nrfxlib API 2.8.0
|
int mbedtls_shadow_key_derive | ( | uint32_t | slot_id, |
unsigned int | keybits, | ||
uint8_t const * | label, | ||
size_t | label_size, | ||
uint8_t const * | context, | ||
size_t | context_size, | ||
uint8_t * | output, | ||
size_t | output_size ) |
#include <crypto/nrf_cc310_mbedcrypto/include/mbedtls/cc3xx_kmu.h>
Function to use CMAC to derive a key stored in KMU/Kdr.
The KDF is using a PRF function described in the Special publication 800-108: Recommendation for Key Derivation Using Pseudorandom Functions https://csrc.nist.gov/publications/detail/sp/800-108/final.
This algorithm is described in chapter 5.1 - KDF in Counter Mode
The format of the PRF (the input) is as follows: PRF (KI, i || Label || 0x00 || Context || L)
KI: The Key derivation key i : The counter value for each iteration of the PRF represented as one byte. label: A string identifying the purpose of the derived key that is up to 64 bytes long. 0x00: a single byte delimiter. Context: Fixed information about the derived keying material that is up to 64 bytes long. L : The length of derived key material in bits represented as two bytes.
slot_id | Identifier of the key slot. |
keybits | Key size in bits. |
label | Label to use for KDF. |
label_size | Size of the label to use for KDF. |
context | Context info to use for KDF. |
context_size | Context info size to use for KDF. |
output | Output buffer. |
output_size | Size of output buffer in bytes. |