2015-06-23 09:05:56 +02:00
/*
2003-08-13 01:53:07 +00:00
Unix SMB / CIFS implementation .
Functions to create reasonable random numbers for crypto use .
Copyright ( C ) Jeremy Allison 2001
2015-06-23 09:05:56 +02:00
2003-08-13 01:53:07 +00:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 02:07:03 +00:00
the Free Software Foundation ; either version 3 of the License , or
2003-08-13 01:53:07 +00:00
( at your option ) any later version .
2015-06-23 09:05:56 +02:00
2003-08-13 01:53:07 +00:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2015-06-23 09:05:56 +02:00
2003-08-13 01:53:07 +00:00
You should have received a copy of the GNU General Public License
2007-07-10 02:07:03 +00:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-08-13 01:53:07 +00:00
*/
2015-06-23 09:28:28 +02:00
# include "replace.h"
2019-08-05 00:10:53 +12:00
# include "lib/util/fault.h"
2015-06-23 09:28:28 +02:00
# include "lib/util/genrand.h"
2007-10-16 01:27:15 +02:00
2019-03-18 17:03:30 +01:00
# include <gnutls/gnutls.h>
# include <gnutls/crypto.h>
2007-10-16 01:27:15 +02:00
2019-07-31 15:38:50 +02:00
/*
* Details about the GnuTLS CSPRNG :
*
* https : //nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
*/
2019-08-05 00:10:53 +12:00
_NORETURN_ static void genrand_panic ( int err ,
const char * location ,
const char * func )
{
char buf [ 200 ] ;
snprintf ( buf , sizeof ( buf ) ,
" %s:%s: GnuTLS could not generate a random buffer: %s [%d] \n " ,
location , func , gnutls_strerror_name ( err ) , err ) ;
smb_panic ( buf ) ;
}
2023-05-03 10:32:28 +03:00
_PUBLIC_ void generate_random_buffer ( uint8_t * out , size_t len )
2003-08-13 01:53:07 +00:00
{
2019-08-12 16:10:20 +02:00
/* Random number generator for temporary keys. */
2019-08-05 00:10:53 +12:00
int ret = gnutls_rnd ( GNUTLS_RND_RANDOM , out , len ) ;
if ( ret ! = 0 ) {
genrand_panic ( ret , __location__ , __func__ ) ;
}
2003-08-13 01:53:07 +00:00
}
2023-05-03 10:32:28 +03:00
_PUBLIC_ void generate_secret_buffer ( uint8_t * out , size_t len )
2007-10-16 01:27:15 +02:00
{
2019-08-12 16:10:20 +02:00
/*
* Random number generator for long term keys .
*
* The key generator , will re - seed after a fixed amount of bytes is
2019-07-31 15:38:50 +02:00
* generated ( typically less than the nonce ) , and will also re - seed
* based on time , i . e . , after few hours of operation without reaching
2023-05-03 10:32:28 +03:00
* the limit for a re - seed . For its re - seed it mixes data obtained
2019-07-31 15:38:50 +02:00
* from the OS random device with the previous key .
*/
2019-08-05 00:10:53 +12:00
int ret = gnutls_rnd ( GNUTLS_RND_KEY , out , len ) ;
if ( ret ! = 0 ) {
genrand_panic ( ret , __location__ , __func__ ) ;
}
2007-10-16 01:27:15 +02:00
}
2019-07-31 15:16:37 +02:00
2023-05-03 10:32:28 +03:00
_PUBLIC_ void generate_nonce_buffer ( uint8_t * out , size_t len )
2019-07-31 15:16:37 +02:00
{
/*
2019-08-12 16:10:20 +02:00
* Random number generator for nonce and initialization vectors .
*
2019-07-31 15:16:37 +02:00
* The nonce generator will reseed after outputting a fixed amount of
* bytes ( typically few megabytes ) , or after few hours of operation
* without reaching the limit has passed .
*/
2019-08-05 00:10:53 +12:00
int ret = gnutls_rnd ( GNUTLS_RND_NONCE , out , len ) ;
if ( ret ! = 0 ) {
genrand_panic ( ret , __location__ , __func__ ) ;
}
2019-07-31 15:16:37 +02:00
}