This section discusses how software can interface with CSRNG.
CSRNG may only be enabled if
ENTROPY_SRC is enabled.
CSRNG may only be disabled if all EDNs are disabled.
Once disabled, CSRNG may only be re-enabled after
ENTROPY_SRC has been disabled and re-enabled.
All CSRNG registers are little-endian.
When providing additional data for an instantiate, reseed or update command the data words have to be written to
CMD_REQ in the correct order.
Consider a byte string B1, B2, …, Bn as defined in Appendix A of NIST’s SP 800-90A, i.e., where B1 is the most significant byte and Bn the least significant byte.
Providing this sequence as additional data to CSRNG requires software to write the following 32-bit words to
CMD_REQ in the following order:
|Word Index||Byte Indices of Additional Data|
When reading the internal state from
INT_STATE_VAL, CSRNG returns the bytes of V and Key in the following order:
|Word Index||Byte Indices of V and Key|
Finally, when reading a byte string of say 64 bytes (16 words) B1, B2, …, B64 from
GENBITS as defined in Appendix A of NIST’s SP 800-90A, the bytes are returned in the following order.
Note that always 4 words return 1 128-bit GENBITS block.
Within each block, the least significant bytes are returned first and the most significant bytes are returned last.
In particular, the most significant byte B1 of the string is read in Word 4 and the least significant byte B64 of the string is read in Word 13.
|Word Index||Byte Indices of Generated Bits|