# `Grizzly.ZWave.Security`
[🔗](https://github.com/smartrent/grizzly/blob/v9.1.4/lib/grizzly/zwave/security.ex#L1)

Helpers for security

# `key`

```elixir
@type key() :: s2_key() | :s0
```

# `key_byte`

```elixir
@type key_byte() :: 1 | 2 | 4 | 128
```

# `key_exchange_fail_type`

```elixir
@type key_exchange_fail_type() ::
  :none
  | :key
  | :scheme
  | :curves
  | :decrypt
  | :cancel
  | :auth
  | :get
  | :verify
  | :report
```

Possible key exchange failures

- `:none` - Bootstrapping was successful
- `:key` - No match between requested and granted keys
- `:scheme` - no scheme is supported by the controller or joining node
- `:decrypt` - joining node failed to decrypt the input pin from the value. Wrong input value/DSK from user
- `:cancel` - user has canceled the S2 bootstrapping
- `:auth` - the echo kex change frame does not match the earlier exchanged frame
- `:get` - the joining node requested a key that was not granted by the controller at an earlier stage
- `:verify` - the joining node cannot verify and decrypt the exchanged key
- `:report` - the including node transmitted a frame containing a different key than what was currently being exchanged

# `s2_key`

```elixir
@type s2_key() :: :s2_unauthenticated | :s2_authenticated | :s2_access_control
```

# `byte_to_keys`

```elixir
@spec byte_to_keys(byte()) :: [key()]
```

# `failed_type_from_byte`

```elixir
@spec failed_type_from_byte(byte()) :: key_exchange_fail_type()
```

Decode a byte representation of the key exchanged failed type

# `failed_type_to_byte`

```elixir
@spec failed_type_to_byte(key_exchange_fail_type()) :: byte()
```

# `get_highest_level`

```elixir
@spec get_highest_level([key()]) :: key() | :none
```

Gets the highest security level key from a key list

Since Z-Wave will work at the highest S2 security group
available on a node, if multiple groups are in a list of keys
it will assume that highest level is the security level of the node
who provided this list.

If the node S0 security Z-Wave will response with granted keys
with the lone key being S0.

# `key_from_byte`

```elixir
@spec key_from_byte(key_byte()) :: key()
```

Get the key represented by the given byte.

# `key_to_byte`

```elixir
@spec key_to_byte(key()) :: key_byte()
```

Get the byte representation of a key.

The key `:none` is an invalid key to encode to,
so this function does not support encoding to that
key.

# `keys`

```elixir
@spec keys() :: [key()]
```

Get the list of available security keys

# `keys_to_byte`

```elixir
@spec keys_to_byte([key()]) :: byte()
```

# `validate_user_input_pin_length`

```elixir
@spec validate_user_input_pin_length(non_neg_integer()) :: :valid | :invalid
```

Validate the user input pin length, should be a 16 bit number

---

*Consult [api-reference.md](api-reference.md) for complete listing*