Jetson Linux API Reference

32.7.5 Release
NIST 800-108 Key Definition Functions

Detailed Description

Specifies an API for NIST 800-108 key definition functions.

Jetson Linux provides two functions that implement the counter-mode KDF as defined in NIST-SP 800-108. One is hardware-based, ( the other software-based. Both are for use only at run time, in contrast to the AES-CMAC functions, which are for use only at boot time.

For more information about the architecture of NIST-SP 800-108 and the concepts it uses, see NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions .

Functions

int se_nist_sp_800_108_with_cmac (se_aes_keyslot_t keyslot, uint32_t key_len, char const *context, char const *label, uint32_t dk_len, uint8_t *out_dk)
 A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot. More...
 

Function Documentation

◆ se_nist_sp_800_108_with_cmac()

int se_nist_sp_800_108_with_cmac ( se_aes_keyslot_t  keyslot,
uint32_t  key_len,
char const *  context,
char const *  label,
uint32_t  dk_len,
uint8_t *  out_dk 
)

A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot.

Note
Use this function only during Trusty initialization at boot time (the device boot stage). To derive keys from a key buffer at run time, use nist_sp_800_with_cmac().
Parameters
[in]keyslotA pointer to a 128-bit input key (an SE keyslot).
[in]key_lenLength in bytes of the input key.
[in]*contextA pointer to a NIST-SP-800-108 context string.
[in]*labelA pointer to a NIST-SP-800-108 label string.
[in]dk_lenLength of the derived key in bytes; may be 16 (128 bits) or any multiple of 16.
[out]*out_dkA pointer to the derived key. The function stores its result in this location.
Returns
NO_ERROR if successful, or ERR_NO_MEMORY if no memory is available.

Referenced by key_mgnt_derive_root_keys(), and tegra_se_nist_800_108_kdf_self_test().