Infuse security API. More...

Data Structures
struct	infuse_security_key_params
	Parameters to control key creation. More...

Functions
int	infuse_security_init (void)
	Initialise core security systems.
void	infuse_security_disable_dap (void)
	Disable the Debug-Access-Port.
int	infuse_security_device_root_reset (void)
	Reset the device root key-pair.
psa_key_attributes_t	infuse_security_hkdf_attributes (void)
	Retrieve the key attributes required for creating a key compatible with infuse_security_derive_chacha_key.
int	infuse_security_cloud_public_key (uint8_t public_key[32])
	Retrieve current cloud public key.
int	infuse_security_device_public_key (uint8_t public_key[32])
	Retrieve current device public key.
int	infuse_security_secondary_remote_public_key (uint8_t public_key[32])
	Retrieve current secondary remote public key.
psa_key_id_t	infuse_security_device_root_key (void)
	Get device root key identifier.
psa_key_id_t	infuse_security_secondary_device_root_key (void)
	Get secondary device root key identifier.
psa_key_id_t	infuse_security_device_sign_key (void)
	Get device signing key identifier.
psa_key_id_t	infuse_security_secondary_device_sign_key (void)
	Get secondary device signing key identifier.
psa_key_id_t	infuse_security_network_root_key (void)
	Get network root key identifier.
psa_key_id_t	infuse_security_secondary_network_root_key (void)
	Get secondary network root key identifier.
sec_tag_t	infuse_security_coap_dtls_tag (void)
	Get security tag for use with Infuse-IoT COAP server.
psa_key_id_t	infuse_security_derive_key (const struct infuse_security_key_params *params)
	Derive a key for use with PSA.
psa_key_id_t	infuse_security_derive_chacha_key (psa_key_id_t base_key, const void salt, size_t salt_len, const void info, size_t info_len, bool force_export)
	Derive a key for use with ChaCha20-Poly1305.
int	infuse_security_secondary_device_key_reset (void)
	Delete cached secondary device key information.
int	infuse_security_network_key_write (uint32_t id, const uint8_t key[32])
	Update the device network key.
int	infuse_security_secondary_network_key_write (uint32_t id, const uint8_t key[32])
	Update the device secondary network key.
uint32_t	infuse_security_device_key_identifier (void)
	Get the current device key identifier.
uint32_t	infuse_security_secondary_device_key_identifier (void)
	Get the current secondary device key identifier.
uint32_t	infuse_security_network_key_identifier (void)
	Get the current network key identifier.
uint32_t	infuse_security_secondary_network_key_identifier (void)
	Get the secondary network key identifier.

Detailed Description

Infuse security API.

Function Documentation

◆ infuse_security_cloud_public_key()

int infuse_security_cloud_public_key ( uint8_t public_key[32] )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Retrieve current cloud public key.

Parameters

public_key Storage for public key

Return values

0 Always

◆ infuse_security_coap_dtls_tag()

sec_tag_t infuse_security_coap_dtls_tag ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get security tag for use with Infuse-IoT COAP server.

Returns: sec_tag_t Security tag for use with zsock_setsockopt

◆ infuse_security_derive_chacha_key()

psa_key_id_t infuse_security_derive_chacha_key	(	psa_key_id_t	base_key,
		const void *	salt,
		size_t	salt_len,
		const void *	info,
		size_t	info_len,
		bool	force_export )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Derive a key for use with ChaCha20-Poly1305.

Parameters

base_key	Base key to use for HKDF
salt	Key derivation randomisation
salt_len	Length of salt
info	Optional application/usage specific array
info_len	Length of info
force_export	Force set PSA_KEY_USAGE_EXPORT attribute on generated key

Returns: psa_key_id_t Derived key identifier

◆ infuse_security_derive_key()

psa_key_id_t infuse_security_derive_key ( const struct infuse_security_key_params * params )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Derive a key for use with PSA.

Parameters

params Key parameters

Returns: psa_key_id_t Derived key identifier

◆ infuse_security_device_key_identifier()

uint32_t infuse_security_device_key_identifier ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security_ids.h>

Get the current device key identifier.

The device key identifier is constructed as a CRC32 hash computed over the cloud and device public keys, truncated to 24 bits.

Returns: uint32_t 24bit device key identifier

◆ infuse_security_device_public_key()

int infuse_security_device_public_key ( uint8_t public_key[32] )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Retrieve current device public key.

Parameters

public_key Storage for public key

Return values

0 Always

◆ infuse_security_device_root_key()

psa_key_id_t infuse_security_device_root_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get device root key identifier.

Note: This key is only valid for key derivation options through HKDF

Returns: psa_key_id_t Device root key identifier

◆ infuse_security_device_root_reset()

int infuse_security_device_root_reset ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Reset the device root key-pair.

After the next reboot a new root key-pair will be generated, requiring external devices to re-query the root public key.

Note: The credentials from before this function is called will remain valid until the device is reset.

Return values

0	On success
-errno	On failure

◆ infuse_security_device_sign_key()

psa_key_id_t infuse_security_device_sign_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get device signing key identifier.

Note: This key is only valid for ChaCha20-Poly1305 operations

Returns: psa_key_id_t Device signing key identifier

◆ infuse_security_disable_dap()

void infuse_security_disable_dap ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Disable the Debug-Access-Port.

◆ infuse_security_hkdf_attributes()

psa_key_attributes_t infuse_security_hkdf_attributes ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Retrieve the key attributes required for creating a key compatible with infuse_security_derive_chacha_key.

Returns: psa_key_attributes_t Key attributes

◆ infuse_security_init()

int infuse_security_init ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Initialise core security systems.

Return values

0	on success
-errno	negative error code on failure

◆ infuse_security_network_key_identifier()

uint32_t infuse_security_network_key_identifier ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security_ids.h>

Get the current network key identifier.

Returns: uint32_t 24 bit network key identifier

◆ infuse_security_network_key_write()

int infuse_security_network_key_write	(	uint32_t	id,
		const uint8_t	key[32] )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Update the device network key.

Note: Does not reload any key information loaded by other modules. Generally the device must be rebooted to apply the new key.

Parameters

id	24 bit network key identifier
key	Root network key

Return values

0	On success
-errno	On failure

◆ infuse_security_network_root_key()

psa_key_id_t infuse_security_network_root_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get network root key identifier.

Note: This key is only valid for key derivation options through HKDF

Returns: psa_key_id_t Network root key identifier

◆ infuse_security_secondary_device_key_identifier()

uint32_t infuse_security_secondary_device_key_identifier ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security_ids.h>

Get the current secondary device key identifier.

The device key identifier is constructed as a CRC32 hash computed over the remote and device public keys, truncated to 24 bits.

Returns: uint32_t 24bit secondary device key identifier

◆ infuse_security_secondary_device_key_reset()

int infuse_security_secondary_device_key_reset ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Delete cached secondary device key information.

Return values

0	On success
-ENOENT	if no cached key information exists
-EIO	On other error

◆ infuse_security_secondary_device_root_key()

psa_key_id_t infuse_security_secondary_device_root_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get secondary device root key identifier.

Note: This key is only valid for key derivation options through HKDF

Returns: psa_key_id_t Secondary device root key identifier

◆ infuse_security_secondary_device_sign_key()

psa_key_id_t infuse_security_secondary_device_sign_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get secondary device signing key identifier.

Note: This key is only valid for ChaCha20-Poly1305 operations

Returns: psa_key_id_t Device signing key identifier

◆ infuse_security_secondary_network_key_identifier()

uint32_t infuse_security_secondary_network_key_identifier ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security_ids.h>

Get the secondary network key identifier.

Depends on CONFIG_INFUSE_SECURITY_SECONDARY_NETWORK_ENABLE.

Returns: uint32_t 24 bit network key identifier

◆ infuse_security_secondary_network_key_write()

int infuse_security_secondary_network_key_write	(	uint32_t	id,
		const uint8_t	key[32] )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Update the device secondary network key.

Note: Does not reload any key information loaded by other modules. Generally the device must be rebooted to apply the new key.

Parameters

id	24 bit network key identifier
key	Root network key

Return values

0	On success
-errno	On failure

◆ infuse_security_secondary_network_root_key()

psa_key_id_t infuse_security_secondary_network_root_key ( void )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Get secondary network root key identifier.

Depends on CONFIG_INFUSE_SECURITY_SECONDARY_NETWORK_ENABLE.

Note: This key is only valid for key derivation options through HKDF

Returns: psa_key_id_t Network root key identifier

◆ infuse_security_secondary_remote_public_key()

int infuse_security_secondary_remote_public_key ( uint8_t public_key[32] )

#include </__w/infuse-sdk/infuse-sdk/infuse-sdk/include/infuse/security.h>

Retrieve current secondary remote public key.

Parameters

public_key Storage for public key

Return values

0	Key successfully read
-errno	Key read error

Data Structures

Functions

Detailed Description

Function Documentation

◆ infuse_security_cloud_public_key()

◆ infuse_security_coap_dtls_tag()

◆ infuse_security_derive_chacha_key()

◆ infuse_security_derive_key()

◆ infuse_security_device_key_identifier()

◆ infuse_security_device_public_key()

◆ infuse_security_device_root_key()

◆ infuse_security_device_root_reset()

◆ infuse_security_device_sign_key()

◆ infuse_security_disable_dap()

◆ infuse_security_hkdf_attributes()

◆ infuse_security_init()

◆ infuse_security_network_key_identifier()

◆ infuse_security_network_key_write()

◆ infuse_security_network_root_key()

◆ infuse_security_secondary_device_key_identifier()

◆ infuse_security_secondary_device_key_reset()

◆ infuse_security_secondary_device_root_key()

◆ infuse_security_secondary_device_sign_key()

◆ infuse_security_secondary_network_key_identifier()

◆ infuse_security_secondary_network_key_write()

◆ infuse_security_secondary_network_root_key()

◆ infuse_security_secondary_remote_public_key()