Add Seed for Pseudorandom Number Generator (QC3ADDSD, Qc3AddPRNGSeed) API


  Required Parameter Group:

1 Seed data Input Char(*)
2 Seed data length Input Binary(4)
3 Error Code I/O Char(*)

  Service Program Name: QC3PRNG

  Default Public Authority: *USE

  Threadsafe: Yes


The Add Seed for Pseudorandom Number Generator (OPM, QC3ADDSD; ILE, Qc3AddPRNGSeed) API allows the user to add seed into the system seed digest of the system's pseudorandom number generator.

The pseudorandom number generator is composed of two parts: pseudorandom number generation and seed management. Pseudorandom number generation is performed using the FIPS 186-1 algorithm. (See the Generate Pseudorandom Numbers (Qc3GenPRNs) API.) Cryptographically-secure pseudorandom numbers rely on good seed. The FIPS 186-1 key and seed values are obtained from the system seed digest. The system automatically generates seed using data collected from system information or by using the random number generator function on a cryptographic coprocessor, such as a 4764, if one is available. System-generated seed can never be truly unpredictable. If a cryptographic coprocessor is not available, you can use this API to add your own random seed to the system seed digest. This should be done as soon as possible any time the Licensed Internal Code is installed.


Authorities and Locks

All object (*ALLOBJ) special authority is needed to use this API.

User Profile Authority
*ALLOBJ

Required Parameter Group

Seed data
INPUT; CHAR(*)

The input seed data for the system seed digest.

It is important that the seed data be unpredictable and have as much entropy as possible. Entropy is the minimum number of bits needed to represent the information contained in some data. For seeding purposes, entropy is a measure of the amount of uncertainty or unpredictability of the seed. The system seed digest holds a maximum of 160 bits of entropy. You should add at least that much entropy to refresh the system seed digest totally. Possible sources of seed data are coin flipping, keystroke or mouse timings, or a noise source such as the one available on the 4764 Cryptographic Coprocessor.

Seed data length
INPUT; BINARY(4)

The length of the seed data, in bytes. If this length is 0, no seed data is added.

Error code
I/O; CHAR(*)

The structure in which to return error information. For the format of the structure, see Error code parameter.


Error Messages

Message ID Error Message Text
CPF222E E *ALLOBJ special authority is required.
CPF3C17 E Error occurred with input data parameter.
CPF3CF1 E Error code parameter not valid.


API introduced: V5R1

[ Back to top | Cryptographic Services APIs | Miscellaneous APIs | APIs by category ]