1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
Unix SMB/CIFS implementation.
Functions to create reasonable random numbers for crypto use.
Copyright (C) Jeremy Allison 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "replace.h"
#include "lib/util/fault.h"
#include "lib/util/genrand.h"
#include <gnutls/gnutls.h>
#include <gnutls/crypto.h>
/*
* Details about the GnuTLS CSPRNG:
*
* https://nikmav.blogspot.com/2017/03/improving-by-simplifying-gnutls-prng.html
*/
_NORETURN_ static void genrand_panic(int err,
const char *location,
const char *func)
{
char buf[200];
snprintf(buf, sizeof(buf),
"%s:%s: GnuTLS could not generate a random buffer: %s [%d]\n",
location, func, gnutls_strerror_name(err), err);
smb_panic(buf);
}
_PUBLIC_ void generate_random_buffer(uint8_t *out, size_t len)
{
/* Random number generator for temporary keys. */
int ret = gnutls_rnd(GNUTLS_RND_RANDOM, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}
_PUBLIC_ void generate_secret_buffer(uint8_t *out, size_t len)
{
/*
* Random number generator for long term keys.
*
* The key generator, will re-seed after a fixed amount of bytes is
* generated (typically less than the nonce), and will also re-seed
* based on time, i.e., after few hours of operation without reaching
* the limit for a re-seed. For its re-seed it mixes data obtained
* from the OS random device with the previous key.
*/
int ret = gnutls_rnd(GNUTLS_RND_KEY, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}
_PUBLIC_ void generate_nonce_buffer(uint8_t *out, size_t len)
{
/*
* Random number generator for nonce and initialization vectors.
*
* The nonce generator will reseed after outputting a fixed amount of
* bytes (typically few megabytes), or after few hours of operation
* without reaching the limit has passed.
*/
int ret = gnutls_rnd(GNUTLS_RND_NONCE, out, len);
if (ret != 0) {
genrand_panic(ret, __location__, __func__);
}
}
|
