Skip to content

nrf_security: CRACEN: cracen_key_derivation_operation struct members depend on project config #24892

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
+70 −7
Draft

nrf_security: CRACEN: cracen_key_derivation_operation struct members depend on project config #24892

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/include/cracen_psa_primitives.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,7 @@ struct cracen_key_derivation_operation {
cracen_hash_operation_t hash_op;
};
union {
#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
struct {
uint8_t blk_counter;
uint8_t prk[SX_HASH_MAX_ENABLED_BLOCK_SIZE];
Expand All @@ -248,7 +249,8 @@ struct cracen_key_derivation_operation {
size_t info_length;
bool info_set;
} hkdf;

#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */
#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
struct {
uint64_t input_cost;
char password[SX_HASH_MAX_ENABLED_BLOCK_SIZE];
Expand All @@ -259,7 +261,8 @@ struct cracen_key_derivation_operation {
uint8_t uj[PSA_MAC_MAX_SIZE];
uint8_t tj[PSA_MAC_MAX_SIZE];
} pbkdf2;

#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */
#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
struct {
uint8_t key_buffer[CRACEN_MAX_AES_KEY_SIZE];
struct sxkeyref keyref;
Expand All @@ -275,11 +278,13 @@ struct cracen_key_derivation_operation {
uint32_t L;
uint8_t K_0[SX_BLKCIPHER_AES_BLK_SZ];
} cmac_ctr;

#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */
#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS)
struct {
uint8_t key[32];
} ecjpake_to_pms;

#endif /* PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS */
#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
struct {
/* May contain secret, length of secret as uint16be, other secret
* and other secret length as uint16be.
Expand All @@ -293,6 +298,7 @@ struct cracen_key_derivation_operation {
size_t counter;
uint8_t a[SX_HASH_MAX_ENABLED_BLOCK_SIZE];
} tls12;
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */
};
};
typedef struct cracen_key_derivation_operation cracen_key_derivation_operation_t;
Expand Down
59 changes: 57 additions & 2 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/src/key_derivation.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ static psa_status_t cracen_ecdh_montgmr_calc_secret(const struct sx_pk_ecurve *c

/**
* \brief Initialize and set up the MAC operation that will be used to generate pseudo-random
* bytes for HDKF and PBKDF2.
* bytes for HKDF and PBKDF2.
*
* \param[in, out] operation Cracen key derivation operation object.
* \param[in] key_buffer Key buffer or HKDF salt.
Expand Down Expand Up @@ -180,6 +180,7 @@ static psa_status_t start_mac_operation(cracen_key_derivation_operation_t *opera
mac_alg);
}

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
static size_t pbkdf2_prf_output_length(psa_algorithm_t alg)
{
if (alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
Expand All @@ -188,12 +189,14 @@ static size_t pbkdf2_prf_output_length(psa_algorithm_t alg)
return PSA_HASH_LENGTH(PSA_ALG_GET_HASH(alg));
}
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *operation,
psa_algorithm_t alg)
{
operation->alg = alg;

#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
if (IS_ENABLED(PSA_NEED_CRACEN_HKDF) && (PSA_ALG_IS_HKDF(operation->alg) ||
PSA_ALG_IS_HKDF_EXPAND(operation->alg))) {
size_t hash_size = PSA_HASH_LENGTH(PSA_ALG_HKDF_GET_HASH(alg));
Expand Down Expand Up @@ -222,7 +225,9 @@ psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *oper

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_PBKDF2_HMAC) && PSA_ALG_IS_PBKDF2(operation->alg)) {
size_t output_length = pbkdf2_prf_output_length(operation->alg);

Expand All @@ -234,15 +239,19 @@ psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *oper
operation->state = CRACEN_KD_STATE_PBKDF2_INIT;
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS)) {
if (operation->alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
operation->capacity = PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE;
operation->state = CRACEN_KD_STATE_TLS12_ECJPAKE_TO_PMS_INIT;
return PSA_SUCCESS;
}
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_PRF) && PSA_ALG_IS_TLS12_PRF(operation->alg)) {
operation->state = CRACEN_KD_STATE_TLS12_PRF_INIT;
operation->capacity = UINT64_MAX;
Expand All @@ -255,6 +264,7 @@ psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *oper
operation->capacity = UINT64_MAX;
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */

if (IS_ENABLED(PSA_NEED_CRACEN_SRP_PASSWORD_HASH) && PSA_ALG_IS_SRP_PASSWORD_HASH(alg)) {
if (PSA_ALG_HKDF_GET_HASH(alg) != CRACEN_SRP_HASH_ALG) {
Expand All @@ -264,6 +274,7 @@ psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *oper
return PSA_SUCCESS;
}

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
if (operation->alg == PSA_ALG_SP800_108_COUNTER_CMAC) {
operation->capacity = PSA_ALG_SP800_108_COUNTER_CMAC_INIT_CAPACITY;
operation->state = CRACEN_KD_STATE_CMAC_CTR_INIT;
Expand All @@ -272,6 +283,7 @@ psa_status_t cracen_key_derivation_setup(cracen_key_derivation_operation_t *oper

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

return PSA_ERROR_NOT_SUPPORTED;
}
Expand All @@ -291,6 +303,7 @@ psa_status_t cracen_key_derivation_set_capacity(cracen_key_derivation_operation_
return PSA_SUCCESS;
}

#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
static psa_status_t
cracen_key_derivation_input_bytes_hkdf(cracen_key_derivation_operation_t *operation,
psa_key_derivation_step_t step, const uint8_t *data,
Expand Down Expand Up @@ -374,7 +387,9 @@ cracen_key_derivation_input_bytes_hkdf(cracen_key_derivation_operation_t *operat

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
static psa_status_t
cracen_key_derivation_input_bytes_pbkdf2(cracen_key_derivation_operation_t *operation,
psa_key_derivation_step_t step, const uint8_t *data,
Expand Down Expand Up @@ -445,7 +460,9 @@ cracen_key_derivation_input_bytes_pbkdf2(cracen_key_derivation_operation_t *oper

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
static psa_status_t
cracen_key_derivation_input_bytes_cmac_ctr(cracen_key_derivation_operation_t *operation,
psa_key_derivation_step_t step, const uint8_t *data,
Expand Down Expand Up @@ -502,7 +519,9 @@ cracen_key_derivation_input_bytes_cmac_ctr(cracen_key_derivation_operation_t *op

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
static psa_status_t
cracen_key_derivation_input_bytes_tls12(cracen_key_derivation_operation_t *operation,
psa_key_derivation_step_t step, const uint8_t *data,
Expand Down Expand Up @@ -576,6 +595,7 @@ cracen_key_derivation_input_bytes_tls12(cracen_key_derivation_operation_t *opera
}
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */

static psa_status_t
cracen_key_derivation_input_bytes_srp(cracen_key_derivation_operation_t *operation,
Expand Down Expand Up @@ -641,6 +661,7 @@ psa_status_t cracen_key_derivation_input_bytes(cracen_key_derivation_operation_t
psa_key_derivation_step_t step, const uint8_t *data,
size_t data_length)
{
#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
if (IS_ENABLED(PSA_NEED_CRACEN_HKDF) && (PSA_ALG_IS_HKDF(operation->alg) ||
PSA_ALG_IS_HKDF_EXTRACT(operation->alg))) {
return cracen_key_derivation_input_bytes_hkdf(operation, step, data, data_length);
Expand All @@ -657,17 +678,23 @@ psa_status_t cracen_key_derivation_input_bytes(cracen_key_derivation_operation_t
}
return cracen_key_derivation_input_bytes_hkdf(operation, step, data, data_length);
}
#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_PBKDF2_HMAC) && PSA_ALG_IS_PBKDF2(operation->alg)) {
return cracen_key_derivation_input_bytes_pbkdf2(operation, step, data, data_length);
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC) &&
(operation->alg == PSA_ALG_SP800_108_COUNTER_CMAC)) {
return cracen_key_derivation_input_bytes_cmac_ctr(operation, step, data,
data_length);
}
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS) &&
operation->alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
if (operation->state != CRACEN_KD_STATE_TLS12_ECJPAKE_TO_PMS_INIT) {
Expand All @@ -682,7 +709,9 @@ psa_status_t cracen_key_derivation_input_bytes(cracen_key_derivation_operation_t
sizeof(operation->ecjpake_to_pms.key));
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_PRF) && PSA_ALG_IS_TLS12_PRF(operation->alg)) {
return cracen_key_derivation_input_bytes_tls12(operation, step, data, data_length);
}
Expand All @@ -691,6 +720,7 @@ psa_status_t cracen_key_derivation_input_bytes(cracen_key_derivation_operation_t
PSA_ALG_IS_TLS12_PSK_TO_MS(operation->alg)) {
return cracen_key_derivation_input_bytes_tls12(operation, step, data, data_length);
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */

if (IS_ENABLED(PSA_NEED_CRACEN_SRP_PASSWORD_HASH) &&
PSA_ALG_IS_SRP_PASSWORD_HASH(operation->alg)) {
Expand All @@ -705,13 +735,16 @@ psa_status_t cracen_key_derivation_input_key(cracen_key_derivation_operation_t *
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size)
{
#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

if (operation->alg != PSA_ALG_SP800_108_COUNTER_CMAC) {
return cracen_key_derivation_input_bytes(operation, step, key_buffer,
key_buffer_size);
}

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
return PSA_ERROR_NOT_SUPPORTED;
}
Expand Down Expand Up @@ -739,12 +772,15 @@ psa_status_t cracen_key_derivation_input_key(cracen_key_derivation_operation_t *

operation->state = CRACEN_KD_STATE_CMAC_CTR_KEY_LOADED;
return status;
#else
return PSA_ERROR_INVALID_ARGUMENT;
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */
}

psa_status_t cracen_key_derivation_input_integer(cracen_key_derivation_operation_t *operation,
psa_key_derivation_step_t step, uint64_t value)
{

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_PBKDF2_HMAC)) {
if ((PSA_ALG_IS_PBKDF2(operation->alg)) && step == PSA_KEY_DERIVATION_INPUT_COST) {
if (operation->pbkdf2.input_cost) {
Expand All @@ -755,10 +791,12 @@ psa_status_t cracen_key_derivation_input_integer(cracen_key_derivation_operation
return PSA_SUCCESS;
}
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

return PSA_ERROR_NOT_SUPPORTED;
}

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
static int
cracen_key_derivation_cmac_ctr_add_core_fixed_input(cracen_key_derivation_operation_t *operation,
struct sxmac *cmac_ctx)
Expand Down Expand Up @@ -870,7 +908,9 @@ cracen_key_derivation_cmac_ctr_generate_block(cracen_key_derivation_operation_t
operation->cmac_ctr.counter++;
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
/**
* \brief Generates the next block for HKDF.
*
Expand Down Expand Up @@ -922,7 +962,9 @@ cracen_key_derivation_hkdf_generate_block(cracen_key_derivation_operation_t *ope

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
/**
* \brief Generates the next block for PBKDF2.
*
Expand Down Expand Up @@ -992,7 +1034,9 @@ cracen_key_derivation_pbkdf2_generate_block(cracen_key_derivation_operation_t *o

return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
static psa_status_t
cracen_key_derivation_tls12_prf_generate_block(cracen_key_derivation_operation_t *operation)
{
Expand Down Expand Up @@ -1072,6 +1116,7 @@ cracen_key_derivation_tls12_prf_generate_block(cracen_key_derivation_operation_t

return status;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */

psa_status_t cracen_key_agreement(const psa_key_attributes_t *attributes, const uint8_t *priv_key,
size_t priv_key_size, const uint8_t *publ_key,
Expand Down Expand Up @@ -1127,6 +1172,7 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
{
psa_status_t (*generator)(cracen_key_derivation_operation_t *) = NULL;

#if defined(CONFIG_PSA_NEED_CRACEN_HKDF)
if (IS_ENABLED(PSA_NEED_CRACEN_HKDF) && (PSA_ALG_IS_HKDF(operation->alg) ||
PSA_ALG_IS_HKDF_EXPAND(operation->alg))) {
if (operation->state < CRACEN_KD_STATE_HKDF_KEYED || !operation->hkdf.info_set) {
Expand All @@ -1153,7 +1199,9 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
memcpy(output, operation->hkdf.prk, prk_length);
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_HKDF */

#if defined(CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_PBKDF2_HMAC) && PSA_ALG_IS_PBKDF2(operation->alg)) {
/* Salt, password and input cost must have been provided. */
if (!operation->pbkdf2.input_cost) {
Expand All @@ -1168,7 +1216,9 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
operation->state = CRACEN_KD_STATE_PBKDF2_OUTPUT;
generator = cracen_key_derivation_pbkdf2_generate_block;
}
#endif /* CONFIG_PSA_NEED_CRACEN_PBKDF2_HMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC)
if (IS_ENABLED(PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC) &&
(operation->alg == PSA_ALG_SP800_108_COUNTER_CMAC)) {
if (operation->state == CRACEN_KD_STATE_CMAC_CTR_KEY_LOADED ||
Expand All @@ -1189,7 +1239,9 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
return PSA_ERROR_BAD_STATE;
}
}
#endif /* CONFIG_PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS) &&
operation->alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
size_t outlen;
Expand All @@ -1204,7 +1256,9 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
}
return PSA_SUCCESS;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS */

#if defined(CONFIG_PSA_NEED_CRACEN_TLS12_PRF) || defined(CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS)
if (IS_ENABLED(PSA_NEED_CRACEN_TLS12_PRF) && PSA_ALG_IS_TLS12_PRF(operation->alg)) {
operation->state = CRACEN_KD_STATE_TLS12_PRF_OUTPUT;
generator = cracen_key_derivation_tls12_prf_generate_block;
Expand All @@ -1215,6 +1269,7 @@ psa_status_t cracen_key_derivation_output_bytes(cracen_key_derivation_operation_
operation->state = CRACEN_KD_STATE_TLS12_PSK_TO_MS_OUTPUT;
generator = cracen_key_derivation_tls12_prf_generate_block;
}
#endif /* CONFIG_PSA_NEED_CRACEN_TLS12_PRF || CONFIG_PSA_NEED_CRACEN_TLS12_PSK_TO_MS */

if (IS_ENABLED(PSA_NEED_CRACEN_SRP_PASSWORD_HASH) &&
PSA_ALG_IS_SRP_PASSWORD_HASH(operation->alg)) {
Expand Down
4 changes: 3 additions & 1 deletion subsys/nrf_security/src/drivers/cracen/psa_driver.Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1858,7 +1858,9 @@ config PSA_NEED_CRACEN_KEY_DERIVATION_DRIVER
PSA_NEED_CRACEN_TLS12_ECJPAKE_TO_PMS || \
PSA_NEED_CRACEN_PBKDF2_HMAC || \
PSA_NEED_CRACEN_SRP_PASSWORD_HASH || \
PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC
PSA_NEED_CRACEN_SP800_108_COUNTER_CMAC || \
PSA_NEED_CRACEN_TLS12_PRF || \
PSA_NEED_CRACEN_TLS12_PSK_TO_MS

config PSA_NEED_CRACEN_KMU_DRIVER
bool
Expand Down