Functions#

This section provides a reference to the PUF Crypto API functions.

Functions#

sl_status_t

Starts PUF process.

sl_status_t
sl_si91x_puf_set_key_req(uint8_t key_index, uint8_t key_size, const uint8_t *key_ptr, uint8_t *key_code_ptr)

Sets key for the PUF.

sl_status_t

Blocks further set key operation on PUF.

sl_status_t
sl_si91x_puf_get_key_req(const uint8_t *key_code_ptr, uint8_t *key_ptr)

Performs a get key operation with the provided key code.

sl_status_t

Disables further key retrieval operations on PUF.

sl_status_t
sl_si91x_puf_load_key_req(const uint8_t *key_code_ptr)

Loads key code using PUF to AES engine.

sl_status_t
sl_si91x_puf_set_intr_key_req(uint8_t key_index, uint8_t key_size, uint8_t *intr_key_resp)

Sets intrinsic key operation.

sl_status_t
sl_si91x_puf_aes_encrypt_req(uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t *key_ptr, uint16_t data_size, const uint8_t *data_ptr, uint16_t iv_size, const uint8_t *iv_ptr, uint8_t *aes_encry_resp)

Encrypts data using the provided initialization vector and key, depending on the mode.

sl_status_t
sl_si91x_puf_aes_decrypt_req(uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t *key_ptr, uint16_t data_size, const uint8_t *data_ptr, uint16_t iv_size, const uint8_t *iv_ptr, uint8_t *aes_decry_resp)

Decrypts data using the provided initialization vector and key, depending on the mode.

sl_status_t
sl_si91x_puf_aes_mac_req(uint8_t key_source, uint16_t key_size, const uint8_t *key_ptr, uint16_t data_size, const uint8_t *data_ptr, uint16_t iv_size, const uint8_t *iv_ptr, uint8_t *aes_mac_resp)

Calculates Message Authentication Check (MAC) for given data using AES-CBC mode.

Function Documentation#

sl_si91x_puf_start_req#

sl_status_t sl_si91x_puf_start_req (void )

Starts PUF process.

Parameters
TypeDirectionArgument NameDescription
voidN/A

Device should contain a valid activation code (AC) in Flash. The activation code and the startup data are used to reconstruct the digital fingerprint. The activation code is generated by the manufacturer and flashed into the device. To generate and flash the activation code using Simplicity Commander, follow these steps:

  1. Connect the device to the host using a USB cable.

  2. Open terminal and enter the following command:

    commander manufacturing init --mbr ta_mbr_{OPN}.bin
    

Returns

Note

  • This function needs to be called after every power-up and reset.


sl_si91x_puf_set_key_req#

sl_status_t sl_si91x_puf_set_key_req (uint8_t key_index, uint8_t key_size, const uint8_t * key_ptr, uint8_t * key_code_ptr)

Sets key for the PUF.

Parameters
TypeDirectionArgument NameDescription
uint8_t[in]key_index

Key index ( valid range is 0 - 15 )

uint8_t[in]key_size

Key size of type sl_si91x_puf_key_size_t

const uint8_t *[in]key_ptr

Pointer to key of size 16 or 32 bytes based on the key size

uint8_t *[out]key_code_ptr

Pointer to key code with size of 52 bytes.

The digital fingerprint generated during the PUF start operations and a User Key (UK) provided by the client design are used to generate a Key Code (KC).

Returns

Note

  • This operation needs to be done only once for each user key.


sl_si91x_puf_set_key_disable_req#

sl_status_t sl_si91x_puf_set_key_disable_req (void )

Blocks further set key operation on PUF.

Parameters
TypeDirectionArgument NameDescription
voidN/A

Returns


sl_si91x_puf_get_key_req#

sl_status_t sl_si91x_puf_get_key_req (const uint8_t * key_code_ptr, uint8_t * key_ptr)

Performs a get key operation with the provided key code.

Parameters
TypeDirectionArgument NameDescription
const uint8_t *[in]key_code_ptr

Pointer to the Key Code with size of 52 bytes.

uint8_t *[out]key_ptr

Pointer to stored key response. The size of the response can be 16 or 32 bytes based on the key size.

The digital fingerprint generated during the start operation and the KC generated during a set key operation sl_si91x_puf_set_key_req, is used to retrieve a stored key.

  • Pre-conditions: To retrieve the key_ptr (UK), user must set the key_index in sl_si91x_puf_set_key_req to a value between 1 and 15 (inclusive).

Returns

Note

  • This operation needs to be done every time a key is needed.


sl_si91x_puf_get_key_disable_req#

sl_status_t sl_si91x_puf_get_key_disable_req (void )

Disables further key retrieval operations on PUF.

Parameters
TypeDirectionArgument NameDescription
voidN/A

Returns


sl_si91x_puf_load_key_req#

sl_status_t sl_si91x_puf_load_key_req (const uint8_t * key_code_ptr)

Loads key code using PUF to AES engine.

Parameters
TypeDirectionArgument NameDescription
const uint8_t *[in]key_code_ptr

Pointer to the key code with size of 52 bytes.

This is same as get key operation, but after retrieving key using sl_si91x_puf_set_key_req, it loads into AES engine.

  • Pre-conditions: The user must set the key_index in sl_si91x_puf_set_key_req to 0, indicating that only the Master Key can be loaded into the AES engine.

Returns

Note

  • This operation needs to be done for different keys to be loaded into AES engine.


sl_si91x_puf_set_intr_key_req#

sl_status_t sl_si91x_puf_set_intr_key_req (uint8_t key_index, uint8_t key_size, uint8_t * intr_key_resp)

Sets intrinsic key operation.

Parameters
TypeDirectionArgument NameDescription
uint8_t[in]key_index

Key index ( valid range is 0 - 15 )

uint8_t[in]key_size

Key size of type sl_si91x_puf_key_size_t

uint8_t *[out]intr_key_resp

Pointer to response

The digital fingerprint generated during the Enroll/Start operations sl_si91x_puf_start_req is used to generate a key code (KC) that defines a unique intrinsic key. This operation needs to be done only once for each intrinsic key. Each time a Set Intrinsic Key operation is executed a new unique key is generated.

Returns

Note

  • Intrinsic keys are randomly generated. They cannot be used for cryptographic algorithms that require specific keys, which is typical for public key schemes like RSA. In such cases, user keys should be used.


sl_si91x_puf_aes_encrypt_req#

sl_status_t sl_si91x_puf_aes_encrypt_req (uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, const uint8_t * data_ptr, uint16_t iv_size, const uint8_t * iv_ptr, uint8_t * aes_encry_resp)

Encrypts data using the provided initialization vector and key, depending on the mode.

Parameters
TypeDirectionArgument NameDescription
uint8_t[in]mode

AES mode of type sl_si91x_puf_aes_mode_t

uint8_t[in]key_source

Key source of type sl_si91x_puf_key_source_t

uint16_t[in]key_size

Key size of type sl_si91x_puf_key_size_t

const uint8_t *[in]key_ptr

Pointer to key of size 16 or 32 bytes based on key size.(valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE)

uint16_t[in]data_size

Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408)

const uint8_t *[in]data_ptr

Pointer to Data

uint16_t[in]iv_size

IV size of type sl_si91x_puf_iv_size_t

const uint8_t *[in]iv_ptr

Pointer to Initialization Vector(IV) of size 16 or 32 bytes based on IV size. (valid only if mode is sl_si91x_puf_aes_mode_t::SL_SI91X_AES_CBC_MODE)

uint8_t *[out]aes_encry_resp

Pointer to response

This operation generates encrypted data for the provided plain input data based on AES mode, key input and initialization vector.

Returns


sl_si91x_puf_aes_decrypt_req#

sl_status_t sl_si91x_puf_aes_decrypt_req (uint8_t mode, uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, const uint8_t * data_ptr, uint16_t iv_size, const uint8_t * iv_ptr, uint8_t * aes_decry_resp)

Decrypts data using the provided initialization vector and key, depending on the mode.

Parameters
TypeDirectionArgument NameDescription
uint8_t[in]mode

AES mode of type sl_si91x_puf_aes_mode_t

uint8_t[in]key_source

Key source of type sl_si91x_puf_key_source_t

uint16_t[in]key_size

Key size of type sl_si91x_puf_key_size_t

const uint8_t *[in]key_ptr

Pointer to key of size 16 or 32 bytes based on key size.(valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE)

uint16_t[in]data_size

Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408)

const uint8_t *[in]data_ptr

Pointer to Data

uint16_t[in]iv_size

IV size of type sl_si91x_puf_iv_size_t

const uint8_t *[in]iv_ptr

Pointer to Initialization Vector(IV) of size 16 or 32 bytes based on IV size.

uint8_t *[out]aes_decry_resp

Pointer to response

This operation generates decrypted data for the provided encrypted data based on AES mode, key input and initialization vector.

Returns


sl_si91x_puf_aes_mac_req#

sl_status_t sl_si91x_puf_aes_mac_req (uint8_t key_source, uint16_t key_size, const uint8_t * key_ptr, uint16_t data_size, const uint8_t * data_ptr, uint16_t iv_size, const uint8_t * iv_ptr, uint8_t * aes_mac_resp)

Calculates Message Authentication Check (MAC) for given data using AES-CBC mode.

Parameters
TypeDirectionArgument NameDescription
uint8_t[in]key_source

Key source of type sl_si91x_puf_key_source_t

uint16_t[in]key_size

Key size of type sl_si91x_puf_key_size_t

const uint8_t *[in]key_ptr

Pointer to key of size 16 or 32 bytes based on key size. (valid only if key_source is sl_si91x_puf_key_source_t::SL_SI91X_AES_AS_KEY_SOURCE)

uint16_t[in]data_size

Size of data in bytes (value that should be multiples of AES block size in range 16 - 1408)

const uint8_t *[in]data_ptr

Pointer to Data

uint16_t[in]iv_size

IV size of type sl_si91x_puf_iv_size_t

const uint8_t *[in]iv_ptr

Pointer to IV of size 16 or 32 bytes based on IV size.

uint8_t *[out]aes_mac_resp

Pointer to response

This operation generates Message Authentication Check (MAC) for the provided plain input data based on key input and initialization vector (IV). This operation is only used in AES-CBC mode.

Returns