summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@gnutls.org>2017-08-14 19:02:45 +0200
committerNikos Mavrogiannopoulos <nmav@gnutls.org>2017-08-14 19:02:45 +0200
commit47dd345f3ab3f0152a046fc1211314d8a4f1b200 (patch)
tree0579bbd40290c7636f21580ac97f96f5d81eec12 /doc
parenteb067389c5d9b031e50b849b73a22b0a0aab7a09 (diff)
downloadgnutls-47dd345f3ab3f0152a046fc1211314d8a4f1b200.tar.gz
doc: mention the AES-DRBG random generator [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/cha-internals.texi19
1 files changed, 18 insertions, 1 deletions
diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi
index 532057d51a..4cb3364d8c 100644
--- a/doc/cha-internals.texi
+++ b/doc/cha-internals.texi
@@ -527,7 +527,13 @@ For more information see @ref{Hardware security modules and abstract key types}.
@node Random Number Generators-internals
@section Random Number Generators
-@subheading Inner workings
+@subheading About the generators
+
+GnuTLS provides two random generators. The default, and the AES-DRBG random
+generator which is only used when the library is compiled with support for
+FIPS140-2 and the system is in FIPS140-2 mode.
+
+@subheading The default generator - inner workings
The random number generator levels in @code{gnutls_rnd_level_t} map to two CHACHA-based random generators which
are initially seeded using the OS random device, e.g., @code{/dev/urandom}
@@ -575,6 +581,17 @@ a re-key of the PRNG using its own output, is additionally performed. That ensur
the recovery of the PRNG state will not be sufficient to recover previously generated values.
+@subheading The AES-DRBG generator - inner workings
+
+Similar with the default generator, the random number generator levels in @code{gnutls_rnd_level_t} map to two
+AES-DRBG random generators which are initially seeded using the OS random device,
+e.g., @code{/dev/urandom} or @code{getrandom()}. These random generators are
+unique per thread, and are automatically re-seeded when a fork is detected.
+
+The AES-DRBG generator is based on the AES cipher in counter mode and is
+re-seeded after a fixed amount of bytes are generated.
+
+
@subheading Defense against PRNG attacks
This section describes the counter-measures available in the Pseudo-random number generator (PRNG)