AI_X931Random
242 RSA BSAFE Crypto-C Library Reference Manual
A_X931_RANDOM_PARAMS structure otherwise.
BSAFE procedures to use with algorithm object:
B_RandomInit, B_RandomUpdate, and B_GenerateRandomBytes, and as the
randomAlgorithm
argument to other procedures.
Algorithm methods to include in application’s algorithm chooser:
AM_X931_RANDOM.
Notes
This AI is intended for use with AI_StrongKeyGen. When used with AI_StrongKeyGen,
numberOfStreams
must always be equal to 6.
Internal to this implementation, for
numberOfStreams
= 6, the entropy is divided as
follows (for the purpose of this explanation, bits of entropy are bits that are
unpredictable):
•
Seeds 1, 2, 4, and 5 need only 101 bits, or 13 bytes, of entropy.
•
Seeds 3 and 6 need one-half times the modulus length of entropy. Therefore, for
example, for a modulus of 1024 bits, 64 bytes of entropy are necessary. For a
modulus size of 1536 bits, 92 bytes of entropy are necessary, and for a modulus
size of 2048 bits, 128 bytes of entropy are necessary.
Although seeds 1, 2, 4, and 5 only need 13 bytes (101 bits) of random seed, all 6 of the
seeds take up the same amount of physical space in memory. For example, for the
modulus size of 1536 bits, you will seed a buffer of 6 times 92 bytes in length, or 552
bytes. This buffer is then divided into 6 evenly distributed 92-byte fields. For fields 1,
2, 4, and 5 you only need to worry about placing 13 bytes of random seed information
into them. For fields 3 and 6 you would need to fill all 92 bytes of memory with
random seed data.
Although Crypto-C does some basic error checking, the quality of the application’s
entropy is not measured fully by
AI_X931Random, and it may be that no error is
returned even if seed entropy is poor or if insufficient random streams are provided.
The proper implementation of sufficient entropy sources is
the responsibility of the
application
, and
not
of Crypto-C. If a hardware random number generator, such as the
Intel Random Number Generator, is available, it would be a good source for a
random seed. See the
Intel Security Hardware User’s Guide
for more information on
using Crypto-C with the Intel RNG.
