This example uses the SE Manager API to perform the key derivation (HKDF and PBKDF2) on the supported Series 2 Secure Vault device.
Abstracted from Wikipedia:<br>
In cryptography, a key derivation function (KDF) is a cryptographic hash function that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudo-random function. KDFs can be used to stretch keys into longer keys or to obtain keys of a required format, such as converting a group element that is the result of a Diffie–Hellman key exchange into a symmetric key for use with AES.
HKDF extracts a pseudo-random key (PRK) using an HMAC hash function (e.g. HMAC-SHA256) on an optional salt (acting as a key) and any potentially weak input key material (IKM) (acting as data). It then generates similarly cryptographically strong output key material (OKM) of any desired length by repeatedly generating PRK-keyed hash-blocks and then appending them into the output key material, finally truncating to the desired length.
PBKDF2 applies a pseudo-random function, such as hash-based message authentication code (HMAC), to the input password or passphrase along with a salt value and repeats the process many times to produce a derived key, which can then be used as a cryptographic key in subsequent operations. The added computational work makes password cracking much more difficult, and is known as key stretching.
In this example, test vectors are used to verify the HKDF and PBKDF2 operations.
The example redirects standard I/O to the virtual serial port (VCOM) of the kit. By default, the serial port setting is 115200 bps and 8-N-1 configuration.
The example has been instrumented with code to count the number of clock cycles spent in different operations. The results are printed on the VCOM serial port console. This feature can be disabled by defining SE_MANAGER_PRINT=0
(default is 1) in the IDE setting (Preprocessor->Defined symbols
).
The following SE Manager APIs are used in this example:
sl_se_init
sl_se_deinit
sl_se_init_command_context
sl_se_deinit_command_context
sl_se_derive_key_hkdf
sl_se_derive_key_pbkdf2
Adapter Firmware
under General Device Information in Simplicity Studio 5 Users Guide).Secure Firmware
under General Device Information in Simplicity Studio 5 Users Guide).Platform()
checkbox to browse the platform examples).Optimize for debugging (-Og)
on Simplicity IDE and None
on IAR Embedded Workbench.