1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
use crate::UrandomError;

/// Read random bytes, using platform-provided randomness.
///
/// `dest` is completely filled with bytes that are expected to be a
/// cryptographically secure pseudo-random number in binary form.
///
/// In 2017, Linux manpage random(7) writes that "no cryptographic primitive
/// available today can hope to promise more than 256 bits of security". So it
/// might be questionable to pass a slice where `dest.len() > 32` to this
/// method.
///
/// # Examples
///
/// ```
/// # use spinoso_random::Error;
/// # fn example() -> Result<(), Error> {
/// let mut bytes = [0_u8; 32];
/// spinoso_random::urandom(&mut bytes)?;
/// assert!(!bytes.iter().all(|&b| b == 0));
/// # Ok(())
/// # }
/// # example().unwrap();
/// ```
///
/// # Errors
///
/// If the randomness feature provided by the platform is not present or failed
/// to completely fill `dest`, an error is returned. This error should be raised
/// as a [Ruby `RuntimeError`].
///
/// [Ruby `RuntimeError`]: https://ruby-doc.org/core-2.6.3/RuntimeError.html
pub fn urandom(dest: &mut [u8]) -> Result<(), UrandomError> {
    if getrandom::getrandom(dest).is_err() {
        return Err(UrandomError::new());
    }
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::urandom;

    #[test]
    fn read_random_bytes() {
        let mut buf_a = [0; 256];
        let mut buf_b = [0; 256];
        urandom(&mut buf_a).unwrap();
        urandom(&mut buf_b).unwrap();
        assert_ne!(buf_a, buf_b);
    }
}