Software APIs
kmac_kdf.h
Go to the documentation of this file.
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_
6 #define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_
7 
8 #include "datatypes.h"
9 
10 /**
11  * @file
12  * @brief KMAC-KDF operations for the OpenTitan cryptography library.
13  */
14 
15 #ifdef __cplusplus
16 extern "C" {
17 #endif // __cplusplus
18 
19 /**
20  * Performs KMAC-KDF as specified in NIST SP 800-108r1.
21  *
22  * KMAC-KDF can use either KMAC128 or KMAC256; which one is determined by the
23  * key mode in the configuration of `key_derivation_key`.
24  *
25  * Because of limitations on the KMAC hardware, labels longer than 32 bytes are
26  * not supported.
27  *
28  * The caller should allocate and partially populate the `output_key_material`
29  * blinded key struct, including populating the key configuration and
30  * allocating space for the keyblob. The configuration may not indicate a
31  * hardware-backed key and must indicate a symmetric mode. The allocated
32  * keyblob length for the output key should be twice the unmasked key length
33  * indicated in its key configuration, rounded up to the nearest 32-bit word.
34  * The value in the `checksum` field of the blinded key struct will be
35  * populated by the key derivation function.
36  *
37  * @param key_derivation_key Blinded key derivation key.
38  * @param kmac_mode Either KMAC128 or KMAC256 as PRF.
39  * @param label Label string (optional, may be empty).
40  * @param context Context string (optional, may be empty).
41  * @param[out] output_key_material Blinded output key material.
42  * @return Result of the key derivation operation.
43  */
45  const otcrypto_blinded_key_t key_derivation_key,
46  const otcrypto_const_byte_buf_t label,
47  const otcrypto_const_byte_buf_t context,
48  otcrypto_blinded_key_t *output_key_material);
49 
50 #ifdef __cplusplus
51 } // extern "C"
52 #endif // __cplusplus
53 
54 #endif // OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_