1.1.15 Client - External Crypto Operations APIs

This interface manages the flow of information required for certain WINCS02 crypto operations to be performed externally (from the perspective of the WINCS02 device).

The only crypto operation which the WINCS02 allows to be performed externally is ECDSA signing for TLS.

The application may enable external ECDSA signing for TLS by registering a WDRV_WINC_EXTCRYPTO_SIGN_CB type callback using the TLS API function WDRV_WINC_TLSCtxSetSignCallback.

When the callback function is called, the application should perform the signing operation, then call the function WDRV_WINC_EXTCRYPTOSignResult with the result.

Signing using the on-module secure element

A primary use case for these APIs is the leveraging of the pre-provisioned ATECC608 Trust&GO secure element which is included in WINCS02UC and WINCS02PC modules.

The secure element features ECDSA P-256 signing, ECC Private Key secure storage, and X.509 compressed certificate storage. It can be accessed via I2C or SWI.

To leverage these features of the secure element, the application needs to:

Use ATECC608 APIs to retrieve the device certificate from the secure element. This certificate includes the public key corresponding to the securely stored private key.
Use File Operations APIs to load the certificate into the WINCS02 device.
Use TLS APIs to open a TLS context, set the certificate filename and register a WDRV_WINC_EXTCRYPTO_SIGN_CB type callback.
When the callback is received with a value to sign, use ATECC608 APIs to sign the value using the securely stored private key.
Call WDRV_WINC_EXTCRYPTOSignResult to send the signature to the WINCS02 device.