NIST 800-108 Key Definition Functions

Detailed Description

Specifies an API for NIST 800-108 key definition functions.

Jetson Linux provides two functions that implement the counter-mode KDF as defined in NIST-SP 800-108. One is hardware-based, ( the other software-based. Both are for use only at run time, in contrast to the AES-CMAC functions, which are for use only at boot time.

For more information about the architecture of NIST-SP 800-108 and the concepts it uses, see NIST Special Publication 800-108, Recommendation for Key Derivation Using Pseudorandom Functions .

Functions
int	se_nist_sp_800_108_with_cmac (se_aes_keyslot_t keyslot, uint32_t key_len, char const *context, char const *label, uint32_t dk_len, uint8_t *out_dk)
	A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot. More...

Function Documentation

se_nist_sp_800_108_with_cmac()

int se_nist_sp_800_108_with_cmac	(	se_aes_keyslot_t	keyslot,
		uint32_t	key_len,
		char const *	context,
		char const *	label,
		uint32_t	dk_len,
		uint8_t *	out_dk
	)

A hardware-based NIST-SP-800-108 KDF; derives keys from the SE keyslot.

Note

Use this function only during Trusty initialization at boot time (the device boot stage). To derive keys from a key buffer at run time, use nist_sp_800_with_cmac().

Parameters

[in]	keyslot	A pointer to a 128-bit input key (an SE keyslot).
[in]	key_len	Length in bytes of the input key.
[in]	*context	A pointer to a NIST-SP-800-108 context string.
[in]	*label	A pointer to a NIST-SP-800-108 label string.
[in]	dk_len	Length of the derived key in bytes; may be 16 (128 bits) or any multiple of 16.
[out]	*out_dk	A pointer to the derived key. The function stores its result in this location.

Returns

NO_ERROR if successful, or ERR_NO_MEMORY if no memory is available.

Referenced by key_mgnt_derive_root_keys(), and tegra_se_nist_800_108_kdf_self_test().