[rng] Choose HMAC_DRBG using SHA-256 as the DRBG algorithm

Both HMAC_DRBG using SHA-1 and HMAC_DRBG using SHA-256 are Approved algorithms in ANS X9.82 for our chosen security strength of 128 bits. However, general recommendations (see e.g. NIST SP800-57) are to use a larger hash function in preference to SHA-1. Since SHA-256 is required anyway for TLSv1.2 support, there is no code size penalty for switching HMAC_DRBG to also use SHA-256. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2012-03-06 13:42:06 +00:00 · 2012-03-06 13:42:06 +00:00 · 8d038040ea
parent a810258b42
commit 8d038040ea
1 changed files with 6 additions and 7 deletions
--- a/src/include/ipxe/drbg.h
+++ b/src/include/ipxe/drbg.h
@ -10,14 +10,14 @@
 FILE_LICENCE ( GPL2_OR_LATER );

 #include <stdint.h>
-#include <ipxe/sha1.h>
+#include <ipxe/sha256.h>
 #include <ipxe/hmac_drbg.h>

-/** Choose HMAC_DRBG using SHA-1
+/** Choose HMAC_DRBG using SHA-256
 *
- * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82.
+ * HMAC_DRBG using SHA-256 is an Approved algorithm in ANS X9.82.
 */
-#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA1
+#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA256

 /** Maximum security strength */
 #define DRBG_MAX_SECURITY_STRENGTH \
@ -25,10 +25,9 @@ FILE_LICENCE ( GPL2_OR_LATER );

 /** Security strength
 *
- * We choose to operate at the maximum security strength supported by
- * the algorithm.
+ * We choose to operate at a strength of 128 bits.
 */
-#define DRBG_SECURITY_STRENGTH DRBG_MAX_SECURITY_STRENGTH
+#define DRBG_SECURITY_STRENGTH 128

 /** Minimum entropy input length */
 #define DRBG_MIN_ENTROPY_LEN_BYTES \