Use standard terminology to describe the personalization string

NIST and many other sources call it a "personalization string", and
certainly not "device-specific identifiers" which is actually somewhat
misleading since this is just one of many things that might go into a
personalization string.
This commit is contained in:
Gilles Peskine 2019-10-01 18:39:45 +02:00
parent 3f9c973452
commit 9fb4518728
2 changed files with 12 additions and 11 deletions

View file

@ -203,7 +203,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* \p f_entropy is always called with a buffer size equal to the entropy * \p f_entropy is always called with a buffer size equal to the entropy
* length described in the documentation of mbedtls_ctr_drbg_set_entropy_len(). * length described in the documentation of mbedtls_ctr_drbg_set_entropy_len().
* *
* Personalization data can be provided in addition to the more generic * You can provide a personalization string in addition to the
* entropy source, to make this instantiation as unique as possible. * entropy source, to make this instantiation as unique as possible.
* *
* \note The _seed_material_ value passed to the derivation * \note The _seed_material_ value passed to the derivation
@ -231,11 +231,10 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* \p p_entropy context, the buffer to fill, and the * \p p_entropy context, the buffer to fill, and the
* length of the buffer. * length of the buffer.
* \param p_entropy The entropy context to pass to \p f_entropy. * \param p_entropy The entropy context to pass to \p f_entropy.
* \param custom Personalization data, that is device-specific * \param custom The personalization string.
* identifiers. This can be \c NULL, in which case the * This can be \c NULL, in which case the personalization
* personalization data is empty regardless of the value * string is empty regardless of the value of \p len.
* of \p len. * \param len The length of the personalization string.
* \param len The length of the personalization data.
* This must be at most * This must be at most
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT / 2. * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT / 2.
* *

View file

@ -129,6 +129,9 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* with mbedtls_entropy_init() (which registers the platform's default * with mbedtls_entropy_init() (which registers the platform's default
* entropy sources). * entropy sources).
* *
* You can provide a personalization string in addition to the
* entropy source, to make this instantiation as unique as possible.
*
* \note By default, the security strength as defined by NIST is: * \note By default, the security strength as defined by NIST is:
* - 128 bits if \p md_info is SHA-1; * - 128 bits if \p md_info is SHA-1;
* - 192 bits if \p md_info is SHA-224; * - 192 bits if \p md_info is SHA-224;
@ -154,11 +157,10 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* \p p_entropy context, the buffer to fill, and the * \p p_entropy context, the buffer to fill, and the
* length of the buffer. * length of the buffer.
* \param p_entropy The entropy context to pass to \p f_entropy. * \param p_entropy The entropy context to pass to \p f_entropy.
* \param custom Personalization data, that is device-specific * \param custom The personalization string.
* identifiers. This can be \c NULL, in which case the * This can be \c NULL, in which case the personalization
* personalization data is empty regardless of the value * string is empty regardless of the value of \p len.
* of \p len. * \param len The length of the personalization string.
* \param len The length of the personalization data.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT * This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most * and also at most
* #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2 * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2