nRF Connect SDK API 3.3.99
Loading...
Searching...
No Matches
cracen_kmu.h
Go to the documentation of this file.
1/*
2 * Copyright (c) 2024 Nordic Semiconductor ASA
3 *
4 * SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
5 */
6
17#pragma once
18
19#include <stdint.h>
20#include <cracen_psa.h>
21
22#define CRACEN_KMU_PUSH_AREA_SIZE 96u
23#define CRACEN_KMU_MAX_KEY_SIZE 48u
24#define CRACEN_KMU_SLOT_KEY_SIZE 16u
25
35
36typedef struct {
37 uint8_t key_usage_scheme: 2; /* value of @ref cracen_kmu_metadata_key_usage_scheme. */
38 uint8_t number_of_slots: 3; /* Number of slots to push. */
39 uint8_t slot_id; /* KMU slot number. */
40} kmu_opaque_key_buffer;
41
42/* Two KMU slots are reserved for storing the invalidation data for the protected RAM.
43 * These are meant to have random data that can pushed to the protected RAM after
44 * an actual key is being used so that the key material does not reside in the protected
45 * RAM for more than the required time.
46 */
47#define PROTECTED_RAM_INVALIDATION_DATA_SLOT1 248
48#define PROTECTED_RAM_INVALIDATION_DATA_SLOT2 249
49
50extern uint8_t kmu_push_area[CRACEN_KMU_PUSH_AREA_SIZE];
51
58int cracen_kmu_prepare_key(const uint8_t *user_data);
59
66int cracen_kmu_clean_key(const uint8_t *user_data);
67
74psa_status_t cracen_kmu_get_builtin_key(psa_drv_slot_number_t slot_number,
75 psa_key_attributes_t *attributes, uint8_t *key_buffer,
76 size_t key_buffer_size, size_t *key_buffer_length);
77
81psa_status_t cracen_kmu_provision(const psa_key_attributes_t *key_attr, int slot_id,
82 const uint8_t *key_buffer, size_t key_buffer_size);
83
87psa_status_t cracen_kmu_destroy_key(const psa_key_attributes_t *attributes);
88
97psa_status_t cracen_provision_prot_ram_inv_slots(void);
98
107psa_status_t cracen_push_prot_ram_inv_slots(void);
108
cracen_psa.h
psa_status_t
int32_t psa_status_t
Definition error.h:26
cracen_provision_prot_ram_inv_slots
psa_status_t cracen_provision_prot_ram_inv_slots(void)
Provision the protected RAM invalidation data.
cracen_kmu_destroy_key
psa_status_t cracen_kmu_destroy_key(const psa_key_attributes_t *attributes)
Destroy a key stored in the KMU.
cracen_kmu_get_builtin_key
psa_status_t cracen_kmu_get_builtin_key(psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
Retrieves attributes and opaque key buffer for key.
CRACEN_KMU_PUSH_AREA_SIZE
#define CRACEN_KMU_PUSH_AREA_SIZE
Definition cracen_kmu.h:22
kmu_metadata_key_bits
kmu_metadata_key_bits
Definition cracen_kmu.h:26
METADATA_ALG_KEY_BITS_256
@ METADATA_ALG_KEY_BITS_256
Definition cracen_kmu.h:30
METADATA_ALG_KEY_BITS_128
@ METADATA_ALG_KEY_BITS_128
Definition cracen_kmu.h:27
METADATA_ALG_KEY_BITS_192
@ METADATA_ALG_KEY_BITS_192
Definition cracen_kmu.h:28
METADATA_ALG_KEY_BITS_255
@ METADATA_ALG_KEY_BITS_255
Definition cracen_kmu.h:29
METADATA_ALG_KEY_BITS_384_SEED
@ METADATA_ALG_KEY_BITS_384_SEED
Definition cracen_kmu.h:31
METADATA_ALG_KEY_BITS_384
@ METADATA_ALG_KEY_BITS_384
Definition cracen_kmu.h:32
METADATA_ALG_KEY_BITS_RESERVED_2
@ METADATA_ALG_KEY_BITS_RESERVED_2
Definition cracen_kmu.h:33
cracen_kmu_provision
psa_status_t cracen_kmu_provision(const psa_key_attributes_t *key_attr, int slot_id, const uint8_t *key_buffer, size_t key_buffer_size)
Provision a key in the KMU.
cracen_kmu_clean_key
int cracen_kmu_clean_key(const uint8_t *user_data)
Callback function that clears transient buffers related to key handling.
cracen_push_prot_ram_inv_slots
psa_status_t cracen_push_prot_ram_inv_slots(void)
Push the protected RAM invalidation slots to protected RAM.
cracen_kmu_prepare_key
int cracen_kmu_prepare_key(const uint8_t *user_data)
Callback function that prepares a key for usage by Cracen.
kmu_push_area
uint8_t kmu_push_area[96u]
psa_drv_slot_number_t
psa_drv_slot_number_t
Definition platform_builtin_key_loader_ids.h:17
kmu_opaque_key_buffer::key_usage_scheme
uint8_t key_usage_scheme
Definition cracen_kmu.h:37
kmu_opaque_key_buffer::slot_id
uint8_t slot_id
Definition cracen_kmu.h:39
kmu_opaque_key_buffer::number_of_slots
uint8_t number_of_slots
Definition cracen_kmu.h:38
kmu_opaque_key_buffer
Definition cracen_kmu.h:36