nrfxlib API 2.8.0
Loading...
Searching...
No Matches
nrf_cc3xx_mbedcrypto KMU APIs

The nrf_cc3xx_mbedcrypto_kmu APIs can be utilized to directly use or derive keys from KMU or KDR in ARM CryptoCell devices. More...

Macros

#define MBEDTLS_SHADOW_KEY_KDF_MAX_LABEL_SIZE_IN_BYTES   (64)
 KDF input "label" can be 0 to 64 bytes.
 
#define MBEDTLS_SHADOW_KEY_KDF_MAX_CONTEXT_SIZE_IN_BYTES   (64)
 KDF input "context" can be 0 to 64 bytes.
 
#define MBEDTLS_SHADOW_KEY_KDF_MAX_DERIVED_SIZE_IN_BYTES   (4080)
 KDF max length for derived material.
 
#define MBEDTLS_ERR_SHADOW_KEY_KEY_OK   (0)
 The shadow key operation was succesful.
 
#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SLOT   (-1)
 The shadow key operation used an invalid slot.
 
#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SIZE   (-2)
 The shadow key was of invalid size.
 
#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_LABEL   (-3)
 The KDF input label is invalid.
 
#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_CONTEXT   (-4)
 The KDF input context is invalid.
 
#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_INPUT   (-5)
 The KDF input is invalid.
 
#define MBEDTLS_ERR_SHADOW_KEY_INTERNAL_ERROR   (-6)
 KMU/KDF internal error.
 

Functions

int mbedtls_aes_setkey_enc_shadow_key (mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
 Function to configure AES to use one or more KMU key slot for encryption.
 
int mbedtls_aes_setkey_dec_shadow_key (mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
 Function to configure AES to use one or more KMU key slot for decryption.
 
int mbedtls_aes_setkey_enc_shadow_key_derived (mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
 Function to configure AES to use a key derived from one or more slots in KMU for encryption.
 
int mbedtls_aes_setkey_dec_shadow_key_derived (mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
 Function to configure AES to use a key derived from one or more slots in KMU for decryption.
 
int mbedtls_ccm_setkey_shadow_key (mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
 Function to configure AES CCM to use one or more KMU key slot as encryption key.
 
int mbedtls_ccm_setkey_shadow_key_derived (mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
 Function to configure AES CCM to use a key derived from one or more slots in KMU for encryption.
 
int mbedtls_gcm_setkey_shadow_key (mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
 Function to configure AES GCM to use one or more KMU key slot as encryption key.
 
int mbedtls_gcm_setkey_shadow_key_derived (mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
 Function to configure AES GCM to use a key derived from one or more slots in KMU for encryption.
 
int mbedtls_shadow_key_derive (uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size, uint8_t *output, size_t output_size)
 Function to use CMAC to derive a key stored in KMU/Kdr.
 

Detailed Description

The nrf_cc3xx_mbedcrypto_kmu APIs can be utilized to directly use or derive keys from KMU or KDR in ARM CryptoCell devices.