	if ((argc != 1) || (!enif_get_uint64(env, argv[0], &req_size))) {
+		return enif_make_badarg(env);
+	}
+	
+	if (!enif_alloc_binary(req_size, &result)) {
+		return nacl_error_tuple(env, "alloc_failed");
+	}
+	
+	randombytes(result.data, result.size);
+	
+	return enif_make_binary(env, &result);
+}
+
 /* Tie the knot to the Erlang world */
 static ErlNifFunc nif_funcs[] = {
 	{"crypto_box_NONCEBYTES", 0, enif_crypto_box_NONCEBYTES},
@@ -613,7 +632,10 @@ static ErlNifFunc nif_funcs[] = {
 	{"crypto_hash_b", 1, enif_crypto_hash},
 	{"crypto_hash", 1, enif_crypto_hash, ERL_NIF_DIRTY_JOB_CPU_BOUND},
 	{"crypto_verify_16", 2, enif_crypto_verify_16},
-	{"crypto_verify_32", 2, enif_crypto_verify_32}
+	{"crypto_verify_32", 2, enif_crypto_verify_32},
+	
+	{"randombytes_b", 1, enif_randombytes},
+	{"randombytes", 1, enif_randombytes, ERL_NIF_DIRTY_JOB_CPU_BOUND}
 };
 
 
diff --git a/src/enacl.app.src b/src/enacl.app.src
index b1232a1..ef07dd9 100644
--- a/src/enacl.app.src
+++ b/src/enacl.app.src
@@ -1,7 +1,7 @@
 {application, enacl,
   [
     {description, "Erlang NaCl bindings"},
-    {vsn, "0.9.0"},
+    {vsn, "0.10.0"},
     {registered, []},
     {applications, [kernel, stdlib]},
     {env, []}
diff --git a/src/enacl.erl b/src/enacl.erl
index f09af10..279705a 100644
--- a/src/enacl.erl
+++ b/src/enacl.erl
@@ -62,6 +62,11 @@
 	verify_32/2
 ]).
 
+%% Libsodium specific functions (which are also part of the "undocumented" interface to NaCl
+-export([
+	randombytes/1
+]).
+
 %% Other helper functions
 -export([
 	reds/1
@@ -85,6 +90,8 @@
 -define(AUTH_REDUCTIONS, 102 * 2).
 -define(ONETIME_AUTH_SIZE, 128 * 1024).
 -define(ONETIME_AUTH_REDUCTIONS, 105 * 2).
+-define(RANDOMBYTES_SIZE, 1024).
+-define(RANDOMBYTES_REDUCTIONS, 200).
 
 %% Count reductions and number of scheduler yields for Fun. Fun is assumed
 %% to be one of the above exor variants.
@@ -481,6 +488,24 @@ onetime_auth_size() -> enacl_nif:crypto_onetimeauth_BYTES().
 -spec onetime_auth_key_size() -> pos_integer().
 onetime_auth_key_size() -> enacl_nif:crypto_onetimeauth_KEYBYTES().
 
+%% Obtaining random bytes
+
+%% @doc randombytes/1 produces a stream of random bytes of the given size
+%% The security properties of the random stream are that of the libsodium library. Specifically,
+%% we use:
+%%
+%% * RtlGenRandom() on Windows systems
+%% * arc4random() on OpenBSD and Bitrig
+%% * /dev/urandom on other Unix environments
+%%
+%% It is up to you to pick a system with a appropriately strong (P)RNG for your purpose. We refer
+%% you to the underlying system implementations for random data.
+%% @end
+randombytes(N) when N =< ?RANDOMBYTES_SIZE ->
+    bump(enacl_nif:randombytes_b(N), ?RANDOMBYTES_REDUCTIONS, ?RANDOMBYTES_SIZE, N);
+randombytes(N) ->
+    enacl_nif:randombytes(N).
+
 %% Helpers
 p_zerobytes() ->
 	binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()).
diff --git a/src/enacl_nif.erl b/src/enacl_nif.erl
index 286b289..9cb3e47 100644
--- a/src/enacl_nif.erl
+++ b/src/enacl_nif.erl
@@ -72,6 +72,12 @@
 	crypto_verify_32/2
 ]).
 
+%% Access to the RNG
+-export([
+	randombytes/1,
+	randombytes_b/1
+]).
+
 -on_load(init/0).
 
 init() ->
@@ -143,3 +149,7 @@ crypto_hash(Input) when is_binary(Input) -> not_loaded().
 crypto_hash_b(Input) when is_binary(Input) -> not_loaded().
 crypto_verify_16(_X, _Y) -> not_loaded().
 crypto_verify_32(_X, _Y) -> not_loaded().
+
+randombytes(_RequestedSize) -> not_loaded().
+randombytes_b(_RequestedSize) -> not_loaded().
+