1CLNS Niobe4aSDK V2.3.0 (RFP) Release Notes 2 3- Release: Niobe4aSDK_RFP 4- Version: V2.3.0 5- Date: 2021-11-04 6- Link to Nexus RepositoryManager: https://nl-nxrm.sw.nxp.com/service/rest/repository/browse/cccs-releases-raw/ 7- Link to Bitbucket: tags/niobe4asdk_2020_rfp 8- Compiler: IAR Compiler v.8.40.1 9--- Test Target: 10 - CoSim: CSSV2 v1.9 11 - CoSim CSS IP: 0.2.19 12 - N4Silicon: X-N4A-QFP100 13 14--- CLNS memory consumption: delivery/niobe4aSdk_2020/static_library/libclns.a 15 TEXT RO RW ZI TOTAL_CONSUMPTION 16 255478 154240 168 2772 412658 17 18 19--- New Features in version 2.3.0: 20 - Obfuscation of some design details 21 - Improved test coverage 22 - Bugfixes 23 24--- Features in version 2.3.0: 25 - Components: mcuxClCss, mcuxClMac, mcuxClHash, mcuxClSession, mcuxClKey, mcuxClMemory 26 - Components: mcuxClPkc, mcuxClMath, mcuxClEcc, mcuxClRsa 27 - Components: mcuxMbedTLS [v2.25 (2021-03-09)] 28 - Components: mcuxCsslCPreProcessor, mcuxCsslFlowProtection, mcuxCsslMemory, mcuxCsslParamIntegrity, mcuxCsslSecureCounter 29 - mcuxClCss supports the following functionality 30 - AES-128/192/256 encryption/decryption, modes ECB/CBC/CTR/GCM/CMAC 31 - SHA2-224/256/384/512 (including sha-direct mode) 32 - KDF: CKDF (NIST SP 800-108 / SP800-56C), HKDF (RFC5869) 33 - HMAC 34 - ECC Sign/Verify/Keygen/Keyexchange (P-256) 35 - RFC3394 key wrapping/unwrapping 36 - Key Import/Export/Utilities/Provisioning 37 - Random number Generation (DRBG/PRNG) 38 - TLS Master/Session Key generation 39 - GDET 40 - base address of CSS is link-time configuratble (using scatter file): CSS_BASE_ADDRESS 41 42--- Known Limitations: 43 - Initialization of PRNG (workaround): call keydelete on any slot during startup: this will assure prng is ready 44 - The CSS DTRNG internal entropy is limited to 128 bits, therefore any keys generated by the CLNS are also limited to this inherent entropythis will assure prng is ready 45 46--- Notes: 47 - MbedTLS: the alternative implementation of the RNG is not backward compatible with the mbedTLS release (most functions do nothing) 48 - MbedTLS: the alternative implementation for ECC does not support Curve25519 or Curve448 49 50
