Software APIs
kdf_ctr.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KDF_CTR_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KDF_CTR_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief KDF-CTR operations for the OpenTitan cryptography library.
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * Performs KDF-CTR with HMAC as the PRF, according to NIST SP 800-108r1.
21  *
22  * The caller should allocate and partially populate the `output_key_material`
23  * blinded key struct, including populating the key configuration and
24  * allocating space for the keyblob. The configuration may not indicate a
25  * hardware-backed key and must indicate a symmetric mode. The allocated
26  * keyblob length for the output key should be twice the unmasked key length
27  * indicated in its key configuration, rounded up to the nearest 32-bit word.
28  * The value in the `checksum` field of the blinded key struct will be
29  * populated by the key derivation function.
30  *
31  * @param key_derivation_key Blinded key derivation key.
32  * @param label Label string (optional, may be empty).
33  * @param context Context string (optional, may be empty).
34  * @param[out] output_key_material Blinded output key material.
35  * @return Result of the key derivation operation.
36  */
38  const otcrypto_blinded_key_t key_derivation_key,
39  const otcrypto_const_byte_buf_t label,
40  const otcrypto_const_byte_buf_t context,
41  otcrypto_blinded_key_t *output_key_material);
42 
43 #ifdef __cplusplus
44 } // extern "C"
45 #endif // __cplusplus
46 
47 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KDF_CTR_H_