SE Manager Key Derivation (HKDF and PBKDF2)

This example uses the SE Manager API to perform the key derivation (HKDF and PBKDF2) on the supported Series 2 Secure Vault device.

Abstracted from Wikipedia:<br>

In cryptography, a key derivation function (KDF) is a cryptographic hash function that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES.

HKDF extracts a pseudo-random key (PRK) using an HMAC hash function (e.g. HMAC-SHA256) on an optional salt (acting as a key) and any potentially weak input key material (IKM) (acting as data). It then generates similarly cryptographically strong output key material (OKM) of any desired length by repeatedly generating PRK-keyed hash-blocks and then appending them into the output key material, finally truncating to the desired length.

PBKDF2 applies a pseudo-random function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.

In this example, test vectors are used to verify the HKDF and PBKDF2 operations.

The example redirects standard I/O to the virtual serial port (VCOM) of the kit. By default, the serial port setting is 115200 bps and 8-N-1 configuration.

The example has been instrumented with code to count the number of clock cycles spent in different operations. The results are printed on the VCOM serial port console. This feature can be disabled by defining SE_MANAGER_PRINT=0 (default is 1) in the IDE setting (Preprocessor->Defined symbols).

SE Manager API

The following SE Manager APIs are used in this example:

Getting Started

  1. Upgrade the kit’s firmware to the latest version (see Adapter Firmware under General Device Information in Simplicity Studio 5 Users Guide).
  2. Upgrade the device’s SE firmware to the latest version (see Secure Firmware under General Device Information in Simplicity Studio 5 Users Guide).
  3. Open any terminal program and connect to the kit’s VCOM port.
  4. Create this platform example project in the Simplicity IDE (see Examples in Simplicity Studio 5 Users Guide, check Platform() checkbox to browse the platform examples).
  5. Build the example and download it to the kit (see Simple Build and Flash Programmer in Simplicity Studio 5 Users Guide).
  6. Run the example and the console should display the process steps of this example.

Additional Information

  1. The default optimization level is Optimize for debugging (-Og) on Simplicity IDE and None on IAR Embedded Workbench.