lib:util: Add generate_nonce_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

2 files changed, 21 insertions, 2 deletions

diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index 55997c3dd55..76c2cb81962 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -25,8 +25,6 @@
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
 
-/* TODO: Add API for generating nonce or use gnutls_rnd directly everywhere. */
-
 _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
 {
 	/* Thread and fork safe random number generator for temporary keys. */
@@ -42,3 +40,13 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
 	/* Thread and fork safe random number generator for long term keys. */
 	gnutls_rnd(GNUTLS_RND_KEY, out, len);
 }
+
+_PUBLIC_ void generate_nonce_buffer(uint8_t *out, int len)
+{
+	/*
+	 * The nonce generator will reseed after outputting a fixed amount of
+	 * bytes (typically few megabytes), or after few hours of operation
+	 * without reaching the limit has passed.
+	 */
+	gnutls_rnd(GNUTLS_RND_NONCE, out, len);
+}
diff --git a/lib/util/genrand.h b/lib/util/genrand.h
index 899ce8badc0..5af23100596 100644
--- a/lib/util/genrand.h
+++ b/lib/util/genrand.h
@@ -28,3 +28,14 @@ void generate_random_buffer(uint8_t *out, int len);
  * Thread and fork safe random number generator for long term keys.
  */
 void generate_secret_buffer(uint8_t *out, int len);
+
+/**
+ * @brief Generate random values for a nonce buffer.
+ *
+ * This is also known as initialization vector.
+ *
+ * @param[in]  out  A pointer to the buffer to fill with random data.
+ *
+ * @param[in]  len  The size of the buffer to fill.
+ */
+void generate_nonce_buffer(uint8_t *out, int len);