Functions#
This section provides a reference to the PUF Crypto API functions.
Functions#
Starts PUF process.
Sets key for the PUF.
Blocks further set key operation on PUF.
Performs a get key operation with the provided key code.
Disables further key retrieval operations on PUF.
Loads key code using PUF to AES engine.
Sets intrinsic key operation.
Encrypts data using the provided initialization vector and key, depending on the mode.
Decrypts data using the provided initialization vector and key, depending on the mode.
Calculates Message Authentication Check (MAC) for given data using AES-CBC mode.
Function Documentation#
sl_si91x_puf_start_req#
sl_status_t sl_si91x_puf_start_req (void )
Starts PUF process.
N/A |
Device should contain a valid activation code (AC) in Flash. The activation code and the startup data are used to reconstruct the digital fingerprint. The activation code is generated by the manufacturer and flashed into the device. To generate and flash the activation code using Simplicity Commander, follow these steps:
Connect the device to the host using a USB cable.
Open terminal and enter the following command:
commander manufacturing init --mbr ta_mbr_{OPN}.bin
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
Note
This function needs to be called after every power-up and reset.
107
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_set_key_req#
sl_status_t sl_si91x_puf_set_key_req (uint8_t key_index, uint8_t key_size, const uint8_t * key_ptr, uint8_t * key_code_ptr)
Sets key for the PUF.
[in] | key_index | Key index ( valid range is 0 - 15 ) |
[in] | key_size | Key size of type sl_si91x_puf_key_size_t |
[in] | key_ptr | Pointer to key of size 16 or 32 bytes based on the key size |
[out] | key_code_ptr | Pointer to key code with size of 52 bytes. |
The digital fingerprint generated during the PUF start operations and a User Key (UK) provided by the client design are used to generate a Key Code (KC).
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
Note
This operation needs to be done only once for each user key.
127
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_set_key_disable_req#
sl_status_t sl_si91x_puf_set_key_disable_req (void )
Blocks further set key operation on PUF.
N/A |
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
138
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_get_key_req#
sl_status_t sl_si91x_puf_get_key_req (uint8_t * key_code_ptr, uint8_t * key_ptr)
Performs a get key operation with the provided key code.
[in] | key_code_ptr | Pointer to the Key Code with size of 52 bytes. |
[out] | key_ptr | Pointer to stored key response. The size of the response can be 16 or 32 bytes based on the key size. |
The digital fingerprint generated during the start operation and the KC generated during a set key operation sl_si91x_puf_set_key_req, is used to retrieve a stored key.
Pre-conditions: To retrieve the
key_ptr
(UK), user must set thekey_index
in sl_si91x_puf_set_key_req to a value between 1 and 15 (inclusive).
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
Note
This operation needs to be done every time a key is needed.
159
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_get_key_disable_req#
sl_status_t sl_si91x_puf_get_key_disable_req (void )
Disables further key retrieval operations on PUF.
N/A |
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
167
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_load_key_req#
sl_status_t sl_si91x_puf_load_key_req (uint8_t * key_code_ptr)
Loads key code using PUF to AES engine.
[in] | key_code_ptr | Pointer to the key code with size of 52 bytes. |
This is same as get key operation, but after retrieving key using sl_si91x_puf_set_key_req, it loads into AES engine.
Pre-conditions: The user must set the
key_index
in sl_si91x_puf_set_key_req to0
, indicating that only the Master Key can be loaded into the AES engine.
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
Note
This operation needs to be done for different keys to be loaded into AES engine.
187
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_set_intr_key_req#
sl_status_t sl_si91x_puf_set_intr_key_req (uint8_t key_index, uint8_t key_size, uint8_t * intr_key_resp)
Sets intrinsic key operation.
[in] | key_index | Key index ( valid range is 0 - 15 ) |
[in] | key_size | Key size of type sl_si91x_puf_key_size_t |
[out] | intr_key_resp | Pointer to response |
The digital fingerprint generated during the Enroll/Start operations sl_si91x_puf_start_req is used to generate a key code (KC) that defines a unique intrinsic key. This operation needs to be done only once for each intrinsic key. Each time a Set Intrinsic Key operation is executed a new unique key is generated.
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
Note
Intrinsic keys are randomly generated. They cannot be used for cryptographic algorithms that require specific keys, which is typical for public key schemes like RSA. In such cases, user keys should be used.
206
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_aes_encrypt_req#
sl_status_t sl_si91x_puf_aes_encrypt_req (uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, uint8_t * data_ptr, uint16_t iv_size, uint8_t * iv_ptr, uint8_t * aes_encry_resp)
Encrypts data using the provided initialization vector and key, depending on the mode.
[in] | mode | AES mode of type sl_si91x_puf_aes_mode_t |
[in] | key_source | Key source of type sl_si91x_puf_key_source_t |
[in] | key_size | Key size of type sl_si91x_puf_key_size_t |
[in] | key_ptr | Pointer to key of size 16 or 32 bytes based on key size.(valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE) |
[in] | data_size | Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408) |
[in] | data_ptr | Pointer to Data |
[in] | iv_size | IV size of type sl_si91x_puf_iv_size_t |
[in] | iv_ptr | Pointer to Initialization Vector(IV) of size 16 or 32 bytes based on IV size. (valid only if mode is sl_si91x_puf_aes_mode_t::SL_SI91X_AES_CBC_MODE) |
[out] | aes_encry_resp | Pointer to response |
This operation generates encrypted data for the provided plain input data based on AES mode, key input and initialization vector.
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
227
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_aes_decrypt_req#
sl_status_t sl_si91x_puf_aes_decrypt_req (uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, uint8_t * data_ptr, uint16_t iv_size, uint8_t * iv_ptr, uint8_t * aes_decry_resp)
Decrypts data using the provided initialization vector and key, depending on the mode.
[in] | mode | AES mode of type sl_si91x_puf_aes_mode_t |
[in] | key_source | Key source of type sl_si91x_puf_key_source_t |
[in] | key_size | Key size of type sl_si91x_puf_key_size_t |
[in] | key_ptr | Pointer to key of size 16 or 32 bytes based on key size.(valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE) |
[in] | data_size | Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408) |
[in] | data_ptr | Pointer to Data |
[in] | iv_size | IV size of type sl_si91x_puf_iv_size_t |
[in] | iv_ptr | Pointer to Initialization Vector(IV) of size 16 or 32 bytes based on IV size. |
[out] | aes_decry_resp | Pointer to response |
This operation generates decrypted data for the provided encrypted data based on AES mode, key input and initialization vector.
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
256
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h
sl_si91x_puf_aes_mac_req#
sl_status_t sl_si91x_puf_aes_mac_req (uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, uint8_t * data_ptr, uint16_t iv_size, uint8_t * iv_ptr, uint8_t * aes_mac_resp)
Calculates Message Authentication Check (MAC) for given data using AES-CBC mode.
[in] | key_source | Key source of type sl_si91x_puf_key_source_t |
[in] | key_size | Key size of type sl_si91x_puf_key_size_t |
[in] | key_ptr | Pointer to key of size 16 or 32 bytes based on key size. (valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE) |
[in] | data_size | Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408) |
[in] | data_ptr | Pointer to Data |
[in] | iv_size | IV size of type sl_si91x_puf_iv_size_t |
[in] | iv_ptr | Pointer to IV of size 16 or 32 bytes based on IV size. |
[out] | aes_mac_resp | Pointer to response |
This operation generates Message Authentication Check (MAC) for the provided plain input data based on key input and initialization vector (IV). This operation is only used in AES-CBC mode.
Returns
sl_status_t. See Status Codes and Additional Status Codes for details.
285
of file components/device/silabs/si91x/wireless/crypto/puf/inc/sl_si91x_puf.h