IBM 2 Computer Hardware User Manual


 
CCA Release 2.54
RSA Key-Pair Generation
RSA key-pair generation is determined based on user input of the modulus bit
length, public exponent, and key type. The output is based on creating primes p
and q in conformance with ANSI X9.31 requirements as follows:
prime p bit length = ((modulus_bit_length +1)/2)
prime q bit length = modulus_bit_length - p_bit_length
p and q are randomly chosen prime numbers
p > q
The Rabin-Miller Probabilistic Primality Test is iterated eight times for each
prime. This test determines that a false prime will be produced with probability
no greater then 1/4
c
, where “c” is the number of iterations. Refer to the ANSI
x9.31 standard and see the section entitled “Miller-Rabin Probabilistic Primality
Test.”
Primes p and q are relatively prime with the public exponent.
Primes p and q are different in at least one of the first 100 most significant bits,
that is, |p-q| > 2
(prime bit length - 100)
. For example, when the Modulus bit length is
1024, then both primes bit length are 512 bits and the difference of the two
primes is |p-q| > 2
412
.
An RSA key is generated in the following manner with respect to random numbers:
1. For each key-generation, and for any size of key, the PKA Manager
2
seeds an
internal FIPS-approved, SHA-1 based pseudo random number generator
(PRNG) with the first 20 bytes (160 bits) of information that it receives from
three successive calls to the RNG Manager's PRNG interface.
2. The RNG Manager can supply random numbers in three ways, but with the
CCA Support Program only one way is used, the PRNG method. The PKA
Manager seeds an internal FIPS-approved, SHA-1 based PRNG with the first
160 bits out of 192 bits it obtains from a hardware random number pool. The
PRNG responds with eight random bytes (64 bits) per request. After every
eight requests, the PRNG is reseeded from the hardware random number pool.
The RNG Manager can respond to requests for random numbers from other
processes with such responses interspersed between responses to PKA
Manager requests.
The RNG Manager collects a stream of random bits from a hardware
random-bit source into a 20,000 bit “pool.” The Manager then turns of the
hardware random-bit generator until additional bits are needed. The goal is to
always have 20,000 bits in the pool. Bits are supplied first-in, first-out from the
pool.
3. Thus, an RSA key is generated from random information obtained from two
cascaded SHA-1 PRNGs. An RSA key will be based on one or more 160-bit
seeds from the hardware random-bit source depending on the dynamic mix of
tasks running within the Coprocessor.
2
The “PKA Manager” (public-key architecture) and the “RNG Manager” (random number) are components of the control program
which support the CCA application within the Coprocessor.
Appendix D. Algorithms and Processes
D-15