Programmer’s Guide

This section discusses how software can interface with CSRNG.

Module enable and disable

CSRNG may only be enabled if ENTROPY_SRC is enabled. CSRNG may only be disabled if all EDNs are disabled. Once disabled, CSRNG may only be re-enabled after ENTROPY_SRC has been disabled and re-enabled.

Endianness and Known-Answer Tests

All CSRNG registers are little-endian.

When providing additional data for an instantiate, reseed or update command the data words have to be written to CMD_REQ in the correct order. Consider a byte string B₁, B₂, …, B_n as defined in Appendix A of NIST’s SP 800-90A, i.e., where B₁ is the most significant byte and B_n the least significant byte. Providing this sequence as additional data to CSRNG requires software to write the following 32-bit words to CMD_REQ in the following order:

When reading the internal state from INT_STATE_VAL, CSRNG returns the bytes of V and Key in the following order:

Finally, when reading a byte string of say 64 bytes (16 words) B₁, B₂, …, B₆₄ from GENBITS as defined in Appendix A of NIST’s SP 800-90A, the bytes are returned in the following order. Note that always 4 words return 1 128-bit GENBITS block. Within each block, the least significant bytes are returned first and the most significant bytes are returned last. In particular, the most significant byte B₁ of the string is read in Word 4 and the least significant byte B₆₄ of the string is read in Word 13.

Device Interface Functions (DIFs)

• Device Interface Functions