From 4f5791ebd03eaec1c7da0865a383175b05102712 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 5 May 2024 19:47:29 +0200 Subject: Adding upstream version 2:4.17.12+dfsg. Signed-off-by: Daniel Baumann --- lib/util/genrand.c | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 lib/util/genrand.c (limited to 'lib/util/genrand.c') diff --git a/lib/util/genrand.c b/lib/util/genrand.c new file mode 100644 index 0000000..fd6f457 --- /dev/null +++ b/lib/util/genrand.c @@ -0,0 +1,87 @@ +/* + Unix SMB/CIFS implementation. + + Functions to create reasonable random numbers for crypto use. + + Copyright (C) Jeremy Allison 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "replace.h" +#include "lib/util/fault.h" +#include "lib/util/genrand.h" + +#include +#include + +/* + * Details about the GnuTLS CSPRNG: + * + * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html + */ + + +_NORETURN_ static void genrand_panic(int err, + const char *location, + const char *func) +{ + char buf[200]; + snprintf(buf, sizeof(buf), + "%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n", + location, func, gnutls_strerror_name(err), err); + smb_panic(buf); +} + + +_PUBLIC_ void generate_random_buffer(uint8_t *out, int len) +{ + /* Random number generator for temporary keys. */ + int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len); + if (ret != 0) { + genrand_panic(ret, __location__, __func__); + } +} + +_PUBLIC_ void generate_secret_buffer(uint8_t *out, int len) +{ + /* + * Random number generator for long term keys. + * + * The key generator, will re-seed after a fixed amount of bytes is + * generated (typically less than the nonce), and will also re-seed + * based on time, i.e., after few hours of operation without reaching + * the limit for a re-seed. For its re-seed it mixes mixes data obtained + * from the OS random device with the previous key. + */ + int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len); + if (ret != 0) { + genrand_panic(ret, __location__, __func__); + } +} + +_PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len) +{ + /* + * Random number generator for nonce and initialization vectors. + * + * The nonce generator will reseed after outputting a fixed amount of + * bytes (typically few megabytes), or after few hours of operation + * without reaching the limit has passed. + */ + int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len); + if (ret != 0) { + genrand_panic(ret, __location__, __func__); + } +} -- cgit v1.2.3