crys_kdf

nRF5 SDK v14.2.0
Data Structures | Macros | Enumerations | Functions

This module defines the API that supports Key derivation function in modes as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999. More...

Data Structures

struct CRYS_KDF_OtherInfo_t

Macros

#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE 1024
#define CRYS_KDF_COUNT_OF_OTHER_INFO_ENTRIES 5
#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY 64
#define CRYS_KDF_MAX_SIZE_OF_KEYING_DATA 2048
#define _DX_KDF_KeyDerivFunc CRYS_KDF_KeyDerivFunc
#define CRYS_KDF_ASN1_KeyDerivFunc (ZZSecret_ptr, ZZSecretSize, OtherInfo_ptr, KDFhashMode, KeyingData_ptr, KeyLenInBytes) CRYS_KDF_KeyDerivFunc ((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes))
#define CRYS_KDF_ConcatKeyDerivFunc (ZZSecret_ptr, ZZSecretSize, OtherInfo_ptr, KDFhashMode, KeyingData_ptr, KeyLenInBytes) CRYS_KDF_KeyDerivFunc ((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes))

Enumerations

enum CRYS_KDF_HASH_OpMode_t {
CRYS_KDF_HASH_SHA1_mode = 0,
CRYS_KDF_HASH_SHA224_mode = 1,
CRYS_KDF_HASH_SHA256_mode = 2,
CRYS_KDF_HASH_SHA384_mode = 3,
CRYS_KDF_HASH_SHA512_mode = 4,
CRYS_KDF_HASH_NumOfModes ,
CRYS_KDF_HASH_OpModeLast = 0x7FFFFFFF
}
enum CRYS_KDF_DerivFuncMode_t {
CRYS_KDF_ASN1_DerivMode = 0,
CRYS_KDF_ConcatDerivMode = 1,
CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode,
CRYS_KDF_ISO18033_KDF1_DerivMode = 3,
CRYS_KDF_ISO18033_KDF2_DerivMode = 4,
CRYS_KDF_DerivFunc_NumOfModes = 5,
CRYS_KDF_DerivFuncModeLast = 0x7FFFFFFF
}

Functions

CRYSError_t CRYS_KDF_KeyDerivFunc (uint8_t *ZZSecret_ptr, uint32_t ZZSecretSize, CRYS_KDF_OtherInfo_t *OtherInfo_ptr, CRYS_KDF_HASH_OpMode_t KDFhashMode, CRYS_KDF_DerivFuncMode_t derivation_mode, uint8_t *KeyingData_ptr, uint32_t KeyingDataSizeBytes)
CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2. More...

Detailed Description

This module defines the API that supports Key derivation function in modes as defined in PKCS#3, ANSI X9.42-2001, and ANSI X9.63-1999.

Macro Definition Documentation

#define CRYS_KDF_ASN1_KeyDerivFunc ( ZZSecret_ptr,
ZZSecretSize,
OtherInfo_ptr,
KDFhashMode,
KeyingData_ptr,
KeyLenInBytes
) CRYS_KDF_KeyDerivFunc ((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ASN1_DerivMode,(KeyingData_ptr),(KeyLenInBytes))

CRYS_KDF_ASN1_KeyDerivFunc is A MACRO that performs key derivation according to ASN1 DER encoding method defined in standard ANS X9.42-2001, 7.2.1. For a description of the parameters see CRYS_KDF_KeyDerivFunc .

#define CRYS_KDF_ConcatKeyDerivFunc ( ZZSecret_ptr,
ZZSecretSize,
OtherInfo_ptr,
KDFhashMode,
KeyingData_ptr,
KeyLenInBytes
) CRYS_KDF_KeyDerivFunc ((ZZSecret_ptr),(ZZSecretSize),(OtherInfo_ptr),(KDFhashMode),CRYS_KDF_ConcatDerivMode,(KeyingData_ptr),(KeyLenInBytes))

CRYS_KDF_ConcatKeyDerivFunc is a MACRO that performs key derivation according to concatenation mode defined in standard ANS X9.42-2001, 7.2.2. For a description of the parameters see CRYS_KDF_KeyDerivFunc .

#define CRYS_KDF_MAX_SIZE_OF_OTHER_INFO_ENTRY   64

Size is in bytes

#define CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE   1024

Size is in bytes

Function Documentation

CRYSError_t CRYS_KDF_KeyDerivFunc ( uint8_t * ZZSecret_ptr ,
uint32_t ZZSecretSize ,
CRYS_KDF_OtherInfo_t * OtherInfo_ptr ,
CRYS_KDF_HASH_OpMode_t KDFhashMode ,
CRYS_KDF_DerivFuncMode_t derivation_mode ,
uint8_t * KeyingData_ptr ,
uint32_t KeyingDataSizeBytes
)

CRYS_KDF_KeyDerivFunc performs key derivation according to one of the modes defined in standards: ANS X9.42-2001, ANS X9.63, ISO/IEC 18033-2.

The present implementation of the function allows the following operation modes:

  • CRYS_KDF_ASN1_DerivMode - mode based on ASN.1 DER encoding;
  • CRYS_KDF_ConcatDerivMode - mode based on concatenation;
  • CRYS_KDF_X963_DerivMode = CRYS_KDF_ConcatDerivMode;
  • CRYS_KDF_ISO18033_KDF1_DerivMode - specific mode according to ECIES-KEM algorithm (ISO/IEC 18033-2).

The purpose of this function is to derive a keying data from the shared secret value and some other optional shared information (SharedInfo).

Note
  • The length in Bytes of the hash result buffer is denoted by "hashlen".

  • All buffers arguments are represented in Big-Endian format.

Returns
CRYS_OK on success.
A non-zero value on failure as defined crys_kdf_error.h.
Parameters
[in] ZZSecret_ptr A pointer to shared secret value octet string.
[in] ZZSecretSize The size of the shared secret value in bytes. The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_SHARED_SECRET_VALUE.
[in] OtherInfo_ptr The pointer to structure, containing the data, shared by two entities of agreement and the data sizes. This argument may be optional in several modes (if it is not needed - set NULL). On two ISO/IEC 18033-2 modes - set NULL. On KDF ASN1 mode the OtherInfo and its AlgorithmID entry are mandatory.
[in] KDFhashMode The KDF identifier of hash function to be used. The hash function output must be at least 160 bits.
[in] derivation_mode Specifies one of above described derivation modes.
[out] KeyingData_ptr A pointer to the buffer for derived keying data.
[in] KeyingDataSizeBytes The size in bytes of the keying data to be derived. The maximal size is defined as: CRYS_KDF_MAX_SIZE_OF_KEYING_DATA.