37.3.4.13 Get Random Number
Purpose
The purpose of this command is to provide the user with a source of entropy. The options available for this service are:
- Generation of random numbers from a Hardware Random Number Generator (TRNG).
- Generation of random numbers from a Deterministic Random Number Generator (DRNG).
When using this service, be sure to strictly follow the directives given for the RNG on the chip you use (particularly initialization, seeding) and compulsorily start the RNG. If the directives require not to use this service, follow them and use the proposed method to get random numbers.
This service only has the option to get random numbers and does not seed, initialize or start the RNG. Other options are reserved for future use.
Neither continuous testing nor entropy testing is included in this service. If this is needed (FIPS 140, ZKA, ...), this service must not be used and the users develops their own command.
The DRNG is compatible with both ANSI X9.31 and FIPS 186-2 standards (see the important note below). The DRNG is designed according to:
- The algorithm described in the document ANSI Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA) X9.31 dated September 9, 1998.
- The Change recommendation for ANSI X9.0 - 1995 (Part 1) and ANSI X9.31 -1998:
The algorithm B.2.1 Algorithm for computing m Values of x is the one applied in the Toolbox 3 X9.31 DRNG. The DRNG is compatible with:
- The DRNG is described in the document NIST Digital Signature Standard (DSS) FIPS Pub 186-2 January 27, 2000 Appendix 3.1
- The FIPS 186-2 Change Notice 1 dated October 5, 2001 modifies this algorithm.
How to Use the Service
Description
This service has four possible options described in Table 37-41. Two of these options are reserved for future use. This service performs the following operations:
- Generation of a random number from the Hardware RNG
- Generation of a random number from the Deterministic RNG
Generation of a Random Number from the Hardware RNG
This service, activated with the option PUKCL_RNG_GET, makes it possible to get a random number R from the Hardware RNG:
R = HardwareRandomGenerate()
In the Generation of random from the RNG service, the following parameters need to be provided:
- R the generated number area (pointed by{nu1RBase,u2RLength})
Generation of a Random Number from the Deterministic RNG
This service, activated with the option PUKCL_RNG_X931_GET, makes it possible to get a random number R from the Deterministic Random Number Generator with input parameters the Key XKey and the Seed XSeed:
(XKey, R) = DeterministicRandomGenerateFromSeed ( XKey, XSeed, Q)
In the generation of a random number from the Deterministic RNG service, the following parameters need to be provided:
- XKey the input and output Key (pointed by {nu1XKeyBase,u2XKeyLength})
- XSeed the input Seed (pointed by {nu1XseedBase,u2XKeyLength})
- Q the prime number (pointed by {nu1QBase, 20bytes})
- R the generated number area (pointed by {nu1RBase, 20bytes})
Hardware RNG Parameters Definition
The parameters for the generation of random from the
Hardware RNG are described in the following table. This service
can easily be accessed through the use of the
PUKCL_Rng()
and PUKCL()
macros.
Parameter | Type | Dir. | Location | Data Length | Before Executing the Service | After Executing the Service |
---|---|---|---|---|---|---|
u2Options | u2 | I | – | – | Option (see Table 37-41) | Option (see Table 37-41) |
nu1RBase | nu1 | I | Crypto RAM or Device RAM | u2RLength | Base of R | Base of R filled with random values depending on the option |
u2RLength | u2 | I | – | – | Length of R | Length of R |
Deterministic RNG Parameters Definition
The parameters for the generation of random from the
Deterministic RNG are described in the following table. This
service can easily be accessed through the use of the
PUKCL_Rng()
and PUKCL()
macros.
Parameter | Type | Direction | Location | Data Length | Before Executing the Service | After Executing the Service |
---|---|---|---|---|---|---|
u2Options | u2 | I | – | – | Option (see Table 37-41) | Option (see Table 37-41) |
nu1XKeyBase | nu1 | I/O | Crypto RAM | u2XKeyLength | Base of XKey | Base of XKey filled with the resulting XKey |
nu1Workspace | nu1 | NA | Crypto RAM | 64 bytes | Base of the workspace | Base of the workspace corrupted |
nu1Workspace2(1) |
nu1 |
NA |
Crypto RAM | 2*u1XKeyLength + 4 |
Base of the workspace 2 | Base of the workspace corrupted |
nu1XSeedBase | nu1 | I/O | Crypto RAM |
max ( 2*u2XKeyLength, 44 bytes) | Base of the values XSeed[0] and XSeed[1] | Base of XSeed filled with the result on 20 bytes |
u2XKeyLength | u2 | I | – | – | Length of XKey, Xseed[0] and Xseed[1] | Length of XKey, Xseed[0] and Xseed[1] |
nu1QBase | nu1 | I | Crypto RAM | 20 bytes | Base of Q | Base of Q |
nu1RBase | nu1 | I | Crypto RAM | u2RLength | Base of R | Base of R filled with the result on 20 bytes |
- The nu1 Workspace2 must be a multiple of 256.
Options
Option | Purpose | Required Parameters |
---|---|---|
PUKCL_RNG_SEED | Reserved | Reserved |
PUKCL_RNG_GET | Generation of a random number from the RNG | nu1RBase, u2RLength |
PUKCL_RNG_X931_GET | Generation of a random number from the Deterministic RNG | nu1XKeyBase, nu1Workspace, nu1XSeedBase, u2XKeyLength, nu1QBase, nu1RBase |
PUKCL_RNG_GETSEED | Reserved | Reserved |
Code Example
PUKCL_PARAM PUKCLParam;
PPUKCL_PARAM pvPUKCLParam = &PUKCLParam;
// ! The Random Number Generator must be initialized and started
// ! following the directives given for the RNG on the chip
PUKCL(u2Option) =...;
// Initializing parameters
PUKCL_Rng(nu1RBase) = <Base of the ram location to store the rng>;
PUKCL_Rng(u2RLength) = <Length of the rng to get>;
// vPUKCL_Process() is a macro command, which populates the service name
// and then calls the library...
vPUKCL_Process(Rng,pvPUKCLParam);
if (PUKCL(u2Status) == PUKCL_OK)
{
// The RNG generation has been executed correctly
...
}
else // Manage the error
Constraints
Random Number Generation
The following conditions must be avoided to ensure that the service works correctly:
- {nu1RBase,u2RLength} not in RAM
- {nu1RBase,u2RLength} not accessible or authorized for writing
Deterministic Random Number Generation
The length of the parameter nu1XSeedbase is:
XSeedLength = max( 2*u2XKeyLength, 44 bytes) The
max()
macro takes a maximum of two
values.
The following conditions must be avoided to ensure that the service works correctly:
- nu1XKeyBase,nu1Workspace, nu1Workspace2, nu1XSeedBase, nu1QBase, nu1RBase are not aligned on 32-bit boundaries
- {nu1XKeyBase, u2XKeyLength}, {nu1Workspace, 64 bytes}, {nu1Workspace2, 2*u1XKeyLength +4}, {nu1XSeedBase, XSeedLength}, {nu1QBase, 24 bytes} or {nu1RBase, 20 bytes} are not in PUKCC RAM
- u2XKeyLength is either: < 20, > 64 or not a 32-bit length
- nu1Workspace2 not multiple of 256.
- Overlaps exist between two or more of the areas:
{nu1XKeyBase, u2XKeyLength}, {nu1Workspace,64 bytes},
{nu1XSeedBase, XSeedLength}, {nu1QBase, 24 bytes} or
{nu1RBase, 20 bytes}
The area {nu1RBase, 20} can overlap with {nu1Workspace, 64 bytes} or {nu1QBas, 24 bytes}. The pointer nu1RBase can equal the pointer nu1XSeedBase.
Status Returned Values
Returned status | Importance | Meaning |
---|---|---|
PUKCL_OK | Information | Service functioned correctly |