int ret =
mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), salt, salt_len,
ikm, ikm_len, info, info_len, output_key, out_key_len);
if (ret != 0) {
LOG_ERR("Error! Creating session key. Ret : %d", ret);
return RET_ERROR;
}
return RET_OK;
}
I am building a Zephyr application to run on an NRF52840. I am trying to derive a session key with the following function :
int derive_session_key(const uint8_t *device_token_key, const uint8_t *nonce1,
const uint8_t *nonce2, uint16_t out_key_len,
uint8_t *output_key) {
const uint8_t *ikm = device_token_key;
const size_t ikm_len = TOKEN_KEY_SIZE;
uint8_t salt[NONCE_SIZE];
add_arrays(nonce1, nonce2, salt, NONCE_SIZE);
const size_t salt_len = NONCE_SIZE;
const uint8_t *info = (const uint8_t *)INFO_STR;
const size_t info_len = strlen(INFO_STR);
int ret =
mbedtls_hkdf(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), salt, salt_len,
ikm, ikm_len, info, info_len, output_key, out_key_len);
if (ret != 0) {
LOG_ERR("Error! Creating session key. Ret : %d", ret);
return RET_ERROR;
}
return RET_OK;
}
My proj.conf has the correct configuration to link with the required libraries as follows :
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS=y
CONFIG_MBEDTLS_SHA256_C=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
CONFIG_MBEDTLS_HKDF_C=y
CONFIG_MBEDTLS_BUILTIN=y
CONFIG_MBEDTLS_CIPHER_MODE_CBC=y
CONFIG_MBEDTLS_AES_C=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_HEAP_MEM_POOL_SIZE=4096
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_PSA_WANT_KEY_TYPE_AES=y
CONFIG_PSA_WANT_AES_KEY_SIZE_128=y
CONFIG_PSA_WANT_ALG_CMAC=y
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=y
CONFIG_PSA_WANT_ALG_CBC_NO_PADDING=y
However,the linking ultimately fails and I cannot call mbedtls_hkdf because some of these configurations can not be set to =y with the following confusing warnings. Even if manually define MBEDTLS_HKDF_Cin my code, it doesn't work. Any ideas on how to solve this? Thanks.
warning: MBEDTLS_AES_C (defined at /home/user/Belter/top_main/nrf/subsys/nrf_security/Kconfig.legacy:388) was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies: MBEDTLS_LEGACY_CRYPTO_C (=n). See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_AES_C and/or look up MBEDTLS_AES_C in the menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful too. warning: MBEDTLS_HKDF_C (defined at /home/user/Belter/top_main/nrf/subsys/nrf_security/Kconfig.legacy:724, modules/mbedtls/Kconfig.tls- generic:140, modules/mbedtls/Kconfig.tls-generic:140) was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies: ((MBEDTLS_LEGACY_CRYPTO_C && NRF_SECURITY) || (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls- generic.h" && MBEDTLS) || (!(NRF_SECURITY || NORDIC_SECURITY_BACKEND) && MBEDTLS_BUILTIN && MBEDTLS_CFG_FILE = "config-tls-generic.h" && MBEDTLS && 0)) (=n). See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_HKDF_C and/or look up MBEDTLS_HKDF_C in the menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful too. warning: MBEDTLS_SHA256_C (defined at /home/user/Belter/top_main/nrf/subsys/nrf_security/Kconfig.legacy:798) was assigned the value 'y' but got the value 'n'. Check these unsatisfied dependencies: MBEDTLS_LEGACY_CRYPTO_C (=n). See http://docs.zephyrproject.org/latest/kconfig.html#CONFIG_MBEDTLS_SHA256_C and/or look up MBEDTLS_SHA256_C in the menuconfig/guiconfig interface. The Application Development Primer, Setting Configuration Values, and Kconfig - Tips and Best Practices sections of the manual might be helpful too.