MCUX CLNS
MCUX Crypto Library Normal Secure
Loading...
Searching...
No Matches
mcuxClKey_WrapAndLoad_Rfc3394_Sgi_example.c

Example for the mcuxClKey component for RFC3394 key wrap and unwrap into an SGI key slot.

Example for the mcuxClKey component for RFC3394 key wrap and unwrap into an SGI key slot.

/*--------------------------------------------------------------------------*/
/* Copyright 2024-2025 NXP */
/* */
/* NXP Confidential and Proprietary. This software is owned or controlled */
/* by NXP and may only be used strictly in accordance with the applicable */
/* license terms. By expressly accepting such terms or by downloading, */
/* installing, activating and/or otherwise using the software, you are */
/* agreeing that you have read, and that you agree to comply with and are */
/* bound by, such license terms. If you do not agree to be bound by the */
/* applicable license terms, then you may not retain, install, activate or */
/* otherwise use the software. */
/*--------------------------------------------------------------------------*/
#include <mcuxClSession.h>
#include <mcuxClKey.h>
#include <mcuxClAes.h> // Interface to AES-related definitions and types
#include <mcuxCsslFlowProtection.h>
#include <mcuxClCore_FunctionIdentifiers.h> // Code flow protection
#include <mcuxClBuffer.h>
#include <mcuxClCore_Examples.h>
#include <mcuxClExample_Session_Helper.h>
#include <mcuxClExample_RNG_Helper.h>
// Test vectors are taken from https://datatracker.ietf.org/doc/html/rfc3394
static const uint32_t keyData[MCUXCLAES_AES128_KEY_SIZE / 4U] = {
0x33221100U, 0x77665544U, 0xBBAA9988U, 0xFFEEDDCCU
};
static const uint32_t kwk256Data[MCUXCLAES_AES256_KEY_SIZE / 4U] = {
0x03020100U, 0x07060504U, 0x0B0A0908U, 0x0F0E0D0CU,
0x13121110U, 0x17161514U, 0x1B1A1918U, 0x1F1E1D1CU
};
static const uint32_t expectedwrappedKeyData[MCUXCLAES_ENCODING_RFC3394_AES128_KEY_SIZE / 4U] = {
0xF9C3E864U, 0xA25B0FCEU, 0x7977E963U, 0x2A8A8105U,
0x1E19C893U, 0xE78A6E7DU
};
MCUXCLEXAMPLE_FUNCTION(mcuxClKey_WrapAndLoad_Rfc3394_Sgi_example)
{
/**************************************************************************/
/* Preparation */
/**************************************************************************/
mcuxClSession_Descriptor_t sessionDesc;
mcuxClSession_Handle_t session = &sessionDesc;
/* Allocate and initialize session */
MCUXCLEXAMPLE_ALLOCATE_AND_INITIALIZE_SESSION(session,
MCUXCLEXAMPLE_MAX_WA(MCUXCLEXAMPLE_MAX_WA(MCUXCLKEY_ENCODE_CPU_WA_SIZE, MCUXCLKEY_LOADCOPRO_CPU_WA_SIZE), MCUXCLRANDOM_NCINIT_WACPU_SIZE), 0U);
/* Initialize the PRNG */
MCUXCLEXAMPLE_INITIALIZE_PRNG(session);
/**************************************************************************/
/* Key Init and load the key-wrapping key */
/**************************************************************************/
uint32_t keyWrappingKeyDesc[MCUXCLKEY_DESCRIPTOR_SIZE_IN_WORDS];
MCUX_CSSL_ANALYSIS_START_PATTERN_REINTERPRET_MEMORY_OF_OPAQUE_TYPES()
mcuxClKey_Handle_t keyWrappingKey = (mcuxClKey_Handle_t) &keyWrappingKeyDesc;
MCUX_CSSL_ANALYSIS_STOP_PATTERN_REINTERPRET_MEMORY_OF_OPAQUE_TYPES()
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(kiKwk_status, kiKwk_token, mcuxClKey_init(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Handle_t key: */ keyWrappingKey,
/* mcuxClKey_Type_t type: */ mcuxClKey_Type_Aes256,
/* uint8_t * pKeyData: */ (const uint8_t*)kwk256Data,
/* uint32_t keyDataLength: */ sizeof(kwk256Data))
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_init) != kiKwk_token) || (MCUXCLKEY_STATUS_OK != kiKwk_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(klKwk_status, klKwk_token, mcuxClKey_loadCopro(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Handle_t key: */ keyWrappingKey,
/* uint32_t loadOptions: */ MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_6)
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_loadCopro) != klKwk_token) || (MCUXCLKEY_STATUS_OK != klKwk_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
/**************************************************************************/
/* Key Init+Wrap using the Key_encode API */
/**************************************************************************/
uint32_t keyDesc[MCUXCLKEY_DESCRIPTOR_SIZE_IN_WORDS];
MCUX_CSSL_ANALYSIS_START_PATTERN_REINTERPRET_MEMORY_OF_OPAQUE_TYPES()
mcuxClKey_Handle_t key = (mcuxClKey_Handle_t) &keyDesc;
MCUX_CSSL_ANALYSIS_STOP_PATTERN_REINTERPRET_MEMORY_OF_OPAQUE_TYPES()
uint8_t wrappedKeyData[MCUXCLAES_ENCODING_RFC3394_AES128_KEY_SIZE];
uint32_t wrappedKeyLen = 0u;
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(ke_status, ke_token, mcuxClKey_encode(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Encoding_t encoding: */ mcuxClAes_Encoding_Rfc3394,
/* mcuxClKey_Handle_t encodedKey: */ key,
/* mcuxClKey_Type_t type: */ mcuxClKey_Type_Aes128,
/* const uint8_t * pPlainKeyData: */ (const uint8_t *)keyData,
/* uint32_t plainKeyDataLength: */ sizeof(keyData),
/* const uint8_t * pAuxData: */ (uint8_t*) keyWrappingKeyDesc,
/* uint32_t auxDataLength: */ sizeof(keyWrappingKeyDesc),
/* uint8_t * pEncodedKeyData: */ wrappedKeyData,
/* uint32_t* const pEncodedKeyDataLength:*/ &wrappedKeyLen)
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_encode) != ke_token) || (MCUXCLKEY_STATUS_OK != ke_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
/**************************************************************************/
/* Verification */
/**************************************************************************/
MCUX_CSSL_ANALYSIS_START_SUPPRESS_ALREADY_INITIALIZED("Initialized by mcuxClKey_encode")
if(!mcuxClCore_assertEqual(wrappedKeyData, (const uint8_t *)expectedwrappedKeyData, sizeof(expectedwrappedKeyData)))
MCUX_CSSL_ANALYSIS_STOP_SUPPRESS_ALREADY_INITIALIZED()
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
if (MCUXCLAES_ENCODING_RFC3394_AES128_KEY_SIZE != wrappedKeyLen)
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
/**************************************************************************/
/* Crypto Operation */
/**************************************************************************/
/**************************************************************************/
/* Key Load/Unwrap using the mcuxClKey_loadCopro API */
/**************************************************************************/
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(kl_status, kl_token, mcuxClKey_loadCopro(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Handle_t key: */ key,
/* uint32_t loadOptions: */ MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_UNWRAP)
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_loadCopro) != kl_token) || (MCUXCLKEY_STATUS_OK != kl_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
/**************************************************************************/
/* Crypto Operation */
/**************************************************************************/
/**************************************************************************/
/* Flush the loaded keys */
/**************************************************************************/
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(kf1_status, kf1_token, mcuxClKey_flush(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Handle_t key: */ key)
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_flush) != kf1_token) || (MCUXCLKEY_STATUS_OK != kf1_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(kf2_status, kf2_token, mcuxClKey_flush(
/* mcuxClSession_Handle_t session: */ session,
/* mcuxClKey_Handle_t key: */ keyWrappingKey)
);
if((MCUX_CSSL_FP_FUNCTION_CALLED(mcuxClKey_flush) != kf2_token) || (MCUXCLKEY_STATUS_OK != kf2_status))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
MCUX_CSSL_FP_FUNCTION_CALL_END();
/**************************************************************************/
/* Destroy the current session */
/**************************************************************************/
if(!mcuxClExample_Session_Clean(session))
{
return MCUXCLEXAMPLE_STATUS_ERROR;
}
return MCUXCLEXAMPLE_STATUS_OK;
}
mcuxClAes.h
Top-level include file for the mcuxClAes component.
mcuxClBuffer.h
Top-level include file for the mcuxClBuffer component.
mcuxClCore_FunctionIdentifiers.h
Definition of function identifiers for the flow protection mechanism.
mcuxClKey.h
Top-level include file for the mcuxClKey component.
mcuxClSession.h
Top-level include file for the mcuxClSession component.
mcuxCsslFlowProtection.h
Provides the API for the CSSL flow protection mechanism.
MCUXCLAES_ENCODING_RFC3394_AES128_KEY_SIZE
#define MCUXCLAES_ENCODING_RFC3394_AES128_KEY_SIZE
RFC3394 encoding of AES-128 key material, encoded key size in bytes.
Definition mcuxClAes_Constants.h:49
MCUXCLAES_AES128_KEY_SIZE
#define MCUXCLAES_AES128_KEY_SIZE
AES-128 key size in bytes.
Definition mcuxClAes_Constants.h:40
MCUXCLAES_AES256_KEY_SIZE
#define MCUXCLAES_AES256_KEY_SIZE
AES-256 key size in bytes.
Definition mcuxClAes_Constants.h:44
mcuxClAes_Encoding_Rfc3394
static const mcuxClKey_Encoding_t mcuxClAes_Encoding_Rfc3394
Key encoding for RFC3394 key wrap/unwrap.
Definition mcuxClAes_KeyEncodingMechanisms.h:47
mcuxClKey_Type_Aes256
static const mcuxClKey_Type_t mcuxClKey_Type_Aes256
Key type pointer for AES-256 based keys.
Definition mcuxClAes_KeyTypes.h:63
mcuxClKey_Type_Aes128
static const mcuxClKey_Type_t mcuxClKey_Type_Aes128
Key type pointer for AES-128 based keys.
Definition mcuxClAes_KeyTypes.h:51
MCUXCLKEY_STATUS_OK
#define MCUXCLKEY_STATUS_OK
Key operation successful.
Definition mcuxClKey_Constants.h:40
MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_UNWRAP
#define MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_UNWRAP
Sgi key slot containing an RFC3394 unwrapped key.
Definition mcuxClKey_Constants.h:181
MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_6
#define MCUXCLKEY_LOADOPTION_SLOT_SGI_KEY_6
SGI key slot 6.
Definition mcuxClKey_Constants.h:178
mcuxClKey_init
mcuxClKey_Status_t mcuxClKey_init(mcuxClSession_Handle_t session, mcuxClKey_Handle_t key, mcuxClKey_Type_t type, const uint8_t *pKeyData, uint32_t keyDataLength)
Initializes a key handle.
mcuxClKey_flush
mcuxClKey_Status_t mcuxClKey_flush(mcuxClSession_Handle_t session, mcuxClKey_Handle_t key)
Flush key from destination which can be a key slot of coprocessor or memory buffer.
mcuxClKey_loadCopro
mcuxClKey_Status_t mcuxClKey_loadCopro(mcuxClSession_Handle_t session, mcuxClKey_Handle_t key, uint32_t loadOptions)
Load key into destination key slot of a coprocessor.
mcuxClKey_encode
mcuxClKey_Status_t mcuxClKey_encode(mcuxClSession_Handle_t session, mcuxClKey_Encoding_t encoding, mcuxClKey_Handle_t encodedKey, mcuxClKey_Type_t type, const uint8_t *pPlainKeyData, uint32_t plainKeyDataLength, const uint8_t *pAuxData, uint32_t auxDataLength, uint8_t *pEncodedKeyData, uint32_t *const pEncodedKeyDataLength)
Key descriptor initialization function including applying a encoding mechanism.
mcuxClKey_Handle_t
mcuxClKey_Descriptor_t *const mcuxClKey_Handle_t
Key handle type.
Definition mcuxClKey_Types.h:91
mcuxClSession_Handle_t
mcuxClSession_Descriptor_t *const mcuxClSession_Handle_t
Type for mcuxClSession Handle.
Definition mcuxClSession_Types.h:98
MCUX_CSSL_FP_FUNCTION_CALL_BEGIN
#define MCUX_CSSL_FP_FUNCTION_CALL_BEGIN(...)
Call a flow protected function and check the protection token.
Definition mcuxCsslFlowProtection.h:623
MCUX_CSSL_FP_FUNCTION_CALLED
#define MCUX_CSSL_FP_FUNCTION_CALLED(...)
Expectation of a called function.
Definition mcuxCsslFlowProtection.h:777
MCUX_CSSL_FP_FUNCTION_CALL_END
#define MCUX_CSSL_FP_FUNCTION_CALL_END(...)
End a function call section started by MCUX_CSSL_FP_FUNCTION_CALL_BEGIN.
Definition mcuxCsslFlowProtection.h:658