nrfxlib API 2.8.0
Loading...
Searching...
No Matches

◆ mbedtls_gcm_setkey_shadow_key_derived()

int mbedtls_gcm_setkey_shadow_key_derived ( mbedtls_gcm_context *const ctx,
mbedtls_cipher_id_t cipher,
uint32_t slot_id,
unsigned int keybits,
uint8_t const * label,
size_t label_size,
uint8_t const * context,
size_t context_size )

#include <crypto/nrf_cc310_mbedcrypto/include/mbedtls/cc3xx_kmu.h>

Function to configure AES GCM to use a key derived from one or more slots in KMU for encryption.

See mbedtls_derive_kmu_key for details on the KDF function.

Note
A shadow key is not directly accessible, only reference information is stored in the context type
Replaces the API mbedtls_gcm_setkey.
The key derivation is executed before each request to decrypt. This function only configures the context to use a derived key.
When deriving the key from KMU registers, the derived keys exist in SRAM for a brief period of time, before being loaded into the write-only CryptoCell HW registers for AES keys before decryption.
Parameters
ctxAES context to set the decryption key by KMU slot.
cipherCipher id to use.
slot_idIdentifier of the key slot (0 - 127).
keybitsKey size in bits.
labelLabel to use for KDF.
label_sizeSize of the label to use for KDF.
contextContext info to use for KDF.
context_sizeContext info size to use for KDF.
Returns
0 on success, otherwise a negative number.