37.3.4.13 Get Random Number

Purpose

The purpose of this command is to provide the user with a source of entropy. The options available for this service are:

  • Generation of random numbers from a Hardware Random Number Generator (TRNG).
  • Generation of random numbers from a Deterministic Random Number Generator (DRNG).
Important:

When using this service, be sure to strictly follow the directives given for the RNG on the chip you use (particularly initialization, seeding) and compulsorily start the RNG. If the directives require not to use this service, follow them and use the proposed method to get random numbers.

This service only has the option to get random numbers and does not seed, initialize or start the RNG. Other options are reserved for future use.

Neither continuous testing nor entropy testing is included in this service. If this is needed (FIPS 140, ZKA, ...), this service must not be used and the users develops their own command.

The DRNG is compatible with both ANSI X9.31 and FIPS 186-2 standards (see the important note below). The DRNG is designed according to:

  • The algorithm described in the document ANSI Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) X9.31 dated September 9, 1998.
  • The Change recommendation for ANSI X9.0 - 1995 (Part 1) and ANSI X9.31 -1998:

The algorithm B.2.1 Algorithm for computing m Values of x is the one applied in the Toolbox 3 X9.31 DRNG. The DRNG is compatible with:

  • The DRNG is described in the document NIST Digital Signature Standard (DSS) FIPS Pub 186-2 January 27, 2000 Appendix 3.1
  • The FIPS 186-2 Change Notice 1 dated October 5, 2001 modifies this algorithm.
Important: To apply the FIPS 186-2 algorithm, the parameters XSeed[0] and XSeed[1] must be set to the same value.

How to Use the Service

Description

This service has four possible options described in Table 37-41. Two of these options are reserved for future use. This service performs the following operations:

  • Generation of a random number from the Hardware RNG
  • Generation of a random number from the Deterministic RNG

Generation of a Random Number from the Hardware RNG

This service, activated with the option PUKCL_RNG_GET, makes it possible to get a random number R from the Hardware RNG:

R = HardwareRandomGenerate()

In the Generation of random from the RNG service, the following parameters need to be provided:

  • R the generated number area (pointed by{nu1RBase,u2RLength})

Generation of a Random Number from the Deterministic RNG

This service, activated with the option PUKCL_RNG_X931_GET, makes it possible to get a random number R from the Deterministic Random Number Generator with input parameters the Key XKey and the Seed XSeed:

(XKey, R) = DeterministicRandomGenerateFromSeed ( XKey, XSeed, Q)

In the generation of a random number from the Deterministic RNG service, the following parameters need to be provided:

  • XKey the input and output Key (pointed by {nu1XKeyBase,u2XKeyLength})
  • XSeed the input Seed (pointed by {nu1XseedBase,u2XKeyLength})
  • Q the prime number (pointed by {nu1QBase, 20bytes})
  • R the generated number area (pointed by {nu1RBase, 20bytes})

Hardware RNG Parameters Definition

The parameters for the generation of random from the Hardware RNG are described in the following table. This service can easily be accessed through the use of the PUKCL_Rng() and PUKCL() macros.

Table 37-39. RNG Service Hardware Generated Parameters
Parameter Type Dir. Location Data Length Before Executing the Service After Executing the Service
u2Options u2 I Option (see Table 37-41) Option (see Table 37-41)
nu1RBase nu1 I Crypto RAM or Device RAM u2RLength Base of R Base of R filled with random values depending on the option
u2RLength u2 I Length of R Length of R

Deterministic RNG Parameters Definition

The parameters for the generation of random from the Deterministic RNG are described in the following table. This service can easily be accessed through the use of the PUKCL_Rng() and PUKCL() macros.

Table 37-40. RNG Service Deterministic Generated Parameters
Parameter Type Direction Location Data Length Before Executing the Service After Executing the Service
u2Options u2 I Option (see Table 37-41) Option (see Table 37-41)
nu1XKeyBase nu1 I/O Crypto RAM u2XKeyLength Base of XKey Base of XKey filled with the resulting XKey
nu1Workspace nu1 NA Crypto RAM 64 bytes Base of the workspace Base of the workspace corrupted

nu1Workspace2(1)

nu1

NA

Crypto RAM

 2*u1XKeyLength + 4

Base of the workspace 2

 Base of the workspace corrupted
nu1XSeedBase nu1 I/O Crypto RAM

max

( 2*u2XKeyLength, 44 bytes)

 Base of the values XSeed[0] and XSeed[1] Base of XSeed filled with the result on 20 bytes
u2XKeyLength u2 I Length of XKey, Xseed[0] and Xseed[1] Length of XKey, Xseed[0] and Xseed[1]
nu1QBase nu1 I Crypto RAM 20 bytes Base of Q Base of Q
nu1RBase nu1 I Crypto RAM u2RLength Base of R Base of R filled with the result on 20 bytes
Note:
  1. The nu1 Workspace2 must be a multiple of 256.

Options

The option is set by the u2Options input parameter that must take one of the values listed in the following table.
Note: The values, OPTION_RNG_SEED and OPTION_RNG_GETSEED, are reserved for future use.
Table 37-41. RNG Service Options
Option Purpose Required Parameters
PUKCL_RNG_SEED Reserved Reserved
PUKCL_RNG_GET Generation of a random number from the RNG nu1RBase, u2RLength

PUKCL_RNG_X931_GET

 Generation of a random number from the Deterministic RNG nu1XKeyBase, nu1Workspace, nu1XSeedBase, u2XKeyLength, nu1QBase, nu1RBase
PUKCL_RNG_GETSEED Reserved Reserved

Code Example

PUKCL_PARAM PUKCLParam;
PPUKCL_PARAM pvPUKCLParam = &PUKCLParam;

// ! The Random Number Generator must be initialized and started
// ! following the directives given for the RNG on the chip

PUKCL(u2Option) =...;

// Initializing parameters
PUKCL_Rng(nu1RBase) = <Base of the ram location to store the rng>; 
PUKCL_Rng(u2RLength) = <Length of the rng to get>;

// vPUKCL_Process() is a macro command, which populates the service name
// and then calls the library... 
vPUKCL_Process(Rng,pvPUKCLParam); 
if (PUKCL(u2Status) == PUKCL_OK)
            {
            // The RNG generation has been executed correctly
            ...
            }
else // Manage the error

Constraints

Random Number Generation

The following conditions must be avoided to ensure that the service works correctly:

  • {nu1RBase,u2RLength} not in RAM
  • {nu1RBase,u2RLength} not accessible or authorized for writing

Deterministic Random Number Generation

The length of the parameter nu1XSeedbase is: XSeedLength = max( 2*u2XKeyLength, 44 bytes) The max() macro takes a maximum of two values.

The following conditions must be avoided to ensure that the service works correctly:

  • nu1XKeyBase,nu1Workspace, nu1Workspace2, nu1XSeedBase, nu1QBase, nu1RBase are not aligned on 32-bit boundaries
  • {nu1XKeyBase, u2XKeyLength}, {nu1Workspace, 64 bytes}, {nu1Workspace2, 2*u1XKeyLength +4}, {nu1XSeedBase, XSeedLength}, {nu1QBase, 24 bytes} or {nu1RBase, 20 bytes} are not in PUKCC RAM
  • u2XKeyLength is either: < 20, > 64 or not a 32-bit length
  • nu1Workspace2 not multiple of 256.
  • Overlaps exist between two or more of the areas: {nu1XKeyBase, u2XKeyLength}, {nu1Workspace,64 bytes}, {nu1XSeedBase, XSeedLength}, {nu1QBase, 24 bytes} or {nu1RBase, 20 bytes}

    The area {nu1RBase, 20} can overlap with {nu1Workspace, 64 bytes} or {nu1QBas, 24 bytes}. The pointer nu1RBase can equal the pointer nu1XSeedBase.

Status Returned Values

Table 37-42. RNG Service Return Codes
Returned status Importance Meaning
PUKCL_OK Information Service functioned correctly