nrfxlib API 0.1.0
Loading...
Searching...
No Matches

◆ mbedtls_aes_setkey_dec_shadow_key_derived()

int mbedtls_aes_setkey_dec_shadow_key_derived ( mbedtls_aes_context *const  ctx,
uint32_t  slot_id,
unsigned int  keybits,
uint8_t const *  label,
size_t  label_size,
uint8_t const *  context,
size_t  context_size 
)

#include <crypto/nrf_cc310_mbedcrypto/include/mbedtls/cc3xx_kmu.h>

Function to configure AES to use a key derived from one or more slots in KMU for decryption.

See mbedtls_derive_kmu_key for details on the KDF function.

Note
A shadow key is not directly accessible, only reference information is stored in the context type
Replaces the API mbedtls_aes_setkey_enc.
The key derivation is executed before each request to decrypt. This function only configures the context to use a derived key.
When deriving the key from KMU registers, the derived keys exist in SRAM for a brief period of time, before being loaded into the write-only CryptoCell HW registers for AES keys before decryption.
Parameters
ctxAES context to set the decryption key by KMU slot.
slot_idIdentifier of the key slot (0 - 127).
keybitsKey size in bits.
labelLabel to use for KDF.
label_sizeSize of the label to use for KDF.
contextContext info to use for KDF.
context_sizeContext info size to use for KDF.
Returns
0 on success, otherwise a negative number.