[openssl-users] Fwd: X9.31 RSA key generation for FIPS validation (180-4)
secinterlocutor at gmail.com
Tue Jun 2 11:55:51 UTC 2015
Our product was FIPS-certified a few years ago. We are now about to start
the re-certification process.
The test for RSA X9.31 key generation have somewhat changed, or so it looks
like to me anyway.
A few years ago, we received test vectors with the following parameters:
modulus size, e, xp1, xp2, Xp, xq1, xq2, Xq.
The response we provided included the previous parameters and these
generated values: p, q, n, d.
We used FIPS_rsa_x931_derive_ex() to generate the values.
I believe this function implements section B.3.6: Generation of Probable
Primes with Conditions Based on Auxiliary Probable Primes. Prime method:
Primes p1, p2, q1,q2, p and q shall all be probable primes.
Is my assumption correct?
If so, we’d like to minimise effort and reuse our test sw for the new tests
I’m looking at section 6.2.1 where the parameters are: modulus size, e,
N=25 (number of iterations). It seems to me that we have to send a response
with all of the other parameters: xp1, xp2, Xp, xq1, xq2, Xq, p, q, n, d.
xp1, xp2, Xp, xq1, xq2, Xq are random numbers, some of them have to be odd.
Which function(s) do you suggest to use to generate them?
Or can I just use FIPS_rsa_x931_generate_key_ex() ? Is this used with a
fixed exponent? Does it also implement section B.3.6?
We also have to indicate to NIST the type of Probabilistic Primality Test
the (specific) OpenSSL functions use:
a) Table C.2. Minimum number of rounds of M-R testing when generating
b) Table C.3. Minimum number of rounds of M-R testing when generating
primes using an error probability of 2^–100
Which one(s) does OpenSSL implement? If both, how is that chosen?
Many thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users