[gnutls-dev] Re: Feature request: not really random session keys
Florian Weimer
fw at deneb.enyo.de
Wed Jan 18 14:30:39 CET 2006
* Simon Josefsson:
> Perhaps someone with this problem could debug exactly what is
> accessing /dev/random?
Okay, I'll try to get a backtrace. In the meantime, here's what I
found by looking at the source code.
The RSA-based authentication function generates a session key only on
the client side (lib/auth_rsa.c, _gnutls_gen_rsa_client_kx):
if (gc_pseudo_random(session->key->key.data,
session->key->key.size) != GC_OK) {
gnutls_assert();
return GNUTLS_E_RANDOM_FAILED;
}
gc_pseudo_random (in gl/gc-libgcrypt.c) looks like this:
gc_pseudo_random (char *data, size_t datalen)
{
gcry_randomize ((unsigned char *) data, datalen, GCRY_STRONG_RANDOM);
return GC_OK;
}
The various DH implementations seem to end up calling
gnutls_calc_dh_secret in lib/gnutls_dh.c:
do {
_gnutls_mpi_randomize(x, (x_size / 8) * 8, GCRY_STRONG_RANDOM);
/* Check whether x is zero.
*/
} while( _gnutls_mpi_cmp_ui( x, 0)==0);
_gnutls_mpi_randomize is actually gcry_mpi_randomize. If I read the
libgcrypt source correctly GCRY_STRONG_RANDOM maps to level 2, and
this means that a corresponding number of bits has to be read from
/dev/random.
More information about the Gnutls-dev
mailing list