MCUX CLNS
MCUX Crypto Library Normal Secure
mcuxClEls_Rng_Functions

Defines all functions of mcuxClEls_Rng. More...

Functions

MCUXCLELS_API MCUX_CSSL_FP_PROTECTED_TYPE (mcuxClEls_Status_t) mcuxClEls_Rng_DrbgRequest_Async(uint8_t *pOutput
 Writes random data from the ELS DRBG to the given buffer. More...
 

Variables

MCUXCLELS_API size_t outputLength
 
MCUXCLELS_API uint8_t * pOutput
 
MCUXCLELS_API size_t dataLength
 
MCUXCLELS_API size_t uint8_t const * pIvKey
 

Detailed Description

Defines all functions of mcuxClEls_Rng.

Function Documentation

◆ MCUX_CSSL_FP_PROTECTED_TYPE()

MCUXCLELS_API MCUX_CSSL_FP_PROTECTED_TYPE ( mcuxClEls_Status_t  )

Writes random data from the ELS DRBG to the given buffer.

Deprecated type for mcuxClSession protected status codes.

Deprecated type for RSA protected status codes.

Deprecated type for error codes used by code-flow protected PKC component functions.

Deprecated type for error codes used by code-flow protected mcuxClMemory component functions.

Deprecated type for error codes used by code-flow protected Math component functions.

Deprecated type for Key component error codes, returned by functions with code-flow protection.

Deprecated type for ELS driver protected status codes.

Deprecated type for mcuxClEcc component return codes.

Writes random data from the ELS PRNG to the given buffer.

Returns one random word from the ELS PRNG.

Performs characterization of the ELS DTRNG.

Loads a configuration of the ELS DTRNG.

Encrypts data using the AES-CTR engine of the DRBG.

Encrypts data using the AES-ECB engine of the DRBG.

Performs a DRBG extraction.

Instantiates the DRBG in test mode.

This function fills a buffer with random values from the DRBG. The DRBG provides 128 bits of security strength.

Before execution, ELS will wait until mcuxClEls_HwState_t.drbgentlvl == MCUXCLELS_STATUS_DRBGENTLVL_HIGH. This can lead to a delay if the DRBG is in a state with less security strength at the time of the call.

If the random values from the DRBG are later used as a cryptographic key, the security strength of the cryptographic operation using the generated key should not exceed that of the DRBG.

To name a few examples, this means (as per NIST SP 800-57 Part 1 Rev. 5):

  • AES-192 or AES-256 keys generated with this function will provide only 128 bits of security strength
  • RSA keys longer than 3072 bits will provide only 128 bits of security strength
  • ECC keys longer than 383 bits will provide only 128 bits of security strength

Call #mcuxClEls_WaitForOperation to complete the operation.

Parameters
[out]pOutputPointer to the beginning of the memory area to fill with random data
[in]outputLengthNumber of requested random bytes
Parameter properties
outputLength
supported values are MCUXCLELS_RNG_DRBG_TEST_EXTRACT_OUTPUT_MIN_SIZE bytes up to MCUXCLELS_RNG_DRBG_TEST_EXTRACT_OUTPUT_MAX_SIZE bytes. The size must be a multiple of 4.
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function is a support function for FIPS CAVP testing. This function turns the ELS internal DRBG in test mode by loading known entropy from system memory. Call #mcuxClEls_WaitForOperation to complete the operation. Note that this function will alter the ELS internal entropy state which needs to be updated by the TRNG to use the DRBG in normal mode. The update process is majorly impacted by the time the TRNG needs to provide fresh entropy.

Parameters
[in]pEntropyPointer to the input entropy data
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function is a support function for FIPS CAVP testing. This function mimics the behavior of #mcuxClEls_Rng_DrbgRequest_Async and fills a buffer with random data when DRBG is in test mode. Call #mcuxClEls_WaitForOperation to complete the operation. Note that this function will alter the ELS internal entropy state which needs to be updated by the TRNG to use the DRBG in normal mode. The update process is majorly impacted by the time the TRNG needs to provide fresh entropy.

Attention
#mcuxClEls_Rng_DrbgTestInstantiate_Async must be called prior to this function.
Parameters
[out]pOutputPointer to the output random number
[in]outputLengthLength of the random number
Parameter properties
outputLength
supported values are MCUXCLELS_RNG_DRBG_TEST_EXTRACT_OUTPUT_MIN_SIZE bytes up to MCUXCLELS_RNG_DRBG_TEST_EXTRACT_OUTPUT_MAX_SIZE bytes. The size must be a multiple of 4.
Returns
An error code (see MCUXCLELS_STATUS_)
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function is a support function for FIPS CAVP testing. This function performs an AES-ECB encryption on system data to evaluate the encryption engine of the DRBG. Call #mcuxClEls_WaitForOperation to complete the operation. Note that this function will alter the ELS internal entropy state which needs to be updated by the TRNG to use the DRBG in normal mode. The update process is majorly impacted by the time the TRNG needs to provide fresh entropy.

Parameters
[in]pDataKeyPointer to the data and key
[out]pOutputPointer to the encrypted output
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function is a support function for FIPS CAVP testing. This function performs an AES-CTR encryption on system data to evaluate the encryption engine of the DRBG in test mode. Call #mcuxClEls_WaitForOperation to complete the operation. Note that this function will alter the ELS internal entropy state which needs to be updated by the TRNG to use the DRBG in normal mode. The update process is majorly impacted by the time the TRNG needs to provide fresh entropy.

Parameters
[in]pDataPointer to the data to be encrypted
[in]dataLengthLength of the data to be encrypted
[in]pIvKeyPointer to the IV and key
[out]pOutputPointer to the encrypted output
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function overwrites the default DTRNG configuration in order to optimize or fine tune the DTRNG entropy gathering process. Call #mcuxClEls_WaitForOperation to complete the operation. Note that the TRNG configuration set by this function is non-persistent and any reset of the ELS (e.g. a power-cycle or calling #mcuxClEls_Reset_Async) will resets the DTRNG configuration to its default value.

Parameters
[in]pInputThe pointer to DTRNG initialization data
Parameter properties
pInput
The size is MCUXCLELS_RNG_DTRNG_CONFIG_SIZE bytes.
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function evaluates a DTRNG configuration for device specific characterization. The configuration used for characterization has to be placed in system memory. Call #mcuxClEls_WaitForOperation to complete the operation.

Attention
If this function is called once, all other ELS commands except #mcuxClEls_Rng_Dtrng_ConfigEvaluate_Async are blocked until any reset of the ELS (e.g. a power-cycle or calling #mcuxClEls_Reset_Async) is triggered.
Parameters
[in]pInputThe pointer to DTRNG initialization data
[out]pOutputThe pointer to the evaluation result
Parameter properties
pInput
The size is MCUXCLELS_RNG_DTRNG_EVAL_CONFIG_SIZE bytes.
pOutput
The size is MCUXCLELS_RNG_DTRNG_EVAL_RESULT_SIZE bytes.
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLELS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLELS_STATUS_OK_WAITon successful request

This function returns one low-quality random CPU word gathered from the PRNG.

Attention
PRNG has to be initialized prior to the first time calling this function.
Parameters
[out]pWordThe pointer to the random word
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_OKon successful request
MCUXCLELS_STATUS_HW_PRNGin case of insufficient entropy

This function fills a buffer with low-quality random values gathered from the PRNG.

Attention
PRNG has to be initialized prior to the first time calling this function.
Parameters
[out]pOutputPointer to the beginning of the memory area to fill with random data from PRNG
[in]outputLengthSize of pOutput in bytes
Returns
An error code that can be any error code in MCUXCLELS_STATUS_, see individual documentation for more information
Return values
MCUXCLELS_STATUS_OKon successful request
MCUXCLELS_STATUS_HW_PRNGin case of insufficient entropy