When the [SP 800-90A] AES-256 DRBG is enabled with
the [12]
DRBG_EN set to '1', random data must be requested specifically by starting a
'Generate' operation. This is necessary as the DRBG Key and 'V' value have to be
updated before and after generating the requested amount of random data (as
specified in the standard).
Note: It is allowed to request more data than fits in the output buffer and buffer RAM. This will temporarily block the DRBG, if the reading does not keep up with the actual generation of the data, but the DRBG will re-start automatically when data is read out.
The following sequence must be used to obtain random data when the SP 800-90A DRBG is enabled:
- Optionally, when buffer RAM is configured: Set a data available
interrupt threshold using the [31] LOAD_THRESH and [30-24] BLOCKS_THRESH fields
of the
register. This allows delaying the data available interrupt until the indicated
number of 128-bit words are available in the buffer RAM.
- If a ‘Reseed’ was requested earlier, wait until it has completely finished (that is, until the TRNG_STATUS[10] RESEED_AI register bit equals '0').
- Wait until RESEED_AI bit equals '1', otherwise wait until the TRNG_STATUS[8] TEST_READY register bit equals '1'.
- Start the actual 'Generate' operation using the [16] REQUEST_DATA and [31-20]
DATA_BLOCKS fields of the
register (optionally using the [17] REQUEST_HOLD bit in case single byte writing
must be done).
- Wait until a data word is available in the
through
registers (using the interrupt and/or [0]
READY register status bit).
- If secure reading is enabled (with [15-12] READ_TIMEOUT register field value non-zero), enable
the reading by using the [15-0] OPEN_READ_GATE field or [12] OPEN_READ_GATE2 bit
in the
register.
- Read the random data from the
through
registers, then acknowledge the read by writing a '1' to the [0]
READY_ACK register bit.
- If more data was requested, go back to step 3 above.