From e781ef6ece58505ba4c8f8cb0de942d7c46018bf Mon Sep 17 00:00:00 2001 From: Pirmin Vogel Date: Fri, 24 Jan 2025 16:47:00 +0100 Subject: [PATCH] [csrng/doc] Clarify description section of README.md Previously, this section: - was referring to a derivation function which our implementation doesn't use, - mentioned and undefined CSRNG_MAX_GENERATE constant, - mentioned the support of a prediction resistance flag for generate calls (only relevant for instantiate and reseed commands) - mentioned the update routine only in the context of generate commands (it's used by any single command call and can be called explicitly). Signed-off-by: Pirmin Vogel --- hw/ip/csrng/README.md | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/hw/ip/csrng/README.md b/hw/ip/csrng/README.md index ddbf805510615..d16f254c4dd18 100644 --- a/hw/ip/csrng/README.md +++ b/hw/ip/csrng/README.md @@ -60,17 +60,15 @@ The CSRNG IP consists of four main components: 2. The CTR_DRBG state-machine (`ctr_drbg_fsm`) which drives the AES primitive, performing the various encryption sequences prescribed for approved DRBGs in SP 800-90A. These include: - 1. **The Derivation Function:** - Part of the instantiation and reseed routines, this routine assembles the previous seed material (on reseed only), application inputs, and entropy. - 2. **The Instantiation Routine:** - Combines application inputs, external entropy and nonce (more entropy) via the derivation function. - 3. **The Reseed Routine:** - Combines the previous seed material with external entropy to generate a new seed. - 4. **The Generate Routine:** - Generates up to CSRNG_MAX_GENERATE random bits. - If called with prediction_resistance_flag, forces a reseed. - 5. **The Update Routine:** - Updates the internal state of the DRNG instance after each generate call. + 1. **The Instantiation Routine:** + Takes external entropy and/or additional data (personalization string) to instantiate the DRNG instance. + 1. **The Reseed Routine:** + Combines the previous seed material with external entropy and/or additional data (personalization string) to generate a new seed. + 1. **The Generate Routine:** + Generates up to 4095 * 128 random bits, which is less than the maximum 219 bits allowed by NIST (referenced to as max_number_of_bits_per_request). + 1. **The Update Routine:** + Updates the internal state of the DRNG instance. + It is automatically executed during instantiate, reseed and generate calls, but can also be explicitly called to combine additional data with the internal state of the DRNG instance. 3. State vectors for each DRNG instance. 4. Interface logic and access control for each instance.