Next: , Previous: , Up: Using GnuTLS as a cryptographic library   [Contents][Index]

9.5 Random number generation

Access to the random number generator is provided using the gnutls_rnd function. It allows obtaining random data of various levels.

GNUTLS_RND_NONCE

Non-predictable random number. Fatal in parts of session if broken, i.e., vulnerable to statistical analysis.

GNUTLS_RND_RANDOM

Pseudo-random cryptographic random number. Fatal in session if broken. Example use: temporal keys.

GNUTLS_RND_KEY

Fatal in many sessions if broken. Example use: Long-term keys.

Figure 9.5: The random number levels.

Function: int gnutls_rnd (gnutls_rnd_level_t level, void * data, size_t len)

level: a security level

data: place to store random bytes

len: The requested size

This function will generate random data and store it to output buffer. The value of level should be one of GNUTLS_RND_NONCE , GNUTLS_RND_RANDOM and GNUTLS_RND_KEY . See the manual and gnutls_rnd_level_t for detailed information.

This function is thread-safe and also fork-safe.

Returns: Zero on success, or a negative error code on error.

Since: 2.12.0

See Random Number Generators-internals for more information on the random number generator operation.