7.6.5.6.3 Context Specification for Key Operations
The context input for Key operations is used to specify the properties of a key, and enables the explicit differentiation of keys that have distinct purposes. Under no circumstance must the same context be used on the same device for keys with different properties or purposes.
For Get Key operations, the combination of the intrinsic PUF key and the context uniquely defines the key that is output. If the same context is used, the same key is produced.
For Wrap and Wrap Generated Random operations, the combination of the intrinsic PUF key and context uniquely determines which keys are used to protect the wrapped data. Each key code is still unique, even when the same data and context are used.
Word Index | Bit Range | Value | Description |
---|---|---|---|
0 | [31:24] | 0 | Reserved. Must always be 0. |
[23:16] | 0x10 | Context for key operations | |
[15:13] | 0 | Reserved. Must always be 0. | |
[12:0] | N x 64 (with
N= 1..16), 2048, 3072, 4096 | Length of the
key in bits. The key length is not necessarily the same as the security strength. | |
1 | [31:16] | 0 | Must always be 0. |
[15:10] | 0 | Reserved. Must always be 0. | |
[9] | 0 |
Reserved. Must always be 0. | |
[8] | 0, 1 | Defines the
allowed key destinations, when PUF is in the Started state: 0: Key cannot be available via PUF_DOR 1: Key can be available via PUF_DOR | |
[7:2] | 0 | Reserved. Must always be 0. | |
[1] | 0 |
Reserved. Must always be 0. | |
[0] | 0, 1 | Defines the
allowed key destinations, when PUF is in the Enrolled state: 1: Key is available via PUF_DOR | |
2 | [31:0] | Any | User context for key derivation; available bits are restricted by the value read in PUF_HW_RUC0. |
3 | [31:0] | Any | User context for key derivation; available bits are restricted by the value read in PUF_HW_RUC1. |