Specifies an API for NIST 800-108 key definition functions.
Jetson Linux provides two functions that implement the counter-mode KDF as defined in NIST-SP 800-108. One is hardware-based, ( the other software-based. Both are for use only at run time, in contrast to the AES-CMAC functions, which are for use only at boot time.
For more information about the architecture of NIST-SP 800-108 and the concepts it uses, see NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions .
Functions | |
int | se_nist_sp_800_108_with_cmac (se_aes_keyslot_t keyslot, uint32_t key_len, char const *context, char const *label, uint32_t dk_len, uint8_t *out_dk) |
A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot. More... | |
int se_nist_sp_800_108_with_cmac | ( | se_aes_keyslot_t | keyslot, |
uint32_t | key_len, | ||
char const * | context, | ||
char const * | label, | ||
uint32_t | dk_len, | ||
uint8_t * | out_dk | ||
) |
A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot.
[in] | keyslot | A pointer to a 128-bit input key (an SE keyslot). |
[in] | key_len | Length in bytes of the input key. |
[in] | *context | A pointer to a NIST-SP-800-108 context string. |
[in] | *label | A pointer to a NIST-SP-800-108 label string. |
[in] | dk_len | Length of the derived key in bytes; may be 16 (128 bits) or any multiple of 16. |
[out] | *out_dk | A pointer to the derived key. The function stores its result in this location. |
Referenced by key_mgnt_derive_root_keys(), and tegra_se_nist_800_108_kdf_self_test().