Key Derivation Function?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Key Derivation Function?

1,691 Views
jeffcampbell
Contributor III

Okay, I have a dumb question relating to CSE operations.  According to AN4234 (CSE Application Notes), I can't update any keys without generating K1, K2, and K3, and some other steps. These K values are only vaguely defined in terms of some key derivation function that is not specified.  I'm confused; is any key derivation function valid or is there one function in particular I'm supposed to use?

 

Would that function's definition be provided in the SHE Functional Specification? This standard is referenced numerous times but I can't find it anywhere and the website listed under AN4234's reference page is dead.

 

Edit: Still Googling.  I've found a large number of papers and slideshows that reference SHE and point to that dead website for details.  Hopefully I'll have better luck than this guy.

Labels (1)
0 Kudos
4 Replies

1,276 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

SHE - Secure Hardware Extension functional specification Version1.1 (rev439) is copyrighted by the AUDI AG and BMW AG ©, 2008.

I can recommend you to read AN4235 - Using CSE to protect your Application Code via a Chain of Trust.

Along with this AN there is an example attachment.

Peter

0 Kudos

1,276 Views
jeffcampbell
Contributor III

Peter,

AN4235 was helpful, so far as better understanding how to set up a chain of trust, but I'm still lost as to exactly how to generate K1-K3 to update the boot MAC key.  Under AN4234, the only statement that defines the key derivation function is: "KDF is key derivation function which derives a secret key (K1 ) from a secret value."  Is the exact definition of that function ever specified?

-Jeff

0 Kudos

1,276 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

I need to check with application team if these information can be shared publicly.

Peter

0 Kudos

1,276 Views
petervlna
NXP TechSupport
NXP TechSupport

Hi,

Unfortunately this information cannot be shared publicly.

Furthermore valid signed NDA is required to obtain such information from NXP.

I suggest you to not discuss it here on community and submit a ticket on NXP web site.

If you have an NDA signed you can contact person who assisted you with signature of NDA, to speed up process.

Peter

0 Kudos