|
||
The purpose of the Random Number Generation API is the generation of cryptographically strong random numbers.
Several cryptographic applications rely upon the randomness, unpredictability and irreproducibility of the random number generator, such as:
one-time pads
key generation
random nonces
Initialization Vectors (IVs)
salts to be hashed with passwords
unique parameters in signing operations.
The RNG uses the RANROT algorithm seeded by random data available on the target hardware (for instance free running counters available on ARM processors).
In order to be fully compliant with DSS (Digital Signature Standard), applications using the cryptography library must supply a FIPS-186-2 CR 1 compliant random number generator. The library provides a mechanism for using such a random number generator if required.
The diagram below shows the main classes used in the RNG, which are
implemented in random.dll
. For information on each class see the
Cryptography API Reference material.
TRandom
TRandom
is a cryptographically stong random number
generator. Its declaration is:
class TRandom
{
public:
IMPORT_C static void RandomL(TDes8& aDestination);
};
Note: the function TRandom::Random()
which panics rather
than leaves when it cannot obtain a random number, is deprecated from v9.1
onwards.
TRandom::RandomL()
generates random bytes by first
connecting to the random number generation server (using
RRandomSession
). If the attempt to connect fails,
TRandom::RandomL()
leaves.
The server fills aDestination
with randomly generated
bytes up to its current length (not its maximum length). If this fails,
TRandom::RandomL()
leaves. If aDestination
is 1024 or
more bytes long, multiple calls are made to the server. Finally,
TRandom
closes the session.
TRandom
can be used like this:
HBufC8* rand = HBufC8::NewLC(5);
TPtr8 pRand=rand->Des();
pRand.SetLength(5);
TRandom::RandomL(pRand);
...
CleanupStack::PopAndDestroy(rand);
The diagram linked to below shows the inter-dependencies between
random.dll
and its clients:
From v9.5 random number generation is implemented by the
CryptoSpi::CRandom
class. To create a random number
generator, use the factory function
CryptoSpi::CRandomFactory::CreateRandomL()
or
CryptoSpi::CRandomFactory::CreateAsyncRandomL()
.