RSA Security 5 manual Bsafe procedures to use with algorithm object

AI_X931Random

A_X931_RANDOM_PARAMS structure otherwise.

BSAFE procedures to use with algorithm object:

B_RandomInit, B_RandomUpdate, and B_GenerateRandomBytes, and as the randomAlgorithm argument to other procedures.

Algorithm methods to include in application’s algorithm chooser:

AM_X931_RANDOM.

Notes

This AI is intended for use with AI_StrongKeyGen. When used with AI_StrongKeyGen, numberOfStreams must always be equal to 6.

Internal to this implementation, for numberOfStreams = 6, the entropy is divided as follows (for the purpose of this explanation, bits of entropy are bits that are unpredictable):

•Seeds 1, 2, 4, and 5 need only 101 bits, or 13 bytes, of entropy.

•Seeds 3 and 6 need one-half times the modulus length of entropy. Therefore, for example, for a modulus of 1024 bits, 64 bytes of entropy are necessary. For a modulus size of 1536 bits, 92 bytes of entropy are necessary, and for a modulus size of 2048 bits, 128 bytes of entropy are necessary.

Although seeds 1, 2, 4, and 5 only need 13 bytes (101 bits) of random seed, all 6 of the seeds take up the same amount of physical space in memory. For example, for the modulus size of 1536 bits, you will seed a buffer of 6 times 92 bytes in length, or 552 bytes. This buffer is then divided into 6 evenly distributed 92-byte fields. For fields 1, 2, 4, and 5 you only need to worry about placing 13 bytes of random seed information into them. For fields 3 and 6 you would need to fill all 92 bytes of memory with random seed data.

Although Crypto-C does some basic error checking, the quality of the application’s entropy is not measured fully by AI_X931Random, and it may be that no error is returned even if seed entropy is poor or if insufficient random streams are provided. The proper implementation of sufficient entropy sources is the responsibility of the application, and not of Crypto-C. If a hardware random number generator, such as the Intel Random Number Generator, is available, it would be a good source for a random seed. See the Intel Security Hardware User’s Guide for more information on using Crypto-C with the Intel RNG.