CLNS Niobe4aSDK V2.3.0 (RFP) Release Notes - Release: Niobe4aSDK_RFP - Version: V2.3.0 - Date: 2021-11-04 - Link to Nexus RepositoryManager: https://nl-nxrm.sw.nxp.com/service/rest/repository/browse/cccs-releases-raw/ - Link to Bitbucket: tags/niobe4asdk_2020_rfp - Compiler: IAR Compiler v.8.40.1 --- Test Target: - CoSim: CSSV2 v1.9 - CoSim CSS IP: 0.2.19 - N4Silicon: X-N4A-QFP100 --- CLNS memory consumption: delivery/niobe4aSdk_2020/static_library/libclns.a TEXT RO RW ZI TOTAL_CONSUMPTION 255478 154240 168 2772 412658 --- New Features in version 2.3.0: - Obfuscation of some design details - Improved test coverage - Bugfixes --- Features in version 2.3.0: - Components: mcuxClCss, mcuxClMac, mcuxClHash, mcuxClSession, mcuxClKey, mcuxClMemory - Components: mcuxClPkc, mcuxClMath, mcuxClEcc, mcuxClRsa - Components: mcuxMbedTLS [v2.25 (2021-03-09)] - Components: mcuxCsslCPreProcessor, mcuxCsslFlowProtection, mcuxCsslMemory, mcuxCsslParamIntegrity, mcuxCsslSecureCounter - mcuxClCss supports the following functionality - AES-128/192/256 encryption/decryption, modes ECB/CBC/CTR/GCM/CMAC - SHA2-224/256/384/512 (including sha-direct mode) - KDF: CKDF (NIST SP 800-108 / SP800-56C), HKDF (RFC5869) - HMAC - ECC Sign/Verify/Keygen/Keyexchange (P-256) - RFC3394 key wrapping/unwrapping - Key Import/Export/Utilities/Provisioning - Random number Generation (DRBG/PRNG) - TLS Master/Session Key generation - GDET - base address of CSS is link-time configuratble (using scatter file): CSS_BASE_ADDRESS --- Known Limitations: - Initialization of PRNG (workaround): call keydelete on any slot during startup: this will assure prng is ready - The CSS DTRNG internal entropy is limited to 128 bits, therefore any keys generated by the CLNS are also limited to this inherent entropythis will assure prng is ready --- Notes: - MbedTLS: the alternative implementation of the RNG is not backward compatible with the mbedTLS release (most functions do nothing) - MbedTLS: the alternative implementation for ECC does not support Curve25519 or Curve448