[openssl-users] Fwd: X9.31 RSA key generation for FIPS validation (180-4)
SecInterlocutor
secinterlocutor at gmail.com
Wed May 20 10:05:03 UTC 2015
Hello again,
I am resending this email in case it's been forgotten. Is there anyone who
can help me at all?
If more information is needed, please let me know.
Many thanks.
---------- Forwarded message ----------
From: SecInterlocutor <secinterlocutor at gmail.com>
Date: Fri, May 15, 2015 at 9:44 AM
Subject: Fwd: X9.31 RSA key generation for FIPS validation (180-4)
To: openssl-users at openssl.org
Hello,
Our product was FIPS-certified a few years ago. We are now about to start
the re-certification process.
The test for RSA X9.31 key generation have somewhat changed, or so it looks
like to me anyway.
A few years ago, we received test vectors with the following parameters:
modulus size, e, xp1, xp2, Xp, xq1, xq2, Xq.
The response we provided included the previous parameters and these
generated values: p, q, n, d.
We used FIPS_rsa_x931_derive_ex() to generate the values.
I believe this function implements section B.3.6: Generation of Probable
Primes with Conditions Based on Auxiliary Probable Primes. Prime method:
Primes p1, p2, q1,q2, p and q shall all be probable primes.
Is my assumption correct?
If so, we’d like to minimise effort and reuse our test sw for the new tests
in http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf.
I’m looking at section 6.2.1 where the parameters are: modulus size, e,
N=25 (number of iterations). It seems to me that we have to send a response
with all of the other parameters: xp1, xp2, Xp, xq1, xq2, Xq, p, q, n, d.
xp1, xp2, Xp, xq1, xq2, Xq are random numbers, some of them have to be odd.
Which function(s) do you suggest to use to generate them?
Or can I just use FIPS_rsa_x931_generate_key_ex() ? Is this used with a
fixed exponent? Does it also implement section B.3.6?
We also have to indicate to NIST the type of Probabilistic Primality Test
the (specific) OpenSSL functions use:
a) Table C.2. Minimum number of rounds of M-R testing when generating
primes
b) Table C.3. Minimum number of rounds of M-R testing when generating
primes using an error probability of 2^–100
Which one(s) does OpenSSL implement? If both, how is that chosen?
Many thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150520/7c78d4c3/attachment.html>
More information about the openssl-users
mailing list