diff options
Diffstat (limited to 'board/cr50/dcrypto/fips_rand.c')
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index f949993450..bc6fa29e7a 100644 --- a/board/cr50/dcrypto/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c @@ -244,8 +244,8 @@ bool fips_trng_startup(int stage) return fips_powerup_passed(); } -/* Assuming H=0.8, we need 550 bits from TRNG to get 440 bits. */ -#define ENTROPY_SIZE_BITS 550 +/* Assuming H=0.77, we need 571 bits from TRNG to get 440 bits. */ +#define ENTROPY_SIZE_BITS 571 #define ENTROPY_SIZE_WORDS (BITS_TO_WORDS(ENTROPY_SIZE_BITS)) bool fips_drbg_init(void) @@ -260,15 +260,15 @@ bool fips_drbg_init(void) return true; /** - * Get entropy + nonce from TRNG. Assume H>=0.8. + * Get entropy + nonce from TRNG. Assume H>=0.77. */ if (!fips_trng_bytes(entropy_input, sizeof(entropy_input))) return false; /** - * Pass combined seed containing total 550 bits of entropy and nonce, - * and assuming H=0.8, we will get total entropy in seed as 440bits as - * defined for HMAC DBRG in NIST SP 800-90Ar1 B.2. + * Pass combined seed containing total 571 bits of entropy and nonce, + * and assuming H=0.77, we will get total entropy in seed as 440 bits + * as defined for HMAC DBRG in NIST SP 800-90Ar1 B.2. * Required minimum entropy for the entropy input at instantiation = * (3/2) security_strength (this includes the entropy required for the * nonce). For 256-bit security, this means at least 384 bits. @@ -276,10 +276,10 @@ bool fips_drbg_init(void) * Maximum length of the personalization string = 160 bits. * Maximum length of the entropy input = 1000 bits. * - * Reseed_interval = 10 000 requests. + * Reseed_interval = 1000 requests. */ hmac_drbg_init(&fips_drbg, &entropy_input, sizeof(entropy_input), NULL, - 0, NULL, 0, 10000); + 0, NULL, 0, 1000); always_memset(entropy_input, 0, sizeof(entropy_input)); return true; |