From 3ae08ed509dbf1af80798447863c7b245be1e1b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <olivier.cheron@gmail.com>
Date: Sun, 25 Aug 2019 16:38:08 +0200
Subject: [PATCH] Add API to generate a random nonce

This AEAD scheme is compatible with choosing the nonce randomly.
---
 Crypto/Cipher/AESGCMSIV.hs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Crypto/Cipher/AESGCMSIV.hs b/Crypto/Cipher/AESGCMSIV.hs
index 81a8c76..d29211a 100644
--- a/Crypto/Cipher/AESGCMSIV.hs
+++ b/Crypto/Cipher/AESGCMSIV.hs
@@ -21,6 +21,7 @@
 module Crypto.Cipher.AESGCMSIV
     ( Nonce
     , nonce
+    , generateNonce
     , encrypt
     , decrypt
     ) where
@@ -42,6 +43,7 @@ import Crypto.Cipher.AES.Primitive
 import Crypto.Cipher.Types
 import Crypto.Error
 import Crypto.Internal.Compat (unsafeDoIO)
+import Crypto.Random
 
 
 -- 12-byte nonces
@@ -55,6 +57,10 @@ nonce iv
     | B.length iv == 12 = CryptoPassed (Nonce $ B.convert iv)
     | otherwise         = CryptoFailed CryptoError_IvSizeInvalid
 
+-- | Generate a random nonce for use with AES-GCM-SIV.
+generateNonce :: MonadRandom m => m Nonce
+generateNonce = Nonce <$> getRandomBytes 12
+
 
 -- POLYVAL (mutable context)