Move crypto.randomBytes() to crypto.random.bytes()

lib/std/crypto.zig

@@ -113,7 +113,10 @@ pub const nacl = struct {
 };
 
 const std = @import("std.zig");
-pub const randomBytes = std.os.getrandom;
+
+pub const random = struct {
+    pub const bytes = std.os.getrandom;
+};
 
 test "crypto" {
     inline for (std.meta.declarations(@This())) |decl| {

lib/std/crypto/25519/ed25519.zig

@@ -43,7 +43,7 @@ pub const Ed25519 = struct {
         pub fn create(seed: ?[seed_length]u8) !KeyPair {
             const ss = seed orelse ss: {
                 var random_seed: [seed_length]u8 = undefined;
-                try crypto.randomBytes(&random_seed);
+                try crypto.random.bytes(&random_seed);
                 break :ss random_seed;
             };
             var az: [Sha512.digest_length]u8 = undefined;
@@ -179,7 +179,7 @@ pub const Ed25519 = struct {
 
         var z_batch: [count]Curve.scalar.CompressedScalar = undefined;
         for (z_batch) |*z| {
-            try std.crypto.randomBytes(z[0..16]);
+            try std.crypto.random.bytes(z[0..16]);
             mem.set(u8, z[16..], 0);
         }
 
@@ -232,8 +232,8 @@ test "ed25519 batch verification" {
         const key_pair = try Ed25519.KeyPair.create(null);
         var msg1: [32]u8 = undefined;
         var msg2: [32]u8 = undefined;
-        try std.crypto.randomBytes(&msg1);
-        try std.crypto.randomBytes(&msg2);
+        try std.crypto.random.bytes(&msg1);
+        try std.crypto.random.bytes(&msg2);
         const sig1 = try Ed25519.sign(&msg1, key_pair, null);
         const sig2 = try Ed25519.sign(&msg2, key_pair, null);
         var signature_batch = [_]Ed25519.BatchElement{

lib/std/crypto/25519/edwards25519.zig

@@ -289,8 +289,8 @@ test "edwards25519 packing/unpacking" {
 test "edwards25519 point addition/substraction" {
     var s1: [32]u8 = undefined;
     var s2: [32]u8 = undefined;
-    try std.crypto.randomBytes(&s1);
-    try std.crypto.randomBytes(&s2);
+    try std.crypto.random.bytes(&s1);
+    try std.crypto.random.bytes(&s2);
     const p = try Edwards25519.basePoint.clampedMul(s1);
     const q = try Edwards25519.basePoint.clampedMul(s2);
     const r = p.add(q).add(q).sub(q).sub(q);

lib/std/crypto/25519/x25519.zig

@@ -32,7 +32,7 @@ pub const X25519 = struct {
         pub fn create(seed: ?[seed_length]u8) !KeyPair {
             const sk = seed orelse sk: {
                 var random_seed: [seed_length]u8 = undefined;
-                try crypto.randomBytes(&random_seed);
+                try crypto.random.bytes(&random_seed);
                 break :sk random_seed;
             };
             var kp: KeyPair = undefined;

lib/std/crypto/bcrypt.zig

@@ -255,7 +255,7 @@ fn strHashInternal(password: []const u8, rounds_log: u6, salt: [salt_length]u8)
 /// and then use the resulting hash as the password parameter for bcrypt.
 pub fn strHash(password: []const u8, rounds_log: u6) ![hash_length]u8 {
     var salt: [salt_length]u8 = undefined;
-    try crypto.randomBytes(&salt);
+    try crypto.random.bytes(&salt);
     return strHashInternal(password, rounds_log, salt);
 }
 
@@ -276,7 +276,7 @@ pub fn strVerify(h: [hash_length]u8, password: []const u8) BcryptError!void {
 
 test "bcrypt codec" {
     var salt: [salt_length]u8 = undefined;
-    try crypto.randomBytes(&salt);
+    try crypto.random.bytes(&salt);
     var salt_str: [salt_str_length]u8 = undefined;
     Codec.encode(salt_str[0..], salt[0..]);
     var salt2: [salt_length]u8 = undefined;

lib/std/crypto/salsa20.zig

@@ -382,9 +382,9 @@ test "xsalsa20poly1305" {
     var key: [XSalsa20Poly1305.key_length]u8 = undefined;
     var nonce: [XSalsa20Poly1305.nonce_length]u8 = undefined;
     var tag: [XSalsa20Poly1305.tag_length]u8 = undefined;
-    try crypto.randomBytes(&msg);
-    try crypto.randomBytes(&key);
-    try crypto.randomBytes(&nonce);
+    try crypto.random.bytes(&msg);
+    try crypto.random.bytes(&key);
+    try crypto.random.bytes(&nonce);
 
     XSalsa20Poly1305.encrypt(c[0..], &tag, msg[0..], "ad", nonce, key);
     try XSalsa20Poly1305.decrypt(msg2[0..], c[0..], tag, "ad", nonce, key);
@@ -396,9 +396,9 @@ test "xsalsa20poly1305 secretbox" {
     var key: [XSalsa20Poly1305.key_length]u8 = undefined;
     var nonce: [box.nonce_length]u8 = undefined;
     var boxed: [msg.len + box.tag_length]u8 = undefined;
-    try crypto.randomBytes(&msg);
-    try crypto.randomBytes(&key);
-    try crypto.randomBytes(&nonce);
+    try crypto.random.bytes(&msg);
+    try crypto.random.bytes(&key);
+    try crypto.random.bytes(&nonce);
 
     secretBox.seal(boxed[0..], msg[0..], nonce, key);
     try secretBox.open(msg2[0..], boxed[0..], nonce, key);
@@ -409,8 +409,8 @@ test "xsalsa20poly1305 box" {
     var msg2: [msg.len]u8 = undefined;
     var nonce: [box.nonce_length]u8 = undefined;
     var boxed: [msg.len + box.tag_length]u8 = undefined;
-    try crypto.randomBytes(&msg);
-    try crypto.randomBytes(&nonce);
+    try crypto.random.bytes(&msg);
+    try crypto.random.bytes(&nonce);
 
     var kp1 = try box.KeyPair.create(null);
     var kp2 = try box.KeyPair.create(null);
@@ -422,7 +422,7 @@ test "xsalsa20poly1305 sealedbox" {
     var msg: [100]u8 = undefined;
     var msg2: [msg.len]u8 = undefined;
     var boxed: [msg.len + sealedBox.seal_length]u8 = undefined;
-    try crypto.randomBytes(&msg);
+    try crypto.random.bytes(&msg);
 
     var kp = try box.KeyPair.create(null);
     try sealedBox.seal(boxed[0..], msg[0..], kp.public_key);

lib/std/fs.zig

@@ -82,7 +82,7 @@ pub fn atomicSymLink(allocator: *Allocator, existing_path: []const u8, new_path:
     mem.copy(u8, tmp_path[0..], dirname);
     tmp_path[dirname.len] = path.sep;
     while (true) {
-        try crypto.randomBytes(rand_buf[0..]);
+        try crypto.random.bytes(rand_buf[0..]);
         base64_encoder.encode(tmp_path[dirname.len + 1 ..], &rand_buf);
 
         if (cwd().symLink(existing_path, tmp_path, .{})) {
@@ -157,7 +157,7 @@ pub const AtomicFile = struct {
         tmp_path_buf[base64.Base64Encoder.calcSize(RANDOM_BYTES)] = 0;
 
         while (true) {
-            try crypto.randomBytes(rand_buf[0..]);
+            try crypto.random.bytes(rand_buf[0..]);
             base64_encoder.encode(&tmp_path_buf, &rand_buf);
 
             const file = dir.createFile(

lib/std/rand.zig

@@ -4,13 +4,13 @@
 // The MIT license requires this copyright notice to be included in all copies
 // and substantial portions of the software.
 
-//! The engines provided here should be initialized from an external source. For now, randomBytes
+//! The engines provided here should be initialized from an external source. For now, random.bytes
 //! from the crypto package is the most suitable. Be sure to use a CSPRNG when required, otherwise using
 //! a normal PRNG will be faster and use substantially less stack space.
 //!
 //! ```
 //! var buf: [8]u8 = undefined;
-//! try std.crypto.randomBytes(buf[0..]);
+//! try std.crypto.random.bytes(buf[0..]);
 //! const seed = mem.readIntLittle(u64, buf[0..8]);
 //!
 //! var r = DefaultPrng.init(seed);
@@ -752,7 +752,7 @@ pub const Gimli = struct {
     pub const secret_seed_length = 32;
 
     /// The seed must be uniform, secret and `secret_seed_length` bytes long.
-    /// It can be generated using `std.crypto.randomBytes()`.
+    /// It can be generated using `std.crypto.random.bytes()`.
     pub fn init(secret_seed: [secret_seed_length]u8) Gimli {
         var initial_state: [std.crypto.core.Gimli.BLOCKBYTES]u8 = undefined;
         mem.copy(u8, initial_state[0..secret_seed_length], &secret_seed);
@@ -1147,7 +1147,7 @@ fn testRangeBias(r: *Random, start: i8, end: i8, biased: bool) void {
 
 test "CSPRNG" {
     var secret_seed: [DefaultCsprng.secret_seed_length]u8 = undefined;
-    try std.crypto.randomBytes(&secret_seed);
+    try std.crypto.random.bytes(&secret_seed);
     var csprng = DefaultCsprng.init(secret_seed);
     const a = csprng.random.int(u64);
     const b = csprng.random.int(u64);

lib/std/testing.zig

@@ -285,7 +285,7 @@ fn getCwdOrWasiPreopen() std.fs.Dir {
 
 pub fn tmpDir(opts: std.fs.Dir.OpenDirOptions) TmpDir {
     var random_bytes: [TmpDir.random_bytes_count]u8 = undefined;
-    std.crypto.randomBytes(&random_bytes) catch
+    std.crypto.random.bytes(&random_bytes) catch
         @panic("unable to make tmp dir for testing: unable to get random bytes");
     var sub_path: [TmpDir.sub_path_len]u8 = undefined;
     std.fs.base64_encoder.encode(&sub_path, &random_bytes);

src/main.zig

@@ -1538,7 +1538,7 @@ fn buildOutputType(
 
     const random_seed = blk: {
         var random_seed: u64 = undefined;
-        try std.crypto.randomBytes(mem.asBytes(&random_seed));
+        try std.crypto.random.bytes(mem.asBytes(&random_seed));
         break :blk random_seed;
     };
     var default_prng = std.rand.DefaultPrng.init(random_seed);
@@ -2316,7 +2316,7 @@ pub fn cmdBuild(gpa: *Allocator, arena: *Allocator, args: []const []const u8) !v
         };
         const random_seed = blk: {
             var random_seed: u64 = undefined;
-            try std.crypto.randomBytes(mem.asBytes(&random_seed));
+            try std.crypto.random.bytes(mem.asBytes(&random_seed));
             break :blk random_seed;
         };
         var default_prng = std.rand.DefaultPrng.init(random_seed);

src/test.zig

@@ -424,7 +424,7 @@ pub const TestContext = struct {
 
         const random_seed = blk: {
             var random_seed: u64 = undefined;
-            try std.crypto.randomBytes(std.mem.asBytes(&random_seed));
+            try std.crypto.random.bytes(std.mem.asBytes(&random_seed));
             break :blk random_seed;
         };
         var default_prng = std.rand.DefaultPrng.init(random_seed);

test/standalone/guess_number/main.zig

@@ -10,7 +10,7 @@ pub fn main() !void {
     try stdout.print("Welcome to the Guess Number Game in Zig.\n", .{});
 
     var seed_bytes: [@sizeOf(u64)]u8 = undefined;
-    std.crypto.randomBytes(seed_bytes[0..]) catch |err| {
+    std.crypto.random.bytes(seed_bytes[0..]) catch |err| {
         std.debug.warn("unable to seed random number generator: {}", .{err});
         return err;
     };