CLNS Niobe4aSDK V2.3.0 (RFP) Release Notes

- Release: Niobe4aSDK_RFP
- Version: V2.3.0
- Date:    2021-11-04
- Link to Nexus RepositoryManager: https://nl-nxrm.sw.nxp.com/service/rest/repository/browse/cccs-releases-raw/
- Link to Bitbucket: tags/niobe4asdk_2020_rfp
- Compiler: IAR Compiler v.8.40.1
--- Test Target:   
   - CoSim: CSSV2 v1.9
      - CoSim CSS IP: 0.2.19
   - N4Silicon: X-N4A-QFP100
      
--- CLNS memory consumption: delivery/niobe4aSdk_2020/static_library/libclns.a 
    TEXT RO RW ZI TOTAL_CONSUMPTION 
    255478 154240 168 2772 412658


--- New Features in version 2.3.0: 
    - Obfuscation of some design details
    - Improved test coverage
    - Bugfixes

--- Features in version 2.3.0:   
    - Components: mcuxClCss, mcuxClMac, mcuxClHash, mcuxClSession, mcuxClKey, mcuxClMemory
    - Components: mcuxClPkc, mcuxClMath, mcuxClEcc, mcuxClRsa
    - Components: mcuxMbedTLS [v2.25 (2021-03-09)]
    - Components: mcuxCsslCPreProcessor, mcuxCsslFlowProtection, mcuxCsslMemory, mcuxCsslParamIntegrity, mcuxCsslSecureCounter
    - mcuxClCss supports the following functionality
        - AES-128/192/256 encryption/decryption, modes ECB/CBC/CTR/GCM/CMAC
        - SHA2-224/256/384/512 (including sha-direct mode)
        - KDF: CKDF (NIST SP 800-108 / SP800-56C), HKDF (RFC5869)
        - HMAC
        - ECC Sign/Verify/Keygen/Keyexchange (P-256)
        - RFC3394 key wrapping/unwrapping
        - Key Import/Export/Utilities/Provisioning
        - Random number Generation (DRBG/PRNG)
        - TLS Master/Session Key generation
        - GDET
   - base address of CSS is link-time configuratble (using scatter file): CSS_BASE_ADDRESS

--- Known Limitations: 
    - Initialization of PRNG (workaround): call keydelete on any slot during startup: this will assure prng is ready
    - The CSS DTRNG internal entropy is limited to 128 bits, therefore any keys generated by the CLNS are also limited to this inherent entropythis will assure prng is ready

--- Notes: 
    - MbedTLS: the alternative implementation of the RNG is not backward compatible with the mbedTLS release (most functions do nothing)
    - MbedTLS: the alternative implementation for ECC does not support Curve25519 or Curve448

