nRF Connect SDK API 3.3.99
Loading...
Searching...
No Matches
Data Structures | Macros | Enumerations | Functions | Variables
CRACEN KMU Integration
CRACEN Driver APIs » CRACEN Common APIs

CRACEN Key Management Unit (KMU) integration for the PSA layer. More...

Data Structures

struct  kmu_opaque_key_buffer
 

Macros

#define CRACEN_KMU_PUSH_AREA_SIZE   96u
 
#define CRACEN_KMU_MAX_KEY_SIZE   48u
 
#define CRACEN_KMU_SLOT_KEY_SIZE   16u
 
#define PROTECTED_RAM_INVALIDATION_DATA_SLOT1   248
 
#define PROTECTED_RAM_INVALIDATION_DATA_SLOT2   249
 

Enumerations

enum  kmu_metadata_key_bits {
  METADATA_ALG_KEY_BITS_128 = 1 , METADATA_ALG_KEY_BITS_192 = 2 , METADATA_ALG_KEY_BITS_255 = 3 , METADATA_ALG_KEY_BITS_256 = 4 ,
  METADATA_ALG_KEY_BITS_384_SEED = 5 , METADATA_ALG_KEY_BITS_384 = 6 , METADATA_ALG_KEY_BITS_RESERVED_2 = 7
}
 

Functions

int cracen_kmu_prepare_key (const uint8_t *user_data)
 Callback function that prepares a key for usage by Cracen.
 
int cracen_kmu_clean_key (const uint8_t *user_data)
 Callback function that clears transient buffers related to key handling.
 
psa_status_t cracen_kmu_get_builtin_key (psa_drv_slot_number_t slot_number, psa_key_attributes_t *attributes, uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
 Retrieves attributes and opaque key buffer for key.
 
psa_status_t cracen_kmu_provision (const psa_key_attributes_t *key_attr, int slot_id, const uint8_t *key_buffer, size_t key_buffer_size)
 Provision a key in the KMU.
 
psa_status_t cracen_kmu_destroy_key (const psa_key_attributes_t *attributes)
 Destroy a key stored in the KMU.
 
psa_status_t cracen_provision_prot_ram_inv_slots (void)
 Provision the protected RAM invalidation data.
 
psa_status_t cracen_push_prot_ram_inv_slots (void)
 Push the protected RAM invalidation slots to protected RAM.
 

Variables

uint8_t kmu_push_area [96u]
 

Detailed Description

CRACEN Key Management Unit (KMU) integration for the PSA layer.

Defines the opaque KMU key buffer and operations to prepare and clean keys, retrieve built-in keys, provision and destroy KMU slots, and manage protected RAM invalidation slots.

Note
These APIs are for internal use only. Applications must use the PSA Crypto API (psa_* functions) instead of calling these functions directly.