Filter
Top Products
Chapter 9 Putting It All Together: An X9.31 Example 317
The X9.31 Sample Program
Providing the Seed
In this example, the seed is provided by keyboard input and stored in an ITEM
structure,
randomSeed
. The amount of seed data passed in the A_X931_RANDOM_PARAMS
structure must be greater than or equal to 20 * (number of streams) bytes and less than
or equal to 64 * (number of streams) bytes. With 6 streams, this means the seed size
must be between 120 bytes and 384 bytes.
If the amount of seed data is outside this range, Crypto-C will return a
BE_ALGORITHM_INFO error. If the amount of seed data is below 128 bytes, you will be
prompted to enter seed data again. In addition, Crypto-C does a limited check on the
seed value for the amount of entropy. For example, a constant seed (all zeros or all
ones) will return a
BE_BAD_SEEDING error.
Note: Crypto-C may not return an error even if the seed entropy is poor, or if the
application provides insufficient random streams. The proper
implementation of sufficient entropy sources is the responsibility of the
application and not of Crypto-C.
A different method for acquiring random input for the seed would be to use a
hardware random number generator, where available. For information on one such
generator, the Intel Random Number Generator, see the Intel Security Hardware User’s
Guide, available on the Crypto-C CD-ROM.
do {
puts ("Enter a random seed (120 bytes minimum, 384 bytes maximum):");
gets ((char *)randomSeed.data);
randomSeed.len = strlen (randomSeed.data);
} while (randomSeed.len < 20 * x931Params.numberOfStreams);
x931Params.seed.data = randomSeed.data;
x931Params.seed.len = randomSeed.len;
/* Pass the parameters to the algorithm object in a call to
B_SetAlgorithmInfo. */
if ((status = B_SetAlgorithmInfo
(randomAlgorithm, AI_X931Random, (POINTER)&x931Params)) != 0)
break;