Secure_Link
APIs for Secure link configuration and usage.
Data Structures |
|
| struct | sl_wfx_set_securelink_mac_key_req_body_t |
|
Set the Secure Link MAC key.
|
|
| struct | sl_wfx_set_securelink_mac_key_cnf_body_t |
|
Confirmation for the Secure Link MAC key setting.
|
|
| struct | sl_wfx_securelink_exchange_pub_keys_req_body_t |
|
Exchange Secure Link Public Keys.
|
|
| struct | sl_wfx_securelink_exchange_pub_keys_cnf_body_t |
|
Confirmation for exchange of Secure Link Public Keys.
|
|
| struct | sl_wfx_securelink_exchange_pub_keys_ind_body_t |
|
Indication for exchange of Secure Link Public Keys.
|
|
| struct | sl_wfx_securelink_configure_req_body_t |
|
Configure Secure Link Layer.
|
|
| struct | sl_wfx_securelink_configure_cnf_body_t |
|
Confirmation of Secure Link Layer configuration
sl_wfx_securelink_configure_req_body_t
.
|
|
Macros |
|
| #define | SL_WFX_SESSION_KEY_PROTECTION_DISABLE_MAGIC 0xfa21e603 |
|
Magic word used to disable Session Key protection.
|
|
Enumerations |
|
| enum |
sl_wfx_secure_link_state_t
{
SECURE_LINK_NA_MODE = 0x0 , SECURE_LINK_UNTRUSTED_MODE = 0x1 , SECURE_LINK_TRUSTED_MODE = 0x2 , SECURE_LINK_TRUSTED_ACTIVE_ENFORCED = 0x3 } |
|
*Secure Link' device state
|
|
| enum |
sl_wfx_securelink_mac_key_dest_t
{
SECURE_LINK_MAC_KEY_DEST_OTP = 0x78 , SECURE_LINK_MAC_KEY_DEST_RAM = 0x87 } |
|
destination of the
Secure Link MAC key
, used by request message
sl_wfx_set_securelink_mac_key_req_body_t
|
|
| enum |
sl_wfx_secure_link_session_key_alg_t
{
SECURE_LINK_CURVE25519 = 0x01 , SECURE_LINK_KDF = 0x02 } |
|
Session Key computation algorithms.
|
|
Detailed Description
APIs for Secure link configuration and usage.
WFX family of product have the ability to encrypt the SDIO or SPI link.
Link to more detailed documentation about the Secure Link feature : SecureLink
Data Structure Documentation
◆ sl_wfx_set_securelink_mac_key_req_body_t
| struct sl_wfx_set_securelink_mac_key_req_body_t |
Set the Secure Link MAC key.
This API can be used for Trusted Eval devices in two contexts:
- to set a temporary SecureLink MAC key in RAM.
- to permanently burn the SecureLink MAC key in OTP memory. In that case, the OTP SecureLink mode will switch to Trusted Enforced mode
Definition at line
569
of file
sl_wfx_general_api.h
.
| Data Fields | ||
|---|---|---|
| uint8_t | key_value[32] | Secure Link MAC Key value. |
| uint8_t | otp_or_ram | Key destination - OTP or RAM (see enum sl_wfx_securelink_mac_key_dest_t) |
◆ sl_wfx_set_securelink_mac_key_cnf_body_t
| struct sl_wfx_set_securelink_mac_key_cnf_body_t |
◆ sl_wfx_securelink_exchange_pub_keys_req_body_t
| struct sl_wfx_securelink_exchange_pub_keys_req_body_t |
Exchange Secure Link Public Keys.
This API is used by the Host to send its curve25519 public key to Device, and get back Device public key in the confirmation message. Once keys are exchanged and authenticated (using their respective MAC), each peer computes the Secure Link session key that will be used to encrypt/decrypt future Host<->Device messages.
Definition at line
610
of file
sl_wfx_general_api.h
.
◆ sl_wfx_securelink_exchange_pub_keys_cnf_body_t
| struct sl_wfx_securelink_exchange_pub_keys_cnf_body_t |
◆ sl_wfx_securelink_exchange_pub_keys_ind_body_t
| struct sl_wfx_securelink_exchange_pub_keys_ind_body_t |
◆ sl_wfx_securelink_configure_req_body_t
| struct sl_wfx_securelink_configure_req_body_t |
Configure Secure Link Layer.
This API can be used to:
- Set/update the Secure Link encryption bitmap
- Disable Session Key Protection
About the Session Key protection: SecureLink underlying encryption algorithm is AES CCM. This algorithm is using an internal Nonce counter incremented each time a message is encrypted/decrypted. This counter is not supposed to go beyond a given limit to guarantee AES CCM security properties. This is why Host Driver is responsible for renegotiating the session key once the message counter is approaching the limit. Disabling the Session Key protection will disable the check performed by the firmware that the Nonce counter is crossing the limit, allowing Host Driver to use the same session key during the same power cycle, even during a very long time. This behavior is not recommended.
To disable the protection, a given magic word (SL_WFX_SESSION_KEY_PROTECTION_DISABLE_MAGIC) must be provided as DisableSessionKeyProtection parameter value. Any other value will let the protection set.
- Note
- When SecureLink is activated, SL Configure API must be called right after the key exchange. Issuing another command instead will result in an error.
- It is not recommended to call this API a second time during the same power cycle.
Definition at line
673
of file
sl_wfx_general_api.h
.
◆ sl_wfx_securelink_configure_cnf_body_t
| struct sl_wfx_securelink_configure_cnf_body_t |
Confirmation of Secure Link Layer configuration sl_wfx_securelink_configure_req_body_t .
- Returns
- HI_STATUS_SUCCESS
- Note
- The host driver should wait for this confirmation to update its local bitmap with the returned value
Definition at line
690
of file
sl_wfx_general_api.h
.
| Data Fields | ||
|---|---|---|
| uint8_t | encr_bmp[32] | Encryption bitmap. |
| uint32_t | status | Request status (see enum sl_wfx_status_t) |
Enumeration Type Documentation
◆ sl_wfx_secure_link_session_key_alg_t
◆ sl_wfx_secure_link_state_t
*Secure Link' device state
Definition at line
544
of file
sl_wfx_general_api.h
.
◆ sl_wfx_securelink_mac_key_dest_t
destination of the Secure Link MAC key , used by request message sl_wfx_set_securelink_mac_key_req_body_t
| Enumerator | |
|---|---|
| SECURE_LINK_MAC_KEY_DEST_OTP |
Key will be stored in OTP. |
| SECURE_LINK_MAC_KEY_DEST_RAM |
Key will be stored in RAM. |
Definition at line
554
of file
sl_wfx_general_api.h
.