This example uses the PSA Crypto API to perform the Key Derivation Function (KDF) on the supported device.
In cryptography, a key derivation function is a cryptographic hash function that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of an ECDH key exchange into a symmetric key for use with AES.
The example redirects standard I/O to the virtual serial port (VCOM) of the kit. By default, the serial port setting is 115200 bps and 8-N-1 configuration.
Except for the Series 1 Cortex-M0+ device, the example has been instrumented with code to count the number of clock cycles spent in different operations. The results are printed on the VCOM serial port console. This feature can be disabled by defining PSA_CRYPTO_PRINT=0
(default is 1) in the IDE setting (Preprocessor->Defined symbols
).
The following key storages are supported in this example:
The following key derivation algorithms are supported in this example:
PSA_ALG_HKDF(hash_alg)
PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(hash_alg))
In this example, the ECDH key agreement is based on SECP256R1 if the PSA_ALG_KEY_AGREEMENT
algorithm is used.
The following hash algorithms (HMAC) are supported in this example:
PSA_ALG_SHA_1
PSA_ALG_SHA_224
PSA_ALG_SHA_256
PSA_ALG_SHA_384
PSA_ALG_SHA_512
The following derived key sizes are supported in this example:
The following derived key algorithms are supported in this example:
PSA_ALG_ECB_NO_PADDING
PSA_ALG_CBC_NO_PADDING
PSA_ALG_CFB
PSA_ALG_CTR
PSA_ALG_CCM
PSA_ALG_GCM
PSA_ALG_CHACHA20
PSA_ALG_CHACHA20_POLY1305
PSA_ALG_CMAC
PSA_ALG_HMAC(hash_alg)
PSA_ALG_HKDF(hash_alg)
The default derived key algorithm is PSA_ALG_CTR
, it is defined in app_process.h
.
The PSA_ALG_CHACHA20
and PSA_ALG_CHACHA20_POLY1305
can only use a 256-bit key.
The following PSA Crypto APIs are used in this example:
psa_crypto_init
psa_key_attributes_init
psa_set_key_type
psa_set_key_bits
psa_set_key_usage_flags
psa_set_key_algorithm
psa_set_key_id
psa_set_key_lifetime
psa_import_key
psa_key_derivation_output_key
psa_export_key
psa_get_key_attributes
psa_get_key_algorithm
psa_reset_key_attributes
psa_destroy_key
psa_key_derivation_operation_init
psa_key_derivation_setup
psa_key_derivation_set_capacity
psa_key_derivation_input_bytes
psa_key_derivation_input_key
psa_key_derivation_key_agreement
psa_key_derivation_abort
mbedtls_psa_crypto_free
Adapter Firmware
under General Device Information in Simplicity Studio 5 Users Guide).Secure Firmware
under General Device Information in Simplicity Studio 5 Users Guide).Device Console
in Simplicity Studio 5, Line terminator:
must be set to None
).Platform()
checkbox to browse the platform examples).BASE_KEY_ID
and DERIVE_KEY_ID
values in app_process.h
if these key IDs had already existed in NVM3.PSA_ALG_KEY_AGREEMENT
algorithm does not apply to the wrapped key.Optimize for debugging (-Og)
on Simplicity IDE and None
on IAR Embedded Workbench.