[sw,cryptolib] Update ECC random scalar gen function header

h-filali · h-filali · commit 086b5b109407 · 2025-10-31T10:11:12.000+01:00
This commit updates the ECC random secret scalar generation
function header.

I checked the implementation for FIPS 186-5 compliance and
updated the header comment accordingly.

Signed-off-by: Hakim Filali &lt;hfilali@lowrisc.org&gt;
diff --git a/sw/otbn/crypto/p384_keygen.s b/sw/otbn/crypto/p384_keygen.s
@@ -13,10 +13,10 @@
  *
  * Returns t, a random value that is nonzero mod n, in shares.
  *
- * This follows a modified version of the method in FIPS 186-4 sections B.4.1
- * and B.5.1 for generation of secret scalar values d and k. The computation
- * in FIPS 186-4 is:
- *   seed = RBG(seedlen) // seedlen >= 448
+ * This follows a modified version of the method in FIPS 186-5 sections A.2.2
+ * and A.3.2 for generation of secret scalar values d and k. The computation
+ * in FIPS 186-5 is:
+ *   seed = RBG(seedlen) // seedlen >= 384
  *   return (seed mod (n-1)) + 1
  *
  * The important features here are that (a) the seed is at least 64 bits longer

Original file line number	Diff line number	Diff line change
`@@ -13,10 +13,10 @@`
`13`	`13`	`*`
`14`	`14`	`* Returns t, a random value that is nonzero mod n, in shares.`
`15`	`15`	`*`
`16`		`- * This follows a modified version of the method in FIPS 186-4 sections B.4.1`
`17`		`- * and B.5.1 for generation of secret scalar values d and k. The computation`
`18`		`- * in FIPS 186-4 is:`
`19`		`- * seed = RBG(seedlen) // seedlen >= 448`
	`16`	`+ * This follows a modified version of the method in FIPS 186-5 sections A.2.2`
	`17`	`+ * and A.3.2 for generation of secret scalar values d and k. The computation`
	`18`	`+ * in FIPS 186-5 is:`
	`19`	`+ * seed = RBG(seedlen) // seedlen >= 384`
`20`	`20`	`* return (seed mod (n-1)) + 1`
`21`	`21`	`*`
`22`	`22`	`* The important features here are that (a) the seed is at least 64 bits longer`