nRF5 SDK v13.0.0
Data Structures | Macros | Enumerations | Functions
crys_kdf
CryptoCell API

This module defines the API that supports Key derivation function in modes as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999. More...

Data Structures

struct  CRYS_KDF_OtherInfo_t
 

Macros

#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE   1024
 
#define CRYS_KDF_COUNT_OF_OTHER_INFO_ENTRIES   5
 
#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY   64
 
#define CRYS_KDF_MAX_SIZE_OF_KEYING_DATA   2048
 
#define _DX_KDF_KeyDerivFunc   CRYS_KDF_KeyDerivFunc
 
#define CRYS_KDF_ASN1_KeyDerivFunc(ZZSecret_ptr, ZZSecretSize, OtherInfo_ptr, KDFhashMode, KeyingData_ptr, KeyLenInBytes)   CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes))
 
#define CRYS_KDF_ConcatKeyDerivFunc(ZZSecret_ptr, ZZSecretSize, OtherInfo_ptr, KDFhashMode, KeyingData_ptr, KeyLenInBytes)   CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes))
 

Enumerations

enum  CRYS_KDF_HASH_OpMode_t {
  CRYS_KDF_HASH_SHA1_mode = 0,
  CRYS_KDF_HASH_SHA224_mode = 1,
  CRYS_KDF_HASH_SHA256_mode = 2,
  CRYS_KDF_HASH_SHA384_mode = 3,
  CRYS_KDF_HASH_SHA512_mode = 4,
  CRYS_KDF_HASH_NumOfModes,
  CRYS_KDF_HASH_OpModeLast = 0x7FFFFFFF
}
 
enum  CRYS_KDF_DerivFuncMode_t {
  CRYS_KDF_ASN1_DerivMode = 0,
  CRYS_KDF_ConcatDerivMode = 1,
  CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode,
  CRYS_KDF_ISO18033_KDF1_DerivMode = 3,
  CRYS_KDF_ISO18033_KDF2_DerivMode = 4,
  CRYS_KDF_DerivFunc_NumOfModes = 5,
  CRYS_KDF_DerivFuncModeLast = 0x7FFFFFFF
}
 

Functions

CRYSError_t CRYS_KDF_KeyDerivFunc (uint8_t *ZZSecret_ptr, uint32_t ZZSecretSize, CRYS_KDF_OtherInfo_t *OtherInfo_ptr, CRYS_KDF_HASH_OpMode_t KDFhashMode, CRYS_KDF_DerivFuncMode_t derivation_mode, uint8_t *KeyingData_ptr, uint32_t KeyingDataSizeBytes)
 CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2. More...
 

Detailed Description

This module defines the API that supports Key derivation function in modes as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999.

Macro Definition Documentation

#define CRYS_KDF_ASN1_KeyDerivFunc (   ZZSecret_ptr,
  ZZSecretSize,
  OtherInfo_ptr,
  KDFhashMode,
  KeyingData_ptr,
  KeyLenInBytes 
)    CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes))

CRYS_KDF_ASN1_KeyDerivFunc is A MACRO that performs key derivation according to ASN1 DER encoding method defined in standard ANS X9.42-2001, 7.2.1. For a description of the parameters see CRYS_KDF_KeyDerivFunc.

#define CRYS_KDF_ConcatKeyDerivFunc (   ZZSecret_ptr,
  ZZSecretSize,
  OtherInfo_ptr,
  KDFhashMode,
  KeyingData_ptr,
  KeyLenInBytes 
)    CRYS_KDF_KeyDerivFunc((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes))

CRYS_KDF_ConcatKeyDerivFunc is a MACRO that performs key derivation according to concatenation mode defined in standard ANS X9.42-2001, 7.2.2. For a description of the parameters see CRYS_KDF_KeyDerivFunc.

#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY   64

Size is in bytes

#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE   1024

Size is in bytes

Function Documentation

CRYSError_t CRYS_KDF_KeyDerivFunc ( uint8_t *  ZZSecret_ptr,
uint32_t  ZZSecretSize,
CRYS_KDF_OtherInfo_t OtherInfo_ptr,
CRYS_KDF_HASH_OpMode_t  KDFhashMode,
CRYS_KDF_DerivFuncMode_t  derivation_mode,
uint8_t *  KeyingData_ptr,
uint32_t  KeyingDataSizeBytes 
)

CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2.

The present implementation of the function allows the following operation modes:

  • CRYS_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
  • CRYS_KDF_ConcatDerivMode - mode based on concatenation;
  • CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode;
  • CRYS_KDF_ISO18033_KDF1_DerivMode - specific mode according to ECIES-KEM algorithm (ISO/IEC 18033-2).

The purpose of this function is to derive a keying data from the shared secret value and some other optional shared information (SharedInfo).

Note
  • The length in Bytes of the hash result buffer is denoted by "hashlen".

  • All buffers arguments are represented in Big-Endian format.

Returns
CRYS_OK on success.
A non-zero value on failure as defined crys_kdf_error.h.
Parameters
[in]ZZSecret_ptrA pointer to shared secret value octet string.
[in]ZZSecretSizeThe size of the shared secret value in bytes. The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE.
[in]OtherInfo_ptrThe pointer to structure, containing the data, shared by two entities of agreement and the data sizes. This argument may be optional in several modes (if it is not needed - set NULL). On two ISO/IEC 18033-2 modes - set NULL. On KDF ASN1 mode the OtherInfo and its AlgorithmID entry are mandatory.
[in]KDFhashModeThe KDF identifier of hash function to be used. The hash function output must be at least 160 bits.
[in]derivation_modeSpecifies one of above described derivation modes.
[out]KeyingData_ptrA pointer to the buffer for derived keying data.
[in]KeyingDataSizeBytesThe size in bytes of the keying data to be derived. The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_KEYING_DATA.
Documentation feedback | Developer Zone | Subscribe | Updated