KNX IoT
KNX IoT Point API stack implementation
Enumerations | Functions
oc_pki.h File Reference

public key infrastructure (PKI) functions More...

#include <stddef.h>

Go to the source code of this file.

Enumerations

enum  oc_sp_types_t { OC_SP_BASELINE = 1 << 1 , OC_SP_BLACK = 1 << 2 , OC_SP_BLUE = 1 << 3 , OC_SP_PURPLE = 1 << 4 }
 defined security profiles More...
 

Functions

int oc_pki_add_mfg_cert (size_t device, const unsigned char *cert, size_t cert_size, const unsigned char *key, size_t key_size)
 Add the manufactures PKI identity certificate. More...
 
int oc_pki_add_mfg_intermediate_cert (size_t device, int credid, const unsigned char *cert, size_t cert_size)
 Add an intermediate manufacture CA certificate. More...
 
int oc_pki_add_mfg_trust_anchor (size_t device, const unsigned char *cert, size_t cert_size)
 Add manufacture trust anchor CA. More...
 
int oc_pki_add_trust_anchor (size_t device, const unsigned char *cert, size_t cert_size)
 Add trust anchor CA. More...
 
void oc_pki_set_security_profile (size_t device, oc_sp_types_t supported_profiles, oc_sp_types_t current_profile, int mfg_credid)
 Set the Security Profile. More...
 

Detailed Description

public key infrastructure (PKI) functions

public key infrastructure (PKI) functions

Collection of functions used to add public key infrastructure (PKI) support to devices.

This is work in progress

Definition in file oc_pki.h.

Enumeration Type Documentation

◆ oc_sp_types_t

enum oc_sp_types_t

defined security profiles

Security Profiles differentiate devices based on requirements.

Enumerator
OC_SP_BASELINE 

The Baseline Security Profile.

OC_SP_BLACK 

The Black Security Profile.

OC_SP_BLUE 

The Blue Security Profile.

OC_SP_PURPLE 

The Purple Security Profile.

Definition at line 43 of file oc_pki.h.

43  {
44  OC_SP_BASELINE = 1 << 1,
45  OC_SP_BLACK = 1 << 2,
46  OC_SP_BLUE = 1 << 3,
47  OC_SP_PURPLE = 1 << 4
48 } oc_sp_types_t;
oc_sp_types_t
oc_sp_types_t
defined security profiles
Definition: oc_pki.h:43
OC_SP_BLACK
@ OC_SP_BLACK
The Black Security Profile.
Definition: oc_pki.h:45
OC_SP_BASELINE
@ OC_SP_BASELINE
The Baseline Security Profile.
Definition: oc_pki.h:44
OC_SP_BLUE
@ OC_SP_BLUE
The Blue Security Profile.
Definition: oc_pki.h:46
OC_SP_PURPLE
@ OC_SP_PURPLE
The Purple Security Profile.
Definition: oc_pki.h:47

Function Documentation

◆ oc_pki_add_mfg_cert()

int oc_pki_add_mfg_cert ( size_t  device,
const unsigned char *  cert,
size_t  cert_size,
const unsigned char *  key,
size_t  key_size 
)

Add the manufactures PKI identity certificate.

Parameters
[in]deviceindex of the logical device the identity certificate belongs to
[in]certpointer to a string containing a PEM encoded identity certificate
[in]cert_sizethe size of the cert string
[in]keythe PEM encoded private key associated with this certificate
[in]key_sizethe size of the key string
Returns
  • the credential ID of the /oic/sec/cred entry containing the certificate chain
  • -1 on failure

◆ oc_pki_add_mfg_intermediate_cert()

int oc_pki_add_mfg_intermediate_cert ( size_t  device,
int  credid,
const unsigned char *  cert,
size_t  cert_size 
)

Add an intermediate manufacture CA certificate.

Parameters
[in]deviceindex of the logical device the certificate chain belongs to
[in]credidthe credential ID of the /oic/sec/cred entry containing the end-entity certificate
[in]certpointer to a string containing a PEM encoded certificate
[in]cert_sizethe size of the cert string
Returns
  • the credential ID of the /oic/sec/cred entry containing the certificate chain
  • -1 on failure

◆ oc_pki_add_mfg_trust_anchor()

int oc_pki_add_mfg_trust_anchor ( size_t  device,
const unsigned char *  cert,
size_t  cert_size 
)

Add manufacture trust anchor CA.

Parameters
[in]deviceindex of the logical device the trust anchor CA belongs to
[in]certpointer to a string containing a PEM encoded certificate
[in]cert_sizethe size of the cert string
Returns
  • the credential ID of the /oic/sec/cred entry containing the certificate chain
  • -1 on failure

◆ oc_pki_add_trust_anchor()

int oc_pki_add_trust_anchor ( size_t  device,
const unsigned char *  cert,
size_t  cert_size 
)

Add trust anchor CA.

Parameters
[in]deviceindex of the logical device the trust anchor CA belongs to
[in]certpointer to a string containing a PEM encoded certificate
[in]cert_sizethe size of the cert strung
Returns
  • the credential ID of the /oic/sec/cred entry containing the certificate chain
  • -1 on failure

◆ oc_pki_set_security_profile()

void oc_pki_set_security_profile ( size_t  device,
oc_sp_types_t  supported_profiles,
oc_sp_types_t  current_profile,
int  mfg_credid 
)

Set the Security Profile.

The Security Specification defines several Security Profiles that can be selected based on the security requirements of different verticals such as such as industrial, health care, or smart home.

There are currently five types of Security Profiles.

Parameters
[in]deviceindex of the logical device the security profile is be set on
[in]supported_profilesa bitwise OR list of oc_sp_types_t that are supported by the device. The current_profile value may be changed to one of the other supported_profiles during the onboarding process.
[in]current_profilethe currently selected security profile
[in]mfg_credidthe credential ID of the entry containing the manufactures end-entity certificate