MCUX CLNS
MCUX Crypto Library Normal Secure
mcuxClCss_Kdf_Functions

Defines all functions of mcuxClCss_Kdf. More...

Functions

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Hkdf_Rfc5869_Async (mcuxClCss_HkdfOption_t options, mcuxClCss_KeyIndex_t derivationKeyIdx, mcuxClCss_KeyIndex_t targetKeyIdx, mcuxClCss_KeyProp_t targetKeyProperties, uint8_t const *pDerivationData)
 Derives a key using the HKDF (HMAC-based key derivation function) according to RFC5869. More...
 
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Hkdf_Sp80056c_Async (mcuxClCss_KeyIndex_t derivationKeyIdx, uint8_t *pTagetKey, uint8_t const *pDerivationData, size_t derivationDataLength)
 Derives a key using the HKDF (HMAC-based key derivation function) according to SP800-56C one-step approach with Sha2-256. More...
 
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Ckdf_Sp800108_Async (mcuxClCss_KeyIndex_t derivationKeyIdx, mcuxClCss_KeyIndex_t targetKeyIdx, mcuxClCss_KeyProp_t targetKeyProperties, uint8_t const *pDerivationData)
 Derives a key using the NIST SP 800-108 CMAC-based Extract-and-Expand Key Derivation Function. More...
 
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_TlsGenerateMasterKeyFromPreMasterKey_Async (uint8_t const *pDerivationData, mcuxClCss_KeyProp_t keyProperties, mcuxClCss_KeyIndex_t keyIdx)
 Generates a TLS master key based on a pre-master key and derivation data, according to the TLS 1.2 specification. More...
 
MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_TlsGenerateSessionKeysFromMasterKey_Async (uint8_t const *pDerivationData, mcuxClCss_KeyProp_t keyProperties, mcuxClCss_KeyIndex_t keyIdx)
 Generates TLS session keys based on a master key and derivation data, according to the TLS 1.2 specification. More...
 

Detailed Description

Defines all functions of mcuxClCss_Kdf.

Function Documentation

◆ mcuxClCss_Hkdf_Rfc5869_Async()

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Hkdf_Rfc5869_Async ( mcuxClCss_HkdfOption_t  options,
mcuxClCss_KeyIndex_t  derivationKeyIdx,
mcuxClCss_KeyIndex_t  targetKeyIdx,
mcuxClCss_KeyProp_t  targetKeyProperties,
uint8_t const *  pDerivationData 
)

Derives a key using the HKDF (HMAC-based key derivation function) according to RFC5869.

Call mcuxClCss_WaitForOperation to complete the operation.

Parameters
[in]optionsThe command options. For more information, see mcuxClCss_HkdfOption_t.
[in]derivationKeyIdxKey index used for derivation. Must be a 256-bit key with HKDF property bit set to 1.
[in]targetKeyIdxKey bank number of the derived key. Will be a 256-bit key, the user must ensure there is enough space in the keystore to hold the derived key.
[in]targetKeyPropertiesRequested properties for the derived key. The ksize field will be ignored.
[in]pDerivationDataThe algorithm-specific derivation data, the length is MCUXCLCSS_HKDF_RFC5869_DERIVATIONDATA_SIZE bytes
Returns
An error code that can be any error code in MCUXCLCSS_STATUS_, see individual documentation for more information
Return values
MCUXCLCSS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLCSS_STATUS_OK_WAITon successful request

◆ mcuxClCss_Hkdf_Sp80056c_Async()

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Hkdf_Sp80056c_Async ( mcuxClCss_KeyIndex_t  derivationKeyIdx,
uint8_t *  pTagetKey,
uint8_t const *  pDerivationData,
size_t  derivationDataLength 
)

Derives a key using the HKDF (HMAC-based key derivation function) according to SP800-56C one-step approach with Sha2-256.

Call mcuxClCss_WaitForOperation to complete the operation.

Parameters
[in]derivationKeyIdxKey index used for derivation. Must be a 256-bit key with HKDF property bit set to 1.
[out]pTagetKeyMemory area to store the derived key. Will be a 256-bit key, the user must ensure there is enough space in the keystore to hold the derived key.
[in]pDerivationDataThe algorithm-specific derivation data
[in]derivationDataLengthLength of the derivation data
Returns
An error code that can be any error code in MCUXCLCSS_STATUS_, see individual documentation for more information
Return values
MCUXCLCSS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLCSS_STATUS_OK_WAITon successful request

◆ mcuxClCss_Ckdf_Sp800108_Async()

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_Ckdf_Sp800108_Async ( mcuxClCss_KeyIndex_t  derivationKeyIdx,
mcuxClCss_KeyIndex_t  targetKeyIdx,
mcuxClCss_KeyProp_t  targetKeyProperties,
uint8_t const *  pDerivationData 
)

Derives a key using the NIST SP 800-108 CMAC-based Extract-and-Expand Key Derivation Function.

Call mcuxClCss_WaitForOperation to complete the operation.

Parameters
[in]derivationKeyIdxKey index used for derivation
[in]targetKeyIdxKey bank number of the derived key
[in]targetKeyPropertiesRequested properties for the derived key. Only set usage bits.
[in]pDerivationDataThe algorithm-specific derivation data, the length is MCUXCLCSS_CKDF_DERIVATIONDATA_SIZE bytes
Returns
An error code that can be any error code in MCUXCLCSS_STATUS_, see individual documentation for more information
Return values
MCUXCLCSS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLCSS_STATUS_OK_WAITon successful request

◆ mcuxClCss_TlsGenerateMasterKeyFromPreMasterKey_Async()

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_TlsGenerateMasterKeyFromPreMasterKey_Async ( uint8_t const *  pDerivationData,
mcuxClCss_KeyProp_t  keyProperties,
mcuxClCss_KeyIndex_t  keyIdx 
)

Generates a TLS master key based on a pre-master key and derivation data, according to the TLS 1.2 specification.

The pre-master key is overwritten in this operation. Call mcuxClCss_WaitForOperation to complete the operation.

Parameters
[in]pDerivationDataThe TLS derivation data, consisting of Label, Client Random and Server Random from the TLS 1.2 specification. Note: The order is different from mcuxClCss_TlsGenerateSessionKeysFromMasterKey_Async.
[in]keyPropertiesDesired key properties. Only mcuxClCss_KeyProp_t::upprot_priv and mcuxClCss_KeyProp_t::upprot_sec are used, the rest are ignored.
[in]keyIdxThe index of the TLS pre-master key, which is overwritten with the master key
Returns
An error code that can be any error code in MCUXCLCSS_STATUS_, see individual documentation for more information
Return values
MCUXCLCSS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLCSS_STATUS_OK_WAITon successful request
Examples
tls_master_key_session_keys.c.

◆ mcuxClCss_TlsGenerateSessionKeysFromMasterKey_Async()

MCUXCLCSS_API mcuxClCss_Status_Protected_t mcuxClCss_TlsGenerateSessionKeysFromMasterKey_Async ( uint8_t const *  pDerivationData,
mcuxClCss_KeyProp_t  keyProperties,
mcuxClCss_KeyIndex_t  keyIdx 
)

Generates TLS session keys based on a master key and derivation data, according to the TLS 1.2 specification.

The master key and the following five key indices are overwritten in this operation. The keys are written in the following order:

  1. Client Encryption Key
  2. Client Message Authentication Key
  3. Server Encryption Key
  4. Server Message Authentication Key

Call mcuxClCss_WaitForOperation to complete the operation.

Parameters
[in]pDerivationDataThe TLS derivation data, consisting of Label, Server Random and Client Random from the TLS 1.2 specification. Note: The order is different from mcuxClCss_TlsGenerateMasterKeyFromPreMasterKey_Async.
[in]keyPropertiesDesired key properties. Only mcuxClCss_KeyProp_t::upprot_priv and mcuxClCss_KeyProp_t::upprot_sec are used, the rest are ignored.
[in]keyIdxThe index of the TLS master key, which is overwritten with one of the session keys. There must be three further consecutive unoccupied key indices following this index.
Returns
An error code that can be any error code in MCUXCLCSS_STATUS_, see individual documentation for more information
Return values
MCUXCLCSS_STATUS_SW_INVALID_PARAMif invalid parameters were specified
MCUXCLCSS_STATUS_SW_CANNOT_INTERRUPTif a running operation prevented the request
MCUXCLCSS_STATUS_OK_WAITon successful request
Examples
tls_master_key_session_keys.c.