nrfxlib API 2.8.99
Loading...
Searching...
No Matches
cc3xx_kmu.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2020 Nordic Semiconductor ASA
3 *
4 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
5 */
6
20#ifndef CC3XX_KMU_H__
21#define CC3XX_KMU_H__
22
23#include <stdint.h>
24
25#if !defined(MBEDTLS_CONFIG_FILE)
26#include "mbedtls/config.h"
27#else
28#include MBEDTLS_CONFIG_FILE
29#endif
30
31#include "nrf_cc3xx_platform_defines.h"
32
33
34#define MBEDTLS_SHADOW_KEY_KDF_MAX_LABEL_SIZE_IN_BYTES (64)
35#define MBEDTLS_SHADOW_KEY_KDF_MAX_CONTEXT_SIZE_IN_BYTES (64)
36#define MBEDTLS_SHADOW_KEY_KDF_MAX_DERIVED_SIZE_IN_BYTES (4080)
37
38
39#define MBEDTLS_ERR_SHADOW_KEY_KEY_OK (0)
40#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SLOT (-1)
41#define MBEDTLS_ERR_SHADOW_KEY_INVALID_SIZE (-2)
42#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_LABEL (-3)
43#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_CONTEXT (-4)
44#define MBEDTLS_ERR_SHADOW_KEY_KDF_INVALID_INPUT (-5)
45#define MBEDTLS_ERR_SHADOW_KEY_INTERNAL_ERROR (-6)
46
47#if defined(MBEDTLS_AES_C)
48
49#include "mbedtls/aes.h"
50
51#ifdef __cplusplus
52extern "C"
53{
54#endif
55
74int mbedtls_aes_setkey_enc_shadow_key(
75 mbedtls_aes_context * const ctx,
76 uint32_t slot_id,
77 unsigned int keybits);
78
79
98int mbedtls_aes_setkey_dec_shadow_key(
99 mbedtls_aes_context * const ctx,
100 uint32_t slot_id,
101 unsigned int keybits);
102
103
128int mbedtls_aes_setkey_enc_shadow_key_derived(
129 mbedtls_aes_context * const ctx,
130 uint32_t slot_id,
131 unsigned int keybits,
132 uint8_t const * label,
133 size_t label_size,
134 uint8_t const * context,
135 size_t context_size);
136
137
164int mbedtls_aes_setkey_dec_shadow_key_derived(
165 mbedtls_aes_context * const ctx,
166 uint32_t slot_id,
167 unsigned int keybits,
168 uint8_t const * label,
169 size_t label_size,
170 uint8_t const * context,
171 size_t context_size);
172
173#ifdef __cplusplus
174}
175#endif
176
177#endif /* defined(MBEDTLS_AES_C) */
178
179
180#if defined(MBEDTLS_CCM_C)
181
182#include "mbedtls/ccm.h"
183
184#ifdef __cplusplus
185extern "C"
186{
187#endif
188
208int mbedtls_ccm_setkey_shadow_key(
209 mbedtls_ccm_context * const ctx,
210 mbedtls_cipher_id_t cipher,
211 uint32_t slot_id,
212 unsigned int keybits
213);
214
243int mbedtls_ccm_setkey_shadow_key_derived(
244 mbedtls_ccm_context * const ctx,
245 mbedtls_cipher_id_t cipher,
246 uint32_t slot_id,
247 unsigned int keybits,
248 uint8_t const * label,
249 size_t label_size,
250 uint8_t const * context,
251 size_t context_size
252);
253
254#ifdef __cplusplus
255}
256#endif
257
258#endif /* defined(MBEDTLS_CCM_C) */
259
260#if defined(MBEDTLS_GCM_C)
261
262#include "mbedtls/gcm.h"
263
264#ifdef __cplusplus
265extern "C"
266{
267#endif
268
288int mbedtls_gcm_setkey_shadow_key(
289 mbedtls_gcm_context * const ctx,
290 mbedtls_cipher_id_t cipher,
291 uint32_t slot_id,
292 unsigned int keybits
293);
294
323int mbedtls_gcm_setkey_shadow_key_derived(
324 mbedtls_gcm_context * const ctx,
325 mbedtls_cipher_id_t cipher,
326 uint32_t slot_id,
327 unsigned int keybits,
328 uint8_t const * label,
329 size_t label_size,
330 uint8_t const * context,
331 size_t context_size
332);
333
334#ifdef __cplusplus
335}
336#endif
337
338#endif // defined(MBEDTLS_GCM_C)
339
340#if defined(MBEDTLS_AES_C)
341
342#include "mbedtls/aes.h"
343
344#ifdef __cplusplus
345extern "C"
346{
347#endif
348
349
386int mbedtls_shadow_key_derive(uint32_t slot_id,
387 unsigned int keybits,
388 uint8_t const * label,
389 size_t label_size,
390 uint8_t const * context,
391 size_t context_size,
392 uint8_t * output,
393 size_t output_size);
394
395#ifdef __cplusplus
396}
397#endif
398
399#endif // defined(MBEDTLS_AES_C)
400
401#endif /* CC3XX_KMU_H__ */
402
mbedtls_aes_setkey_dec_shadow_key
int mbedtls_aes_setkey_dec_shadow_key(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
Function to configure AES to use one or more KMU key slot for decryption.
mbedtls_aes_setkey_dec_shadow_key_derived
int mbedtls_aes_setkey_dec_shadow_key_derived(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES to use a key derived from one or more slots in KMU for decryption.
mbedtls_ccm_setkey_shadow_key
int mbedtls_ccm_setkey_shadow_key(mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
Function to configure AES CCM to use one or more KMU key slot as encryption key.
mbedtls_ccm_setkey_shadow_key_derived
int mbedtls_ccm_setkey_shadow_key_derived(mbedtls_ccm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES CCM to use a key derived from one or more slots in KMU for encryption.
mbedtls_aes_setkey_enc_shadow_key
int mbedtls_aes_setkey_enc_shadow_key(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits)
Function to configure AES to use one or more KMU key slot for encryption.
mbedtls_gcm_setkey_shadow_key
int mbedtls_gcm_setkey_shadow_key(mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits)
Function to configure AES GCM to use one or more KMU key slot as encryption key.
mbedtls_gcm_setkey_shadow_key_derived
int mbedtls_gcm_setkey_shadow_key_derived(mbedtls_gcm_context *const ctx, mbedtls_cipher_id_t cipher, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES GCM to use a key derived from one or more slots in KMU for encryption.
mbedtls_aes_setkey_enc_shadow_key_derived
int mbedtls_aes_setkey_enc_shadow_key_derived(mbedtls_aes_context *const ctx, uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size)
Function to configure AES to use a key derived from one or more slots in KMU for encryption.
mbedtls_shadow_key_derive
int mbedtls_shadow_key_derive(uint32_t slot_id, unsigned int keybits, uint8_t const *label, size_t label_size, uint8_t const *context, size_t context_size, uint8_t *output, size_t output_size)
Function to use CMAC to derive a key stored in KMU/Kdr.
nrf_cc3xx_platform_defines.h