Random number generator and seeding

This section describes the functions used to generate cryptographic random numbers. These functions are compliant with the ANSI and FIPS requirements for random number generators (RNGs).

Cryptographically secure random number generation is critical to most cryptographic operations. Using an inappropriate random number generator for cryptography can lead to the generation of predictable values, making it relatively easy to break the encryption.

The following code demonstrates how to properly initialize and seed the Security Builder Crypto GSE provider by calling hu_RegisterSystemSeed(), which uses a hardware-based source of randomness (for example, /dev/random and /dev/urandom).

/* Create global context. */
returnCode = hu_GlobalCtxCreateDefault(&sbCtx);
if (returnCode != SB_SUCCESS) {
    goto cleanup;
}
            
/* Register SB GSE functions. */
returnCode = hu_RegisterSbg56(sbCtx);
if (returnCode != SB_SUCCESS) {
    goto cleanup;
}
            
/* Register system seed. */
returnCode = hu_RegisterSystemSeed(sbCtx);
if (returnCode != SB_SUCCESS) {
    goto cleanup;
}
            
/* Initialize SB GSE. */
returnCode = hu_InitSbg56(sbCtx);
if (returnCode != SB_SUCCESS) {
    goto cleanup;
}
            
cleanup:
    /* Perform program cleanup as appropriate. */
          

Last modified: 2014-01-23



Got questions about leaving a comment? Get answers from our Disqus FAQ.

comments powered by Disqus