帮助
英语(美国) | English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

RFC5869 standard HKDF on Edgelock secure subsystem

取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
显示  仅  | 搜索替代 
您的意思是: 
已解决
跳至解决方案

RFC5869 standard HKDF on Edgelock secure subsystem

跳至解决方案
2 周之前
1,041 次查看
YosukeW
Contributor II

Hello,

I have one question about HKDF feature.
MCXN SRM shows that this supports RFC5869 but requires specific input data format:
"For RFC5869 compliance, the derivation data SW_DRV_DATA[255:0] must be composed as {label[247:0],
counter[7:0]} from the RFC5869 standard."
Actually RFC5869 requires 2 steps: Extract and Expand. And these steps require different inputs.
But,  the above input data required by ELS seems compliant with Expand phase only. 
Can we pass salt (measurement data) and label with IKM and let ELS do the 2 steps as defined in RFC5869 ?
Or is it processed by ELS in different manner ?

Thank you and Best regards, Yosuke

标签 (2)
0 项奖励
回复
1 解答

跳至解决方案
1 周之前
954 次查看
Celeste_Liu
NXP Employee
NXP Employee

Hello @YosukeW ,

Thanks for your patience.

No, on MCX N23x/Nx4x ELS, the RFC5869-mode HKDF command does not expose separate Extract and Expand inputs , and the documentation describes the RFC5869 path as a single HMAC operation using a 256-bit derivation-data field . So you cannot pass salt plus IKM plus label and expect ELS to perform the full RFC5869 Extract then Expand sequence internally in the way RFC5869 defines it.

Hope it helps.

BR

Celeste

在原帖中查看解决方案

0 项奖励
回复
4 回复数

跳至解决方案
1 周之前
955 次查看
Celeste_Liu
NXP Employee
NXP Employee

Hello @YosukeW ,

Thanks for your patience.

No, on MCX N23x/Nx4x ELS, the RFC5869-mode HKDF command does not expose separate Extract and Expand inputs , and the documentation describes the RFC5869 path as a single HMAC operation using a 256-bit derivation-data field . So you cannot pass salt plus IKM plus label and expect ELS to perform the full RFC5869 Extract then Expand sequence internally in the way RFC5869 defines it.

Hope it helps.

BR

Celeste

0 项奖励
回复

跳至解决方案
1 周之前
936 次查看
YosukeW
Contributor II

Hello @Celeste_Liu ,

Thank you so much for answering my question.
It's clear to me now.

Best regards, Yosuke

回复

跳至解决方案
1 周之前
926 次查看
Celeste_Liu
NXP Employee
NXP Employee

Hello @YosukeW ,

You are welcome, glad to help! Any new issues, welcome to create a new post.

BR

Celeste

0 项奖励
回复

跳至解决方案
2 周之前
1,021 次查看
Celeste_Liu
NXP Employee
NXP Employee

Hello @YosukeW ,

I’ve noticed your case and will need some time to look into it further. I’ll keep you informed of any updates as soon as possible. 
 
Have a nice day.
 
BR
Celeste
0 项奖励
回复
%3CLINGO-SUB%20id%3D%22lingo-sub-2354967%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3EEdgelock%20%E5%AE%89%E5%85%A8%E5%AD%90%E7%B3%BB%E7%BB%9F%E4%B8%8A%E7%9A%84%20RFC5869%20%E6%A0%87%E5%87%86%20HKDF%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2354967%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E4%BD%A0%E5%A5%BD%3C%2FP%3E%3CP%3E%E6%88%91%E6%9C%89%E4%B8%80%E4%B8%AA%E5%85%B3%E4%BA%8E%20HKDF%20%E5%8A%9F%E8%83%BD%E7%9A%84%E9%97%AE%E9%A2%98%E3%80%82%3CBR%20%2F%3EMCXN%20SRM%20%E6%98%BE%E7%A4%BA%E5%AE%83%E6%94%AF%E6%8C%81%20RFC5869%EF%BC%8C%E4%BD%86%E9%9C%80%E8%A6%81%E7%89%B9%E5%AE%9A%E7%9A%84%E8%BE%93%E5%85%A5%E6%95%B0%E6%8D%AE%E6%A0%BC%E5%BC%8F%EF%BC%9A%3CBR%20%2F%3E%22%20%E4%B8%BA%E7%AC%A6%E5%90%88%20RFC5869%20%E6%A0%87%E5%87%86%EF%BC%8C%E6%B4%BE%E7%94%9F%E6%95%B0%E6%8D%AE%20SW_DRV_DATA%5B255%3A0%5D%E5%BF%85%E9%A1%BB%E7%94%B1%20RFC5869%20%E6%A0%87%E5%87%86%E4%B8%AD%E7%9A%84%20%7Blabel%5B247%3A0%5D%2C%3CBR%20%2F%3Ecounter%5B7%3A0%5D%7D%20%E7%BB%84%E6%88%90%E3%80%82%22%3CBR%20%2F%3E%E5%AE%9E%E9%99%85%E4%B8%8A%EF%BC%8C%3CA%20href%3D%22https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5869%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3ERFC5869%3C%2FA%3E%E9%9C%80%E8%A6%81%E4%B8%A4%E4%B8%AA%E6%AD%A5%E9%AA%A4%EF%BC%9A%E6%8F%90%E5%8F%96%E5%92%8C%E6%89%A9%E5%B1%95%E3%80%82%E8%80%8C%E8%BF%99%E4%BA%9B%E6%AD%A5%E9%AA%A4%E9%9C%80%E8%A6%81%E4%B8%8D%E5%90%8C%E7%9A%84%E6%8A%95%E5%85%A5%E3%80%82%3CBR%20%2F%3E%E4%BD%86%E6%98%AF%EF%BC%8CELS%20%E8%A6%81%E6%B1%82%E7%9A%84%E4%B8%8A%E8%BF%B0%E8%BE%93%E5%85%A5%E6%95%B0%E6%8D%AE%E4%BC%BC%E4%B9%8E%E5%8F%AA%E7%AC%A6%E5%90%88%E6%89%A9%E5%B1%95%E9%98%B6%E6%AE%B5%E7%9A%84%E8%A6%81%E6%B1%82%E3%80%82%20%3CBR%20%2F%3E%E6%88%91%E4%BB%AC%E6%98%AF%E5%90%A6%E5%8F%AF%E4%BB%A5%E9%80%9A%E8%BF%87%20IKM%20%E4%BC%A0%E9%80%92%E7%9B%90%EF%BC%88%E6%B5%8B%E9%87%8F%E6%95%B0%E6%8D%AE%EF%BC%89%E5%92%8C%E6%A0%87%E7%AD%BE%EF%BC%8C%E7%84%B6%E5%90%8E%E8%AE%A9%20ELS%20%E6%89%A7%E8%A1%8C%20RFC5869%20%E4%B8%AD%E5%AE%9A%E4%B9%89%E7%9A%84%E4%B8%A4%E4%B8%AA%E6%AD%A5%E9%AA%A4%EF%BC%9F%3CBR%20%2F%3E%E8%BF%98%E6%98%AF%20ELS%20%E7%9A%84%E5%A4%84%E7%90%86%E6%96%B9%E5%BC%8F%E4%B8%8D%E5%90%8C%EF%BC%9F%3CBR%20%2F%3E%3CBR%20%2F%3E%E8%B0%A2%E8%B0%A2%E5%B9%B6%E8%87%B4%E4%BB%A5%E6%9C%80%E5%B4%87%E9%AB%98%E7%9A%84%E6%95%AC%E6%84%8F%EF%BC%8CYosuke%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2354967%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CLINGO-LABEL%3EMCX%20N%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3E%E5%AE%89%E5%85%A8%EF%BC%88Edgelock%20%7C%20%E5%AE%89%E5%85%A8%E5%90%AF%E5%8A%A8%20%7C%20OTP%EF%BC%89%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2356791%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20RFC5869%20standard%20HKDF%20on%20Edgelock%20secure%20subsystem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2356791%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E4%BD%A0%E5%A5%BD%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F262019%22%20target%3D%22_blank%22%3E%40YosukeW%3C%2FA%3E%E3%80%81%3C%2FP%3E%0A%3CP%3E%E4%B8%8D%E5%AE%A2%E6%B0%94%EF%BC%8C%E5%BE%88%E9%AB%98%E5%85%B4%E4%B8%BA%E6%82%A8%E6%8F%90%E4%BE%9B%E5%B8%AE%E5%8A%A9%EF%BC%81%20%E5%A6%82%E6%9C%89%E4%BB%BB%E4%BD%95%E6%96%B0%E9%97%AE%E9%A2%98%EF%BC%8C%E6%AC%A2%E8%BF%8E%E5%88%9B%E5%BB%BA%E6%96%B0%E5%B8%96%E3%80%82%3C%2FP%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3E%E8%A5%BF%E8%8E%B1%E6%96%AF%E7%89%B9%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2356749%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20RFC5869%20standard%20HKDF%20on%20Edgelock%20secure%20subsystem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2356749%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E4%BD%A0%E5%A5%BD%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F237877%22%20target%3D%22_blank%22%3E%40Celeste_Liu%3C%2FA%3E%E3%80%81%3C%2FP%3E%3CP%3E%E9%9D%9E%E5%B8%B8%E6%84%9F%E8%B0%A2%E4%BD%A0%E5%9B%9E%E7%AD%94%E4%BA%86%E6%88%91%E7%9A%84%E9%97%AE%E9%A2%98%E3%80%82%3CBR%20%2F%3E%E6%88%91%E7%8E%B0%E5%9C%A8%E6%98%8E%E7%99%BD%E4%BA%86%E3%80%82%3C%2FP%3E%3CP%3E%E8%87%B4%E4%BB%A5%E6%9C%80%E8%AF%9A%E6%8C%9A%E7%9A%84%E9%97%AE%E5%80%99%EF%BC%8CYosuke%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2356511%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20RFC5869%20standard%20HKDF%20on%20Edgelock%20secure%20subsystem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2356511%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E4%BD%A0%E5%A5%BD%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F262019%22%20target%3D%22_blank%22%3E%40YosukeW%3C%2FA%3E%E3%80%81%3C%2FP%3E%0A%3CP%3E%E6%84%9F%E8%B0%A2%E6%82%A8%E7%9A%84%E8%80%90%E5%BF%83%E7%AD%89%E5%BE%85%E3%80%82%3C%2FP%3E%0A%3CP%3E%E4%B8%8D%E6%98%AF%EF%BC%8C%E5%9C%A8%20MCX%20N23x%2FNx4x%20ELS%20%E4%B8%8A%EF%BC%8CRFC5869%20%E6%A8%A1%E5%BC%8F%20HKDF%20%E5%91%BD%E4%BB%A4%E4%B8%8D%E6%8F%90%E4%BE%9B%E5%8D%95%E7%8B%AC%E7%9A%84%20Extract%20%E5%92%8C%20Expand%20%E8%BE%93%E5%85%A5%EF%BC%8C%E6%96%87%E6%A1%A3%E5%B0%86%20RFC5869%20%E8%B7%AF%E5%BE%84%E6%8F%8F%E8%BF%B0%E4%B8%BA%E4%BD%BF%E7%94%A8%20256%20%E4%BD%8D%E6%B4%BE%E7%94%9F%E6%95%B0%E6%8D%AE%E5%AD%97%E6%AE%B5%E7%9A%84%E5%8D%95%E4%B8%80%20HMAC%20%E6%93%8D%E4%BD%9C%E3%80%82%E5%9B%A0%E6%AD%A4%EF%BC%8C%E6%82%A8%E4%B8%8D%E8%83%BD%E9%80%9A%E8%BF%87%E7%9B%90%E5%8A%A0%20IKM%20%E5%8A%A0%E6%A0%87%E7%AD%BE%E7%9A%84%E6%96%B9%E5%BC%8F%EF%BC%8C%E6%8C%87%E6%9C%9B%20ELS%20%E5%9C%A8%E5%86%85%E9%83%A8%E6%8C%89%E7%85%A7%20RFC5869%20%E7%9A%84%E5%AE%9A%E4%B9%89%E6%89%A7%E8%A1%8C%E5%AE%8C%E6%95%B4%E7%9A%84%20RFC5869%20%E6%8F%90%E5%8F%96%E7%84%B6%E5%90%8E%E5%B1%95%E5%BC%80%E5%BA%8F%E5%88%97%E3%80%82%3C%2FP%3E%0A%3CP%3E%E5%B8%8C%E6%9C%9B%E5%AF%B9%E4%BD%A0%E6%9C%89%E6%89%80%E5%B8%AE%E5%8A%A9%E3%80%82%3C%2FP%3E%0A%3CP%3EBR%3C%2FP%3E%0A%3CP%3E%E8%A5%BF%E8%8E%B1%E6%96%AF%E7%89%B9%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2355173%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%20translate%3D%22no%22%3ERe%3A%20RFC5869%20standard%20HKDF%20on%20Edgelock%20secure%20subsystem%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2355173%22%20slang%3D%22en-US%22%20mode%3D%22CREATE%22%3E%3CP%3E%E4%BD%A0%E5%A5%BD%3CA%20href%3D%22https%3A%2F%2Fcommunity.nxp.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F262019%22%20target%3D%22_blank%22%3E%40YosukeW%3C%2FA%3E%E3%80%81%3C%2FP%3E%0A%3CDIV%3E%E6%88%91%E6%B3%A8%E6%84%8F%E5%88%B0%E4%BA%86%E4%BD%A0%E7%9A%84%E6%83%85%E5%86%B5%EF%BC%8C%E9%9C%80%E8%A6%81%E4%B8%80%E4%BA%9B%E6%97%B6%E9%97%B4%E8%BF%9B%E4%B8%80%E6%AD%A5%E8%B0%83%E6%9F%A5%E3%80%82%E5%A6%82%E6%9C%89%E4%BB%BB%E4%BD%95%E6%9B%B4%E6%96%B0%EF%BC%8C%E6%88%91%E4%BC%9A%E5%B0%BD%E5%BF%AB%E9%80%9A%E7%9F%A5%E4%BD%A0%E4%BB%AC%E3%80%82%20%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%E7%A5%9D%E6%82%A8%E6%84%89%E5%BF%AB%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EBR%3C%2FDIV%3E%0A%3CDIV%3E%E8%A5%BF%E8%8E%B1%E6%96%AF%E7%89%B9%3C%2FDIV%3E%3C%2FLINGO-BODY%3E