|
@@ -10,14 +10,14 @@
|
10
|
10
|
FILE_LICENCE ( GPL2_OR_LATER );
|
11
|
11
|
|
12
|
12
|
#include <stdint.h>
|
13
|
|
-#include <ipxe/sha1.h>
|
|
13
|
+#include <ipxe/sha256.h>
|
14
|
14
|
#include <ipxe/hmac_drbg.h>
|
15
|
15
|
|
16
|
|
-/** Choose HMAC_DRBG using SHA-1
|
|
16
|
+/** Choose HMAC_DRBG using SHA-256
|
17
|
17
|
*
|
18
|
|
- * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82.
|
|
18
|
+ * HMAC_DRBG using SHA-256 is an Approved algorithm in ANS X9.82.
|
19
|
19
|
*/
|
20
|
|
-#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA1
|
|
20
|
+#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA256
|
21
|
21
|
|
22
|
22
|
/** Maximum security strength */
|
23
|
23
|
#define DRBG_MAX_SECURITY_STRENGTH \
|
|
@@ -25,10 +25,9 @@ FILE_LICENCE ( GPL2_OR_LATER );
|
25
|
25
|
|
26
|
26
|
/** Security strength
|
27
|
27
|
*
|
28
|
|
- * We choose to operate at the maximum security strength supported by
|
29
|
|
- * the algorithm.
|
|
28
|
+ * We choose to operate at a strength of 128 bits.
|
30
|
29
|
*/
|
31
|
|
-#define DRBG_SECURITY_STRENGTH DRBG_MAX_SECURITY_STRENGTH
|
|
30
|
+#define DRBG_SECURITY_STRENGTH 128
|
32
|
31
|
|
33
|
32
|
/** Minimum entropy input length */
|
34
|
33
|
#define DRBG_MIN_ENTROPY_LEN_BYTES \
|