diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-14 19:02:45 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-08-14 19:02:45 +0200 |
commit | 47dd345f3ab3f0152a046fc1211314d8a4f1b200 (patch) | |
tree | 0579bbd40290c7636f21580ac97f96f5d81eec12 | |
parent | eb067389c5d9b031e50b849b73a22b0a0aab7a09 (diff) | |
download | gnutls-47dd345f3ab3f0152a046fc1211314d8a4f1b200.tar.gz |
doc: mention the AES-DRBG random generator [ci skip]
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 5 | ||||
-rw-r--r-- | doc/cha-internals.texi | 19 |
2 files changed, 23 insertions, 1 deletions
@@ -17,6 +17,11 @@ See the end for copying conditions. Resolves gitlab issue #141. http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html +** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA. + The goal is to reduce code needed in cache (CHACHA is also used for TLS), + and the number of primitives used by the library. That does not affect the + AES-DRBG random generator used in FIPS140-2 mode. + ** libgnutls: Added support for RSA-PSS key type as well as signatures in certificates, and TLS key exchange. Contributed by Daiki Ueno. RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys, diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index 532057d51a..4cb3364d8c 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -527,7 +527,13 @@ For more information see @ref{Hardware security modules and abstract key types}. @node Random Number Generators-internals @section Random Number Generators -@subheading Inner workings +@subheading About the generators + +GnuTLS provides two random generators. The default, and the AES-DRBG random +generator which is only used when the library is compiled with support for +FIPS140-2 and the system is in FIPS140-2 mode. + +@subheading The default generator - inner workings The random number generator levels in @code{gnutls_rnd_level_t} map to two CHACHA-based random generators which are initially seeded using the OS random device, e.g., @code{/dev/urandom} @@ -575,6 +581,17 @@ a re-key of the PRNG using its own output, is additionally performed. That ensur the recovery of the PRNG state will not be sufficient to recover previously generated values. +@subheading The AES-DRBG generator - inner workings + +Similar with the default generator, the random number generator levels in @code{gnutls_rnd_level_t} map to two +AES-DRBG random generators which are initially seeded using the OS random device, +e.g., @code{/dev/urandom} or @code{getrandom()}. These random generators are +unique per thread, and are automatically re-seeded when a fork is detected. + +The AES-DRBG generator is based on the AES cipher in counter mode and is +re-seeded after a fixed amount of bytes are generated. + + @subheading Defense against PRNG attacks This section describes the counter-measures available in the Pseudo-random number generator (PRNG) |