Function anjay_security_object_install_with_hsm

Function Documentation

int anjay_security_object_install_with_hsm(anjay_t *anjay, const anjay_security_hsm_configuration_t *hsm_config)

Installs the Security Object in an Anjay instance, with support for moving security credentials to a hardware security module.

For each of the security credential type for which the query string generation callback is provided, any credentials provisioned either using anjay_security_object_add_instance or by the Bootstrap Server, will be stored in the hardware security module and wiped from the main system memory. These credentials will be managed by Anjay and automatically deleted when removed from the data model (either by the Bootstrap Server or anjay_security_object_purge) or when the object is cleaned up without having been properly persisted (see the next paragraph for details).

The Security module does not require explicit cleanup; all resources will be automatically freed up during the call to anjay_delete - in this case this will also cause the removal of all the keys moved into the hardware security module, unless unchanged since the last call to anjay_security_object_persist or anjay_security_object_restore, or marked permanent using anjay_security_mark_hsm_permanent.

Parameters:

  • anjay – Anjay instance for which the Security Object is installed.

  • hsm_config – Configuration of the mechanism that moves security credentials to the hardware security module. When the pointer is NULL or all of the callback fields are NULL, this functions is equivalent to anjay_security_object_install.

Returns:

0 on success, or a negative value in case of error.