openpgp: Move random into the Backend trait.

7 files changed, 37 insertions, 31 deletions

diff --git a/openpgp/src/crypto/backend/botan.rs b/openpgp/src/crypto/backend/botan.rs
index 04951225..cf5e295e 100644
--- a/openpgp/src/crypto/backend/botan.rs
+++ b/openpgp/src/crypto/backend/botan.rs
@@ -14,12 +14,12 @@ impl super::interface::Backend for Backend {
     fn backend() -> String {
         "Botan".to_string()
     }
-}
 
-/// Fills the given buffer with random data.
-pub fn random(buf: &mut [u8]) {
-    let mut rng = botan::RandomNumberGenerator::new_system().unwrap();
-    rng.fill(buf).unwrap();
+    fn random(buf: &mut [u8]) -> crate::Result<()> {
+        let mut rng = botan::RandomNumberGenerator::new_system()?;
+        rng.fill(buf)?;
+        Ok(())
+    }
 }
 
 impl PublicKeyAlgorithm {
diff --git a/openpgp/src/crypto/backend/cng.rs b/openpgp/src/crypto/backend/cng.rs
index 96a4c2c0..d40b904b 100644
--- a/openpgp/src/crypto/backend/cng.rs
+++ b/openpgp/src/crypto/backend/cng.rs
@@ -17,13 +17,12 @@ impl super::interface::Backend for Backend {
         // XXX: can we include features and the version?
         "Windows CNG".to_string()
     }
-}
 
-/// Fills the given buffer with random data.
-pub fn random(buf: &mut [u8]) {
-    RandomNumberGenerator::system_preferred()
-        .gen_random(buf)
-        .expect("system-preferred RNG not to fail")
+    fn random(buf: &mut [u8]) -> crate::Result<()> {
+        RandomNumberGenerator::system_preferred()
+            .gen_random(buf)?;
+        Ok(())
+    }
 }
 
 impl PublicKeyAlgorithm {
diff --git a/openpgp/src/crypto/backend/interface.rs b/openpgp/src/crypto/backend/interface.rs
index d0c8ffff..f96e9a6c 100644
--- a/openpgp/src/crypto/backend/interface.rs
+++ b/openpgp/src/crypto/backend/interface.rs
@@ -1,5 +1,7 @@
 //! The crypto-backend abstraction.
 
+use crate::Result;
+
 /// Abstracts over the cryptographic backends.
 pub trait Backend {
     /// Returns a short, human-readable description of the backend.
@@ -8,4 +10,12 @@ pub trait Backend {
     /// and any optional features that are available.  This is meant
     /// for inclusion in version strings to improve bug reports.
     fn backend() -> String;
+
+    /// Fills the given buffer with random data.
+    ///
+    /// Fills the given buffer with random data produced by a
+    /// cryptographically secure pseudorandom number generator
+    /// (CSPRNG).  The output may be used as session keys or to derive
+    /// long-term cryptographic keys from.
+    fn random(buf: &mut [u8]) -> Result<()>;
 }
diff --git a/openpgp/src/crypto/backend/nettle.rs b/openpgp/src/crypto/backend/nettle.rs
index 0800540f..cf144f26 100644
--- a/openpgp/src/crypto/backend/nettle.rs
+++ b/openpgp/src/crypto/backend/nettle.rs
@@ -22,11 +22,11 @@ impl super::interface::Backend for Backend {
             nettle::aead::OCB_IS_SUPPORTED,
         )
     }
-}
 
-/// Fills the given buffer with random data.
-pub fn random(buf: &mut [u8]) {
-    Yarrow::default().random(buf);
+    fn random(buf: &mut [u8]) -> crate::Result<()> {
+        Yarrow::default().random(buf);
+        Ok(())
+    }
 }
 
 impl PublicKeyAlgorithm {
diff --git a/openpgp/src/crypto/backend/openssl.rs b/openpgp/src/crypto/backend/openssl.rs
index e4f73418..70d20de4 100644
--- a/openpgp/src/crypto/backend/openssl.rs
+++ b/openpgp/src/crypto/backend/openssl.rs
@@ -15,14 +15,11 @@ impl super::interface::Backend for Backend {
     fn backend() -> String {
         "OpenSSL".to_string()
     }
-}
 
-/// Fills the given buffer with random data.
-pub fn random(buf: &mut [u8]) {
-    // random is expected to always work or panic on wrong data.
-    // This is similar to what other backends do like CNG or Rust
-    // see: https://docs.rs/rand/latest/rand/trait.RngCore.html#tymethod.fill_bytes
-    openssl::rand::rand_bytes(buf).expect("rand_bytes to work");
+    fn random(buf: &mut [u8]) -> crate::Result<()> {
+        openssl::rand::rand_bytes(buf)?;
+        Ok(())
+    }
 }
 
 impl PublicKeyAlgorithm {
diff --git a/openpgp/src/crypto/backend/rust.rs b/openpgp/src/crypto/backend/rust.rs
index 2a057569..3a4d098a 100644
--- a/openpgp/src/crypto/backend/rust.rs
+++ b/openpgp/src/crypto/backend/rust.rs
@@ -19,6 +19,13 @@ impl super::interface::Backend for Backend {
         // XXX: can we include features and the version?
         "RustCrypto".to_string()
     }
+
+    fn random(buf: &mut [u8]) -> Result<()> {
+        use rand07::rngs::OsRng;
+        use rand07::RngCore;
+        OsRng.fill_bytes(buf);
+        Ok(())
+    }
 }
 
 trait GenericArrayExt<T, N: ArrayLength<T>> {
@@ -53,14 +60,6 @@ impl<T, N: ArrayLength<T>> GenericArrayExt<T, N> for GenericArray<T, N> {
     const LEN: usize = N::USIZE;
 }
 
-/// Fills the given buffer with random data.
-pub fn random(buf: &mut [u8]) {
-    use rand07::rngs::OsRng;
-    use rand07::RngCore;
-
-    OsRng.fill_bytes(buf)
-}
-
 impl PublicKeyAlgorithm {
     pub(crate) fn is_supported_by_backend(&self) -> bool {
         use PublicKeyAlgorithm::*;
diff --git a/openpgp/src/crypto/mod.rs b/openpgp/src/crypto/mod.rs
index 12527b70..30bf164b 100644
--- a/openpgp/src/crypto/mod.rs
+++ b/openpgp/src/crypto/mod.rs
@@ -63,7 +63,8 @@ pub fn backend() -> String {
 ///
 ///   [`SessionKey::new`]: crate::crypto::SessionKey::new()
 pub fn random<B: AsMut<[u8]>>(mut buf: B) {
-    backend::random(buf.as_mut());
+    use backend::interface::Backend;
+    backend::Backend::random(buf.as_mut()).unwrap();
 }
 
 /// Holds a session key.