MCUX CLNS
MCUX Crypto Library Normal Secure
mcuxClEls_Key_Import_Puk_DER_example.c File Reference

Example of PuK import from a DER-encoded certificate using the ELS (CLNS component mcuxClEls) More...

#include <mcuxClEls.h>
#include <mcuxClMemory.h>
#include <mcuxCsslFlowProtection.h>
#include <mcuxClCore_FunctionIdentifiers.h>
#include <mcuxClCore_Examples.h>
#include <mcuxClExample_ELS_Helper.h>
#include <mcuxClExample_ELS_Key_Helper.h>
#include <mcuxClExample_RFC3394_Helper.h>

Macros

#define SHA256_BLOCK_SIZE
 

Functions

static mcuxClEls_EccByte_t ecc_signature [MCUXCLELS_ECC_SIGNATURE_SIZE__attribute__ ((aligned(4)))
 Output buffer for the signature of the mcuxClEls_EccSign_Async operation. More...
 
 MCUXCLEXAMPLE_FUNCTION (mcuxClEls_Key_Import_Puk_DER_example)
 Example for PuK import from DER-encoded certificate using mcuxClEls functions. More...
 

Variables

static uint8_t const der_certificate [450U]
 Key wrapping key. More...
 
static size_t der_certificate_offset_pbk
 Offset of the public key that we want to import within the certificate. More...
 
static size_t der_certificate_len_without_signature
 Total length of the certificate without signature. More...
 
static uint8_t key_rfc3394 [MCUXCLELS_RFC3394_CONTAINER_SIZE_P256]
 Output buffer for the wrapped ECC public root key. More...
 
static uint8_t der_certificate_import [sizeof(der_certificate)+SHA256_BLOCK_SIZE]
 Output buffer for the certificate and padding. More...
 
static mcuxClEls_EccByte_t ecc_root_public_key [MCUXCLELS_ECC_PUBLICKEY_SIZE]
 Output buffers for the public key of the mcuxClEls_EccKeyGen_Async operation. More...
 
static mcuxClEls_EccByte_t ecc_root_public_key_switched [MCUXCLELS_ECC_PUBLICKEY_SIZE]
 

Detailed Description

Example of PuK import from a DER-encoded certificate using the ELS (CLNS component mcuxClEls)

Function Documentation

◆ __attribute__()

static mcuxClEls_EccByte_t ecc_signature [MCUXCLELS_ECC_SIGNATURE_SIZE] __attribute__ ( (aligned(4))  )
static

Output buffer for the signature of the mcuxClEls_EccSign_Async operation.

Output buffer for the signature part r of the mcuxClEls_KeyImportPuk_Async operation.

Must be word-aligned!

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ MCUXCLEXAMPLE_FUNCTION()

MCUXCLEXAMPLE_FUNCTION ( mcuxClEls_Key_Import_Puk_DER_example  )

Example for PuK import from DER-encoded certificate using mcuxClEls functions.

Return values
MCUXCLEXAMPLE_STATUS_OKThe example code completed successfully
MCUXCLEXAMPLE_STATUS_ERRORThe example code failed

Initialize ELS, Enable the ELS

  1. Prepare certificate for import by copying certificate without signature and adding SHA-256 padding.
  2. Generace ECC key pair and sign the prepared certificate.
  3. Provision helper key and key wrapping key.
  4. Convert the generated root public key and import it into keystore.

function that performs RFC3394 key wrapping

  1. Import the public key from the certificate into keystore.
  2. Verify R and key properties.
  3. Cleanup.

deleted key_idx_helper_key keySlot

deleted key_idx_ecc_root_private_key keySlot

deleted key_idx_ecc_root_public_key keySlot

deleted key_idx_ecc_import_public_key keySlot

Disable the ELS

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

Variable Documentation

◆ der_certificate

uint8_t const der_certificate[450U]
static

Key wrapping key.

Raw DER-encoded certificate.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ der_certificate_offset_pbk

size_t der_certificate_offset_pbk
static

Offset of the public key that we want to import within the certificate.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ der_certificate_len_without_signature

size_t der_certificate_len_without_signature
static

Total length of the certificate without signature.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ key_rfc3394

uint8_t key_rfc3394[MCUXCLELS_RFC3394_CONTAINER_SIZE_P256]
static

Output buffer for the wrapped ECC public root key.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ der_certificate_import

uint8_t der_certificate_import[sizeof(der_certificate)+SHA256_BLOCK_SIZE]
static

Output buffer for the certificate and padding.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.

◆ ecc_root_public_key

Output buffers for the public key of the mcuxClEls_EccKeyGen_Async operation.

Examples
mcuxClEls_Key_Import_Puk_DER_example.c.