# Generating Secure Random Numbers (C/C++)

<!--Kit: Crypto Architecture Kit-->
<!--Subsystem: Security-->
<!--Owner: @zxz--3-->
<!--Designer: @lanming-->
<!--Tester: @PAFT-->
<!--Adviser: @zengyawen-->

> **NOTE**
>
> Since API version 12, wearable devices support operations related to obtaining random numbers.

Random numbers are used to generate temporary session keys and asymmetric encryption algorithm keys. In encryption and decryption, a secure random number generator must feature randomness, unrepeatability, and unpredictability. The random numbers generated by the system meet the requirements of cryptography security pseudo-randomness.

You can call APIs to:

- Generate a secure random number of the specified length and use it to generate a key.

- Generate a series of random sequences based on a seed.

It will be helpful if you have basic knowledge of encryption and decryption and understand the following basic concepts:

- **Internal state**

  A value in the random number generator memory. The same internal state produces a random number of the same sequence.

- **Random seed**

  A number used to initialize the internal state of a pseudorandom number generator. The random number generator generates a series of random sequences based on the seeds.

  In the OpenSSL implementation, the internal state of the random number generator changes continuously. Therefore, the generated random number sequences are different even if the same seed is used.

## Supported Algorithms and Specifications

The random number generation algorithm uses the **RAND_priv_bytes** API of OpenSSL to generate secure random numbers.

| Algorithm| Length (Byte)|
| -------- | -------- |
| CTR_DRBG | [1, INT_MAX] |

## How to Develop

1. Call [OH_CryptoRand_Create](../../reference/apis-crypto-architecture-kit/capi-crypto-rand-h.md#oh_cryptorand_create) to create a random number generator.

2. (Optional) Call [OH_CryptoRand_SetSeed](../../reference/apis-crypto-architecture-kit/capi-crypto-rand-h.md#oh_cryptorand_setseed) to set a seed for the random number generator.

3. Call [OH_CryptoRand_GenerateRandom](../../reference/apis-crypto-architecture-kit/capi-crypto-rand-h.md#oh_cryptorand_generaterandom) to generate a secure random number of the given length. The length of the random number to generate ranges from **1** to **INT_MAX**, in bytes.

4. Call [OH_CryptoRand_GetAlgoName](../../reference/apis-crypto-architecture-kit/capi-crypto-rand-h.md#oh_cryptorand_getalgoname) to obtain the algorithm name used by the random number generator.

```C++
#include "CryptoArchitectureKit/crypto_architecture_kit.h"
#include <stdio.h>

static OH_Crypto_ErrCode doTestRandomNumber()
{
    // Create a random number generator.
    OH_CryptoRand *rand = nullptr;
    OH_Crypto_ErrCode ret = OH_CryptoRand_Create(&rand);
    if (ret != CRYPTO_SUCCESS) {
        return ret;
    }

    // (Optional) Set the random seed.
    uint8_t seedData[12] = {0x25, 0x65, 0x58, 0x89, 0x85, 0x55, 0x66, 0x77, 0x88, 0x99, 0x11, 0x22};
    Crypto_DataBlob seed = {
        .data = seedData,
        .len = sizeof(seedData)
    };
    ret = OH_CryptoRand_SetSeed(rand, &seed);
    if (ret != CRYPTO_SUCCESS) {
        OH_CryptoRand_Destroy(rand);
        return ret;
    }

    // Generate a random number of the given length.
    Crypto_DataBlob out = {0};
    uint32_t randomLength = 24; // Generate a 24-byte random number.
    ret = OH_CryptoRand_GenerateRandom(rand, randomLength, &out);
    if (ret != CRYPTO_SUCCESS) {
        OH_CryptoRand_Destroy(rand);
        return ret;
    }

    // Obtain and print the algorithm name of the random number generator.
    const char *algoName = OH_CryptoRand_GetAlgoName(rand);
    if (algoName != nullptr) {
        printf("Random number generator algorithm: %s\n", algoName);
    }

    printf("Generated random number length: %u\n", out.len);

    // Free resources.
    OH_Crypto_FreeDataBlob(&out);
    OH_CryptoRand_Destroy(rand);
    return CRYPTO_SUCCESS;
}
```