Mbed OS Reference
Loading...
Searching...
No Matches
DeviceKey Class Reference

Use this singleton if you need to derive a new key from the device root of trust. More...

#include <DeviceKey.h>

Inheritance diagram for DeviceKey:
NonCopyable< DeviceKey >

Public Member Functions

int generate_derived_key (const unsigned char *isalt, size_t isalt_size, unsigned char *output, uint16_t ikey_type)
 Derive a new key based on the salt string. More...
 
int device_inject_root_of_trust (uint32_t *value, size_t isize)
 Set a device key into the KVStore. More...
 
int generate_root_of_trust (size_t key_size=16)
 Generate Root of Trust. More...
 

Static Public Member Functions

static DeviceKeyget_instance ()
 As a singleton, return the single instance of the class. More...
 

Detailed Description

Use this singleton if you need to derive a new key from the device root of trust.

Note
Synchronization level: Thread safe

Definition at line 67 of file DeviceKey.h.

Member Function Documentation

◆ get_instance()

static DeviceKey & get_instance ( )
static

As a singleton, return the single instance of the class.

Reason for this class being a singleton is the following:

  • Ease of use for users of this class not having to coordinate instantiations.
  • Lazy instantiation of internal data (which we can't achieve with simple static classes).
Returns
Singleton instance reference.

Definition at line 78 of file DeviceKey.h.

◆ generate_derived_key()

int generate_derived_key ( const unsigned char *  isalt,
size_t  isalt_size,
unsigned char *  output,
uint16_t  ikey_type 
)

Derive a new key based on the salt string.

Parameters
isaltInput buffer used to create the new key. Same input always generates the same key
isalt_sizeSize of the data in salt buffer.
outputBuffer to receive the derived key. Size must be 16 bytes or 32 bytes according to the ikey_type parameter
ikey_typeType of the required key. Must be 16 bytes or 32 bytes.
Returns
0 on success, negative error code on failure

◆ device_inject_root_of_trust()

int device_inject_root_of_trust ( uint32_t *  value,
size_t  isize 
)

Set a device key into the KVStore.

If entropy support is missing, call this method before calling device_key_derived_key. This method should be called only once!

Parameters
valueInput buffer contain the key.
isizeSize of the supplied key. Must be 16 bytes or 32 bytes.
Returns
0 on success, negative error code on failure

◆ generate_root_of_trust()

int generate_root_of_trust ( size_t  key_size = 16)

Generate Root of Trust.

Uses TRNG or various other entropy sources to generate random device key and inject it into device's KVStore. Device Key can only be generated once.

Parameters
key_sizeSize of key in bytes to generate. Must be 16 bytes or 32 bytes. Default is 16 bytes.
Returns
DEVICEKEY_SUCCESS, when device key successfully generated and injected.
DEVICEKEY_ALREADY_EXIST, if the key has already been written.
DEVICEKEY_GENERATE_RANDOM_ERROR if this device does not contain entropy sources and cannot generate a key.
DEVICEKEY_INVALID_KEY_SIZE if key_size is not 32 or 16 bytes.
error codes on other failures.