[rng] Choose HMAC_DRBG using SHA-256 as the DRBG algorithm

Both HMAC_DRBG using SHA-1 and HMAC_DRBG using SHA-256 are Approved
algorithms in ANS X9.82 for our chosen security strength of 128 bits.
However, general recommendations (see e.g. NIST SP800-57) are to use a
larger hash function in preference to SHA-1.

Since SHA-256 is required anyway for TLSv1.2 support, there is no code
size penalty for switching HMAC_DRBG to also use SHA-256.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

diff --git a/src/include/ipxe/drbg.h b/src/include/ipxe/drbg.h
index 139f03c54e8887f003f7f6185e653409248964b9..6374e7787128d373375dfa8ff67f32218ccb3355 100644 (file)
--- a/src/include/ipxe/drbg.h
+++ b/src/include/ipxe/drbg.h
@@ -10,14 +10,14 @@
 FILE_LICENCE ( GPL2_OR_LATER );
 
 #include <stdint.h>
-#include <ipxe/sha1.h>
+#include <ipxe/sha256.h>
 #include <ipxe/hmac_drbg.h>
 
-/** Choose HMAC_DRBG using SHA-1
+/** Choose HMAC_DRBG using SHA-256
  *
- * HMAC_DRBG using SHA-1 is an Approved algorithm in ANS X9.82.
+ * HMAC_DRBG using SHA-256 is an Approved algorithm in ANS X9.82.
  */
-#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA1
+#define HMAC_DRBG_ALGORITHM HMAC_DRBG_SHA256
 
 /** Maximum security strength */
 #define DRBG_MAX_SECURITY_STRENGTH \
@@ -25,10 +25,9 @@ FILE_LICENCE ( GPL2_OR_LATER );
 
 /** Security strength
  *
- * We choose to operate at the maximum security strength supported by
- * the algorithm.
+ * We choose to operate at a strength of 128 bits.
  */
-#define DRBG_SECURITY_STRENGTH DRBG_MAX_SECURITY_STRENGTH
+#define DRBG_SECURITY_STRENGTH 128
 
 /** Minimum entropy input length */
 #define DRBG_MIN_ENTROPY_LEN_BYTES \