Line data Source code
1 : /*
2 : Unix SMB/CIFS implementation.
3 :
4 : Functions to create reasonable random numbers for crypto use.
5 :
6 : Copyright (C) Jeremy Allison 2001
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #include "replace.h"
23 : #include "lib/util/genrand.h"
24 :
25 : #include <gnutls/gnutls.h>
26 : #include <gnutls/crypto.h>
27 :
28 : /*
29 : * Details about the GnuTLS CSPRNG:
30 : *
31 : * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
32 : */
33 :
34 2656896 : _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
35 : {
36 : /* Random number generator for temporary keys. */
37 2656896 : gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
38 2656896 : }
39 :
40 39938 : _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
41 : {
42 : /*
43 : * Random number generator for long term keys.
44 : *
45 : * The key generator, will re-seed after a fixed amount of bytes is
46 : * generated (typically less than the nonce), and will also re-seed
47 : * based on time, i.e., after few hours of operation without reaching
48 : * the limit for a re-seed. For its re-seed it mixes mixes data obtained
49 : * from the OS random device with the previous key.
50 : */
51 39938 : gnutls_rnd(GNUTLS_RND_KEY, out, len);
52 39938 : }
53 :
54 54377 : _PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
55 : {
56 : /*
57 : * Random number generator for nonce and initialization vectors.
58 : *
59 : * The nonce generator will reseed after outputting a fixed amount of
60 : * bytes (typically few megabytes), or after few hours of operation
61 : * without reaching the limit has passed.
62 : */
63 54377 : gnutls_rnd(GNUTLS_RND_NONCE, out, len);
64 54377 : }
|