Adding upstream version 2:4.20.0+dfsg.upstream/2%4.20.0+dfsg

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 87 insertions, 0 deletions

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
new file mode 100644
index 0000000..d0b49db
--- /dev/null
+++ b/lib/util/genrand.c
@@ -0,0 +1,87 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Functions to create reasonable random numbers for crypto use.
+
+   Copyright (C) Jeremy Allison 2001
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include "lib/util/fault.h"
+#include "lib/util/genrand.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+/*
+ * Details about the GnuTLS CSPRNG:
+ *
+ * https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
+ */
+
+
+_NORETURN_ static void genrand_panic(int err,
+				     const char *location,
+				     const char *func)
+{
+	char buf[200];
+	snprintf(buf, sizeof(buf),
+		 "%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n",
+		 location, func, gnutls_strerror_name(err), err);
+	smb_panic(buf);
+}
+
+
+_PUBLIC_ void generate_random_buffer(uint8_t *out, size_t len)
+{
+	/* Random number generator for temporary keys. */
+	int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
+	if (ret != 0) {
+		genrand_panic(ret, __location__, __func__);
+	}
+}
+
+_PUBLIC_ void generate_secret_buffer(uint8_t *out, size_t len)
+{
+	/*
+	 * Random number generator for long term keys.
+	 *
+	 * The key generator, will re-seed after a fixed amount of bytes is
+	 * generated (typically less than the nonce), and will also re-seed
+	 * based on time, i.e., after few hours of operation without reaching
+	 * the limit for a re-seed. For its re-seed it mixes data obtained
+	 * from the OS random device with the previous key.
+	 */
+	int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len);
+	if (ret != 0) {
+		genrand_panic(ret, __location__, __func__);
+	}
+}
+
+_PUBLIC_ void generate_nonce_buffer(uint8_t *out, size_t len)
+{
+	/*
+	 * Random number generator for nonce and initialization vectors.
+	 *
+	 * The nonce generator will reseed after outputting a fixed amount of
+	 * bytes (typically few megabytes), or after few hours of operation
+	 * without reaching the limit has passed.
+	 */
+	int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len);
+	if (ret != 0) {
+		genrand_panic(ret, __location__, __func__);
+	}
+}