Use standard terminology to describe the personalization string

NIST and many other sources call it a "personalization string", and
certainly not "device-specific identifiers" which is actually somewhat
misleading since this is just one of many things that might go into a
personalization string.
This commit is contained in:
Gilles Peskine 2019-10-01 18:39:45 +02:00 committed by Simon Butcher
parent 57553fa2f0
commit beddfdcd7f
2 changed files with 12 additions and 11 deletions

View file

@ -203,7 +203,7 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* \p f_entropy is always called with a buffer size equal to the entropy
* length described in the documentation of mbedtls_ctr_drbg_set_entropy_len().
*
* Personalization data can be provided in addition to the more generic
* You can provide a personalization string in addition to the
* entropy source, to make this instantiation as unique as possible.
*
* \note The _seed_material_ value passed to the derivation
@ -231,11 +231,10 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
* \p p_entropy context, the buffer to fill, and the
* length of the buffer.
* \param p_entropy The entropy context to pass to \p f_entropy.
* \param custom Personalization data, that is device-specific
* identifiers. This can be \c NULL, in which case the
* personalization data is empty regardless of the value
* of \p len.
* \param len The length of the personalization data.
* \param custom The personalization string.
* This can be \c NULL, in which case the personalization
* string is empty regardless of the value of \p len.
* \param len The length of the personalization string.
* This must be at most
* #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT / 2.
*

View file

@ -129,6 +129,9 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* with mbedtls_entropy_init() (which registers the platform's default
* entropy sources).
*
* You can provide a personalization string in addition to the
* entropy source, to make this instantiation as unique as possible.
*
* \note By default, the security strength as defined by NIST is:
* - 128 bits if \p md_info is SHA-1;
* - 192 bits if \p md_info is SHA-224;
@ -154,11 +157,10 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
* \p p_entropy context, the buffer to fill, and the
* length of the buffer.
* \param p_entropy The entropy context to pass to \p f_entropy.
* \param custom Personalization data, that is device-specific
* identifiers. This can be \c NULL, in which case the
* personalization data is empty regardless of the value
* of \p len.
* \param len The length of the personalization data.
* \param custom The personalization string.
* This can be \c NULL, in which case the personalization
* string is empty regardless of the value of \p len.
* \param len The length of the personalization string.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most
* #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2