This example uses the PSA Crypto API to perform the Key Derivation Function (KDF) on the supported device.
In cryptography, a key derivation function is a cryptographic hash function that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of an ECDH key exchange into a symmetric key for use with AES.
The example redirects standard I/O to the virtual serial port (VCOM) of the kit. By default, the serial port setting is 115200 bps and 8-N-1 configuration.
Except for the Series 1 Cortex-M0+ device, the example has been instrumented with code to count the number of clock cycles spent in different operations. The results are printed on the VCOM serial port console. This feature can be disabled by defining PSA_CRYPTO_PRINT=0 (default is 1) in the IDE setting (Preprocessor->Defined symbols).
The following key storages are supported in this example:
The following key derivation algorithms are supported in this example:
PSA_ALG_HKDF(hash_alg)PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(hash_alg))In this example, the ECDH key agreement is based on SECP256R1 if the PSA_ALG_KEY_AGREEMENT algorithm is used.
The following hash algorithms (HMAC) are supported in this example:
PSA_ALG_SHA_1PSA_ALG_SHA_224PSA_ALG_SHA_256PSA_ALG_SHA_384PSA_ALG_SHA_512The following derived key sizes are supported in this example:
The following derived key algorithms are supported in this example:
PSA_ALG_ECB_NO_PADDINGPSA_ALG_CBC_NO_PADDINGPSA_ALG_CFBPSA_ALG_CTRPSA_ALG_CCMPSA_ALG_GCMPSA_ALG_CHACHA20PSA_ALG_CHACHA20_POLY1305PSA_ALG_CMACPSA_ALG_HMAC(hash_alg)PSA_ALG_HKDF(hash_alg)The default derived key algorithm is PSA_ALG_CTR, it is defined in app_process.h.
The PSA_ALG_CHACHA20 and PSA_ALG_CHACHA20_POLY1305 can only use a 256-bit key.
The following PSA Crypto APIs are used in this example:
psa_crypto_initpsa_key_attributes_initpsa_set_key_typepsa_set_key_bitspsa_set_key_usage_flagspsa_set_key_algorithmpsa_set_key_idpsa_set_key_lifetimepsa_import_keypsa_key_derivation_output_keypsa_export_keypsa_get_key_attributespsa_get_key_algorithmpsa_reset_key_attributespsa_destroy_keypsa_key_derivation_operation_initpsa_key_derivation_setuppsa_key_derivation_set_capacitypsa_key_derivation_input_bytespsa_key_derivation_input_keypsa_key_derivation_key_agreementpsa_key_derivation_abortmbedtls_psa_crypto_freeAdapter Firmware under General Device Information in Simplicity Studio 5 Users Guide).Secure Firmware under General Device Information in Simplicity Studio 5 Users Guide).Device Console in Simplicity Studio 5, Line terminator: must be set to None).Platform() checkbox to browse the platform examples).BASE_KEY_ID and DERIVE_KEY_ID values in app_process.h if these key IDs had already existed in NVM3.PSA_ALG_KEY_AGREEMENT algorithm does not apply to the wrapped key.Optimize for debugging (-Og) on Simplicity IDE and None on IAR Embedded Workbench.