Back
random-bytes (clj)
(source)function
(random-bytes numbytes)
(random-bytes numbytes sr)
Generate a byte array of specified length with random
bytes taken from secure random number generator.
This method should be used to generate a random
iv/salt or arbitrary length.
Examples
penpot/penpot
(ns app.rpc.commands.demo
"A demo specific mutations."
(:require
[app.common.exceptions :as ex]
[app.config :as cf]
[app.db :as db]
[app.loggers.audit :as audit]
[app.rpc :as-alias rpc]
[app.rpc.commands.auth :as auth]
[app.rpc.commands.profile :as profile]
[app.rpc.doc :as-alias doc]
[app.util.services :as sv]
[app.util.time :as dt]
[buddy.core.codecs :as bc]
[buddy.core.nonce :as bn]
[clojure.spec.alpha :as s]))
password (-> (bn/random-bytes 16)
(bc/bytes->b64u)
(bc/bytes->str))
funcool/buddy-core
(ns buddy.core.keys-tests
(:require [clojure.test :refer :all]
[buddy.core.codecs :refer :all]
[buddy.core.nonce :as nonce]
[buddy.core.bytes :as bytes]
[buddy.core.keys :as keys]))
(deftest key-wrapping-algorithms
(let [secret16 (nonce/random-bytes 16)
secret24 (nonce/random-bytes 24)
secret32 (nonce/random-bytes 32)
secret64 (nonce/random-bytes 64)
cek (nonce/random-bytes 32)
cek' (nonce/random-bytes 31)]
funcool/buddy-core
(ns buddy.core.crypto-tests
(:require [clojure.test :refer :all]
[clojure.pprint :refer :all]
[buddy.core.codecs :as codecs :refer :all]
[buddy.core.bytes :as bytes]
[buddy.core.keys :refer :all]
[buddy.core.nonce :as nonce]
[buddy.core.hash :as hash]
[buddy.core.crypto :as crypto]
[clojure.java.io :as io]))
(deftest low-level-api-tests
(let [key (nonce/random-bytes 32)
iv (nonce/random-bytes 16)
key (hex->bytes "0000000000000000000000000000000000000000000000000000000000000000")
iv16 (hex->bytes "00000000000000000000000000000000")
iv8 (hex->bytes "0011001100110011")
block16 (hex->bytes "000000000000000000000000000000AA")
block3 (hex->bytes "121314")
block6 (hex->bytes "221122112211")]
(deftest low-level-aead-mode-tests
(let [key (hex->bytes "0000000000000000000000000000000000000000000000000000000000000000")
data (nonce/random-bytes 256)
iv16 (nonce/random-bytes 16)
cipher (crypto/block-cipher :aes :gcm)]
(crypto/initialize! cipher {:iv iv16 :key key :op :encrypt})
(let [finalsize (crypto/get-output-size cipher (count data))]
(is (= finalsize 272)))
(let [output (byte-array 272)
offset (crypto/process-block! cipher data 0 output 0)
offset' (crypto/end! cipher output offset)]
(crypto/initialize! cipher {:iv iv16 :key key :op :decrypt})
(let [input output
finalsize (crypto/get-output-size cipher (count input))]
(is (= finalsize 256))
(let [output (byte-array 256)
offset (crypto/process-block! cipher input 0 output 0)
offset' (crypto/end! cipher output offset)]
(is (bytes/equals? output data)))))))
(deftest high-level-api-tests
(let [key64 (nonce/random-bytes 64)
key48 (nonce/random-bytes 48)
key32 (nonce/random-bytes 32)
key24 (nonce/random-bytes 24)
key16 (nonce/random-bytes 16)
iv12 (nonce/random-bytes 12)
iv16 (nonce/random-bytes 16)]
(testing "Encrypt and decript using :aes128-cbc-hmac-sha256."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key32 iv16)
decrypted (crypto/decrypt encrypted key32 iv16)]
(is (bytes/equals? decrypted data))))))
(testing "Encrypt and decript using :aes192-cbc-hmac-sha384."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key48 iv16 {:algorithm :aes192-cbc-hmac-sha384})
decrypted (crypto/decrypt encrypted key48 iv16 {:algorithm :aes192-cbc-hmac-sha384})]
(is (bytes/equals? decrypted data))))))
(testing "Encrypt and decript using :aes256-cbc-hmac-sha512."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key64 iv16 {:algorithm :aes256-cbc-hmac-sha512})
decrypted (crypto/decrypt encrypted key64 iv16 {:algorithm :aes256-cbc-hmac-sha512})]
(is (bytes/equals? decrypted data))))))
(testing "Encrypt and decript using :aes128-gcm."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key16 iv12 {:algorithm :aes128-gcm})
decrypted (crypto/decrypt encrypted key16 iv12 {:algorithm :aes128-gcm})]
(is (bytes/equals? decrypted data))))))
(testing "Encrypt and decript using :aes192-gcm."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key24 iv12 {:algorithm :aes192-gcm})
decrypted (crypto/decrypt encrypted key24 iv12 {:algorithm :aes192-gcm})]
(is (bytes/equals? decrypted data))))))
(testing "Encrypt and decript using :aes256-gcm."
(dotimes [i 50]
(doseq [i (range 1 100)]
(let [data (nonce/random-bytes i)
encrypted (crypto/encrypt data key32 iv12 {:algorithm :aes256-gcm})
decrypted (crypto/decrypt encrypted key32 iv12 {:algorithm :aes256-gcm})]
(is (bytes/equals? decrypted data))))))
))
funcool/buddy-core
(ns buddy.core.mac-tests
(:require [clojure.test :refer :all]
[buddy.core.codecs :as codecs :refer :all]
[buddy.core.bytes :as bytes]
[buddy.core.keys :refer :all]
[buddy.core.nonce :as nonce]
(deftest poly1305-tests
(let [plaintext "text"
iv (nonce/random-bytes 16) ;; IV required by poly1305
iv' (nonce/random-bytes 16)
key (nonce/random-bytes 32)] ;; KEY required by poly1305
funcool/buddy-sign
(ns buddy.sign.jwe-tests
(:require [clojure.test :refer :all]
[clojure.test.check.clojure-test :refer (defspec)]
[clojure.test.check.generators :as gen]
[clojure.test.check.properties :as props]
[clojure.string :as str]
[buddy.core.codecs :as codecs]
[buddy.core.crypto :as crypto]
[buddy.core.bytes :as bytes]
[buddy.core.nonce :as nonce]
[buddy.core.keys :as keys]
[buddy.sign.jwe :as jwe]
[buddy.sign.util :as util]))
(def data (codecs/to-bytes "test-data"))
(def key16 (nonce/random-bytes 16))
(def key24 (nonce/random-bytes 24))
(def key32 (nonce/random-bytes 32))
(def key32' (nonce/random-bytes 32))
(def key48 (nonce/random-bytes 48))
(def key64 (nonce/random-bytes 64))
(def rsa-privkey (keys/private-key "test/_files/privkey.3des.rsa.pem" "secret"))
(def rsa-pubkey (keys/public-key "test/_files/pubkey.3des.rsa.pem"))
(def ec-privkey (keys/private-key "test/_files/privkey.ecdsa.pem" "secret"))
(def ec-pubkey (keys/public-key "test/_files/pubkey.ecdsa.pem"))