diff --git a/lib/std/crypto.zig b/lib/std/crypto.zig index 4c35a9e9aea2..c0a98fb972b2 100644 --- a/lib/std/crypto.zig +++ b/lib/std/crypto.zig @@ -113,7 +113,10 @@ pub const nacl = struct { }; const std = @import("std.zig"); -pub const randomBytes = std.os.getrandom; + +pub const random = struct { + pub const bytes = std.os.getrandom; +}; test "crypto" { inline for (std.meta.declarations(@This())) |decl| { diff --git a/lib/std/crypto/25519/ed25519.zig b/lib/std/crypto/25519/ed25519.zig index 842b08d70631..41c7ea8f56f2 100644 --- a/lib/std/crypto/25519/ed25519.zig +++ b/lib/std/crypto/25519/ed25519.zig @@ -43,7 +43,7 @@ pub const Ed25519 = struct { pub fn create(seed: ?[seed_length]u8) !KeyPair { const ss = seed orelse ss: { var random_seed: [seed_length]u8 = undefined; - try crypto.randomBytes(&random_seed); + try crypto.random.bytes(&random_seed); break :ss random_seed; }; var az: [Sha512.digest_length]u8 = undefined; @@ -179,7 +179,7 @@ pub const Ed25519 = struct { var z_batch: [count]Curve.scalar.CompressedScalar = undefined; for (z_batch) |*z| { - try std.crypto.randomBytes(z[0..16]); + try std.crypto.random.bytes(z[0..16]); mem.set(u8, z[16..], 0); } @@ -232,8 +232,8 @@ test "ed25519 batch verification" { const key_pair = try Ed25519.KeyPair.create(null); var msg1: [32]u8 = undefined; var msg2: [32]u8 = undefined; - try std.crypto.randomBytes(&msg1); - try std.crypto.randomBytes(&msg2); + try std.crypto.random.bytes(&msg1); + try std.crypto.random.bytes(&msg2); const sig1 = try Ed25519.sign(&msg1, key_pair, null); const sig2 = try Ed25519.sign(&msg2, key_pair, null); var signature_batch = [_]Ed25519.BatchElement{ diff --git a/lib/std/crypto/25519/edwards25519.zig b/lib/std/crypto/25519/edwards25519.zig index 74ea89a952aa..a8220c21e9b0 100644 --- a/lib/std/crypto/25519/edwards25519.zig +++ b/lib/std/crypto/25519/edwards25519.zig @@ -289,8 +289,8 @@ test "edwards25519 packing/unpacking" { test "edwards25519 point addition/substraction" { var s1: [32]u8 = undefined; var s2: [32]u8 = undefined; - try std.crypto.randomBytes(&s1); - try std.crypto.randomBytes(&s2); + try std.crypto.random.bytes(&s1); + try std.crypto.random.bytes(&s2); const p = try Edwards25519.basePoint.clampedMul(s1); const q = try Edwards25519.basePoint.clampedMul(s2); const r = p.add(q).add(q).sub(q).sub(q); diff --git a/lib/std/crypto/25519/x25519.zig b/lib/std/crypto/25519/x25519.zig index 17c2e84e65b2..1c39937b41a2 100644 --- a/lib/std/crypto/25519/x25519.zig +++ b/lib/std/crypto/25519/x25519.zig @@ -32,7 +32,7 @@ pub const X25519 = struct { pub fn create(seed: ?[seed_length]u8) !KeyPair { const sk = seed orelse sk: { var random_seed: [seed_length]u8 = undefined; - try crypto.randomBytes(&random_seed); + try crypto.random.bytes(&random_seed); break :sk random_seed; }; var kp: KeyPair = undefined; diff --git a/lib/std/crypto/bcrypt.zig b/lib/std/crypto/bcrypt.zig index 64d20595596a..d47b5a17a109 100644 --- a/lib/std/crypto/bcrypt.zig +++ b/lib/std/crypto/bcrypt.zig @@ -255,7 +255,7 @@ fn strHashInternal(password: []const u8, rounds_log: u6, salt: [salt_length]u8) /// and then use the resulting hash as the password parameter for bcrypt. pub fn strHash(password: []const u8, rounds_log: u6) ![hash_length]u8 { var salt: [salt_length]u8 = undefined; - try crypto.randomBytes(&salt); + try crypto.random.bytes(&salt); return strHashInternal(password, rounds_log, salt); } @@ -276,7 +276,7 @@ pub fn strVerify(h: [hash_length]u8, password: []const u8) BcryptError!void { test "bcrypt codec" { var salt: [salt_length]u8 = undefined; - try crypto.randomBytes(&salt); + try crypto.random.bytes(&salt); var salt_str: [salt_str_length]u8 = undefined; Codec.encode(salt_str[0..], salt[0..]); var salt2: [salt_length]u8 = undefined; diff --git a/lib/std/crypto/salsa20.zig b/lib/std/crypto/salsa20.zig index a07539bad505..fb8c012d0b28 100644 --- a/lib/std/crypto/salsa20.zig +++ b/lib/std/crypto/salsa20.zig @@ -382,9 +382,9 @@ test "xsalsa20poly1305" { var key: [XSalsa20Poly1305.key_length]u8 = undefined; var nonce: [XSalsa20Poly1305.nonce_length]u8 = undefined; var tag: [XSalsa20Poly1305.tag_length]u8 = undefined; - try crypto.randomBytes(&msg); - try crypto.randomBytes(&key); - try crypto.randomBytes(&nonce); + try crypto.random.bytes(&msg); + try crypto.random.bytes(&key); + try crypto.random.bytes(&nonce); XSalsa20Poly1305.encrypt(c[0..], &tag, msg[0..], "ad", nonce, key); try XSalsa20Poly1305.decrypt(msg2[0..], c[0..], tag, "ad", nonce, key); @@ -396,9 +396,9 @@ test "xsalsa20poly1305 secretbox" { var key: [XSalsa20Poly1305.key_length]u8 = undefined; var nonce: [box.nonce_length]u8 = undefined; var boxed: [msg.len + box.tag_length]u8 = undefined; - try crypto.randomBytes(&msg); - try crypto.randomBytes(&key); - try crypto.randomBytes(&nonce); + try crypto.random.bytes(&msg); + try crypto.random.bytes(&key); + try crypto.random.bytes(&nonce); secretBox.seal(boxed[0..], msg[0..], nonce, key); try secretBox.open(msg2[0..], boxed[0..], nonce, key); @@ -409,8 +409,8 @@ test "xsalsa20poly1305 box" { var msg2: [msg.len]u8 = undefined; var nonce: [box.nonce_length]u8 = undefined; var boxed: [msg.len + box.tag_length]u8 = undefined; - try crypto.randomBytes(&msg); - try crypto.randomBytes(&nonce); + try crypto.random.bytes(&msg); + try crypto.random.bytes(&nonce); var kp1 = try box.KeyPair.create(null); var kp2 = try box.KeyPair.create(null); @@ -422,7 +422,7 @@ test "xsalsa20poly1305 sealedbox" { var msg: [100]u8 = undefined; var msg2: [msg.len]u8 = undefined; var boxed: [msg.len + sealedBox.seal_length]u8 = undefined; - try crypto.randomBytes(&msg); + try crypto.random.bytes(&msg); var kp = try box.KeyPair.create(null); try sealedBox.seal(boxed[0..], msg[0..], kp.public_key); diff --git a/lib/std/fs.zig b/lib/std/fs.zig index 327faac0f53b..a42424ef0758 100644 --- a/lib/std/fs.zig +++ b/lib/std/fs.zig @@ -82,7 +82,7 @@ pub fn atomicSymLink(allocator: *Allocator, existing_path: []const u8, new_path: mem.copy(u8, tmp_path[0..], dirname); tmp_path[dirname.len] = path.sep; while (true) { - try crypto.randomBytes(rand_buf[0..]); + try crypto.random.bytes(rand_buf[0..]); base64_encoder.encode(tmp_path[dirname.len + 1 ..], &rand_buf); if (cwd().symLink(existing_path, tmp_path, .{})) { @@ -157,7 +157,7 @@ pub const AtomicFile = struct { tmp_path_buf[base64.Base64Encoder.calcSize(RANDOM_BYTES)] = 0; while (true) { - try crypto.randomBytes(rand_buf[0..]); + try crypto.random.bytes(rand_buf[0..]); base64_encoder.encode(&tmp_path_buf, &rand_buf); const file = dir.createFile( diff --git a/lib/std/rand.zig b/lib/std/rand.zig index 2c390ff41af0..11533bf576a5 100644 --- a/lib/std/rand.zig +++ b/lib/std/rand.zig @@ -4,13 +4,13 @@ // The MIT license requires this copyright notice to be included in all copies // and substantial portions of the software. -//! The engines provided here should be initialized from an external source. For now, randomBytes +//! The engines provided here should be initialized from an external source. For now, random.bytes //! from the crypto package is the most suitable. Be sure to use a CSPRNG when required, otherwise using //! a normal PRNG will be faster and use substantially less stack space. //! //! ``` //! var buf: [8]u8 = undefined; -//! try std.crypto.randomBytes(buf[0..]); +//! try std.crypto.random.bytes(buf[0..]); //! const seed = mem.readIntLittle(u64, buf[0..8]); //! //! var r = DefaultPrng.init(seed); @@ -752,7 +752,7 @@ pub const Gimli = struct { pub const secret_seed_length = 32; /// The seed must be uniform, secret and `secret_seed_length` bytes long. - /// It can be generated using `std.crypto.randomBytes()`. + /// It can be generated using `std.crypto.random.bytes()`. pub fn init(secret_seed: [secret_seed_length]u8) Gimli { var initial_state: [std.crypto.core.Gimli.BLOCKBYTES]u8 = undefined; mem.copy(u8, initial_state[0..secret_seed_length], &secret_seed); @@ -1147,7 +1147,7 @@ fn testRangeBias(r: *Random, start: i8, end: i8, biased: bool) void { test "CSPRNG" { var secret_seed: [DefaultCsprng.secret_seed_length]u8 = undefined; - try std.crypto.randomBytes(&secret_seed); + try std.crypto.random.bytes(&secret_seed); var csprng = DefaultCsprng.init(secret_seed); const a = csprng.random.int(u64); const b = csprng.random.int(u64); diff --git a/lib/std/testing.zig b/lib/std/testing.zig index 4b388adb679d..677561bd22b7 100644 --- a/lib/std/testing.zig +++ b/lib/std/testing.zig @@ -285,7 +285,7 @@ fn getCwdOrWasiPreopen() std.fs.Dir { pub fn tmpDir(opts: std.fs.Dir.OpenDirOptions) TmpDir { var random_bytes: [TmpDir.random_bytes_count]u8 = undefined; - std.crypto.randomBytes(&random_bytes) catch + std.crypto.random.bytes(&random_bytes) catch @panic("unable to make tmp dir for testing: unable to get random bytes"); var sub_path: [TmpDir.sub_path_len]u8 = undefined; std.fs.base64_encoder.encode(&sub_path, &random_bytes); diff --git a/src/main.zig b/src/main.zig index 8162bc46b620..d48b04c09b8d 100644 --- a/src/main.zig +++ b/src/main.zig @@ -1538,7 +1538,7 @@ fn buildOutputType( const random_seed = blk: { var random_seed: u64 = undefined; - try std.crypto.randomBytes(mem.asBytes(&random_seed)); + try std.crypto.random.bytes(mem.asBytes(&random_seed)); break :blk random_seed; }; var default_prng = std.rand.DefaultPrng.init(random_seed); @@ -2316,7 +2316,7 @@ pub fn cmdBuild(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !v }; const random_seed = blk: { var random_seed: u64 = undefined; - try std.crypto.randomBytes(mem.asBytes(&random_seed)); + try std.crypto.random.bytes(mem.asBytes(&random_seed)); break :blk random_seed; }; var default_prng = std.rand.DefaultPrng.init(random_seed); diff --git a/src/test.zig b/src/test.zig index c0ac56aa2d52..df60cfe23f04 100644 --- a/src/test.zig +++ b/src/test.zig @@ -424,7 +424,7 @@ pub const TestContext = struct { const random_seed = blk: { var random_seed: u64 = undefined; - try std.crypto.randomBytes(std.mem.asBytes(&random_seed)); + try std.crypto.random.bytes(std.mem.asBytes(&random_seed)); break :blk random_seed; }; var default_prng = std.rand.DefaultPrng.init(random_seed);