Software APIs
sw
device
lib
crypto
include
kmac_kdf.h
Go to the documentation of this file.
1
// Copyright lowRISC contributors (OpenTitan project).
2
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3
// SPDX-License-Identifier: Apache-2.0
4
5
#ifndef OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_
6
#define OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_
7
8
#include "datatypes.h"
9
10
/**
11
* @file
12
* @brief KMAC-KDF operations for the OpenTitan cryptography library.
13
*/
14
15
#ifdef __cplusplus
16
extern
"C"
{
17
#endif
// __cplusplus
18
19
/**
20
* Performs KMAC-KDF as specified in NIST SP 800-108r1.
21
*
22
* KMAC-KDF can use either KMAC128 or KMAC256; which one is determined by the
23
* key mode in the configuration of `key_derivation_key`.
24
*
25
* Because of limitations on the KMAC hardware, labels longer than 32 bytes are
26
* not supported.
27
*
28
* The caller should allocate and partially populate the `output_key_material`
29
* blinded key struct, including populating the key configuration and
30
* allocating space for the keyblob. The configuration may not indicate a
31
* hardware-backed key and must indicate a symmetric mode. The allocated
32
* keyblob length for the output key should be twice the unmasked key length
33
* indicated in its key configuration, rounded up to the nearest 32-bit word.
34
* The value in the `checksum` field of the blinded key struct will be
35
* populated by the key derivation function.
36
*
37
* @param key_derivation_key Blinded key derivation key.
38
* @param kmac_mode Either KMAC128 or KMAC256 as PRF.
39
* @param label Label string (optional, may be empty).
40
* @param context Context string (optional, may be empty).
41
* @param[out] output_key_material Blinded output key material.
42
* @return Result of the key derivation operation.
43
*/
44
otcrypto_status_t
otcrypto_kmac_kdf
(
45
const
otcrypto_blinded_key_t
key_derivation_key,
46
const
otcrypto_const_byte_buf_t
label,
47
const
otcrypto_const_byte_buf_t
context,
48
otcrypto_blinded_key_t
*output_key_material);
49
50
#ifdef __cplusplus
51
}
// extern "C"
52
#endif
// __cplusplus
53
54
#endif
// OPENTITAN_SW_DEVICE_LIB_CRYPTO_INCLUDE_KMAC_KDF_H_
Return to
OpenTitan Documentation