doxygen/html/cc3xx__kmu_8h_source.html

/*

 * Copyright (c) 2020 Nordic Semiconductor ASA

 *

 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause

 */


#ifndef CC3XX_KMU_H__

#define CC3XX_KMU_H__


#include <stdint.h>


#if !defined(MBEDTLS_CONFIG_FILE)

#include "mbedtls/config.h"

#else

#include MBEDTLS_CONFIG_FILE

#endif


#include "nrf_cc3xx_platform_defines.h"


#define MBEDTLS_SHADOW_KEY_KDF_MAX_LABEL_SIZE_IN_BYTES (64)

#define MBEDTLS_SHADOW_KEY_KDF_MAX_CONTEXT_SIZE_IN_BYTES (64)

#define MBEDTLS_SHADOW_KEY_KDF_MAX_DERIVED_SIZE_IN_BYTES (4080)


#define MBEDTLS_ERR_SHADOW_KEY_KEY_OK (0)

#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SLOT (-1)

#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SIZE (-2)

#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_LABEL (-3)

#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_CONTEXT (-4)

#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_INPUT (-5)

#define MBEDTLS_ERR_SHADOW_KEY_INTERNAL_ERROR (-6)


#if defined(MBEDTLS_AES_C)


#include "mbedtls/aes.h"


#ifdef __cplusplus

extern "C"

{

#endif


int mbedtls_aes_setkey_enc_shadow_key(

 mbedtls_aes_context * const ctx,

 uint32_t slot_id,

 unsigned int keybits);


int mbedtls_aes_setkey_dec_shadow_key(

 mbedtls_aes_context * const ctx,

 uint32_t slot_id,

 unsigned int keybits);


int mbedtls_aes_setkey_enc_shadow_key_derived(

 mbedtls_aes_context * const ctx,

 uint32_t slot_id,

 unsigned int keybits,

 uint8_t const * label,

 size_t label_size,

 uint8_t const * context,

 size_t context_size);


int mbedtls_aes_setkey_dec_shadow_key_derived(

 mbedtls_aes_context * const ctx,

 uint32_t slot_id,

 unsigned int keybits,

 uint8_t const * label,

 size_t label_size,

 uint8_t const * context,

 size_t context_size);


#ifdef __cplusplus

}

#endif


#endif /* defined(MBEDTLS_AES_C) */


#if defined(MBEDTLS_CCM_C)


#include "mbedtls/ccm.h"


#ifdef __cplusplus

extern "C"

{

#endif


int mbedtls_ccm_setkey_shadow_key(

 mbedtls_ccm_context * const ctx,

 mbedtls_cipher_id_t cipher,

 uint32_t slot_id,

 unsigned int keybits

);


int mbedtls_ccm_setkey_shadow_key_derived(

 mbedtls_ccm_context * const ctx,

 mbedtls_cipher_id_t cipher,

 uint32_t slot_id,

 unsigned int keybits,

 uint8_t const * label,

 size_t label_size,

 uint8_t const * context,

 size_t context_size

);


#ifdef __cplusplus

}

#endif


#endif /* defined(MBEDTLS_CCM_C) */


#if defined(MBEDTLS_GCM_C)


#include "mbedtls/gcm.h"


#ifdef __cplusplus

extern "C"

{

#endif


int mbedtls_gcm_setkey_shadow_key(

 mbedtls_gcm_context * const ctx,

 mbedtls_cipher_id_t cipher,

 uint32_t slot_id,

 unsigned int keybits

);


int mbedtls_gcm_setkey_shadow_key_derived(

 mbedtls_gcm_context * const ctx,

 mbedtls_cipher_id_t cipher,

 uint32_t slot_id,

 unsigned int keybits,

 uint8_t const * label,

 size_t label_size,

 uint8_t const * context,

 size_t context_size

);


#ifdef __cplusplus

}

#endif


#endif // defined(MBEDTLS_GCM_C)


#if defined(MBEDTLS_AES_C)


#include "mbedtls/aes.h"


#ifdef __cplusplus

extern "C"

{

#endif


int mbedtls_shadow_key_derive(uint32_t slot_id,

 unsigned int keybits,

 uint8_t const * label,

 size_t label_size,

 uint8_t const * context,

 size_t context_size,

 uint8_t * output,

 size_t output_size);


#ifdef __cplusplus

}

#endif


#endif // defined(MBEDTLS_AES_C)


#endif /* CC3XX_KMU_H__ */


mbedtls_aes_setkey_dec_shadow_key
int mbedtls_aes_setkey_dec_shadow_key(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
Function to configure AES to use one or more KMU key slot for decryption.

mbedtls_aes_setkey_dec_shadow_key_derived
int mbedtls_aes_setkey_dec_shadow_key_derived(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES to use a key derived from one or more slots in KMU for decryption.

mbedtls_ccm_setkey_shadow_key
int mbedtls_ccm_setkey_shadow_key(mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
Function to configure AES CCM to use one or more KMU key slot as encryption key.

mbedtls_ccm_setkey_shadow_key_derived
int mbedtls_ccm_setkey_shadow_key_derived(mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES CCM to use a key derived from one or more slots in KMU for encryption.

mbedtls_aes_setkey_enc_shadow_key
int mbedtls_aes_setkey_enc_shadow_key(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
Function to configure AES to use one or more KMU key slot for encryption.

mbedtls_gcm_setkey_shadow_key
int mbedtls_gcm_setkey_shadow_key(mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
Function to configure AES GCM to use one or more KMU key slot as encryption key.

mbedtls_gcm_setkey_shadow_key_derived
int mbedtls_gcm_setkey_shadow_key_derived(mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES GCM to use a key derived from one or more slots in KMU for encryption.

mbedtls_aes_setkey_enc_shadow_key_derived
int mbedtls_aes_setkey_enc_shadow_key_derived(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES to use a key derived from one or more slots in KMU for encryption.

mbedtls_shadow_key_derive
int mbedtls_shadow_key_derive(uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size, uint8_t *output, size_t output_size)
Function to use CMAC to derive a key stored in KMU/Kdr.

nrf_cc3xx_platform_defines.h