lib:util: Add generate_nonce_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 55997c3dd5561ae162c453d4f99a7d61e0c4ae3a..76c2cb81962f21b8f0d7fb075760c3fd77b44c1c 100644 (file)
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -25,8 +25,6 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
-/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
-
 _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 {
        /* Thread and fork safe random number generator for temporary keys. */
@@ -42,3 +40,13 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
        /* Thread and fork safe random number generator for long term keys. */
        gnutls_rnd(GNUTLS_RND_KEY, out, len);
 }
+
+_PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
+{
+       /*
+        * The nonce generator will reseed after outputting a fixed amount of
+        * bytes (typically few megabytes), or after few hours of operation
+        * without reaching the limit has passed.
+        */
+       gnutls_rnd(GNUTLS_RND_NONCE, out, len);
+}

diff --git a/lib/util/genrand.h b/lib/util/genrand.h
index 899ce8badc0ee2b27eaa8dd48e2e970429694992..5af2310059647391d3e78ed59894b4ece89065ae 100644 (file)
--- a/lib/util/genrand.h
+++ b/lib/util/genrand.h
@@ -28,3 +28,14 @@ void generate_random_buffer(uint8_t *out, int len);
  * Thread and fork safe random number generator for long term keys.
  */
 void generate_secret_buffer(uint8_t *out, int len);
+
+/**
+ * @brief Generate random values for a nonce buffer.
+ *
+ * This is also known as initialization vector.
+ *
+ * @param[in]  out  A pointer to the buffer to fill with random data.
+ *
+ * @param[in]  len  The size of the buffer to fill.
+ */
+void generate_nonce_buffer(uint8_t *out, int len);