key_config_manager.h File Reference

This API adds next certificate of chain to the storage.

It also validates the previous certificate (unless it is the first certificate) with the public key from kcm_cert_data. The certificates should be added in the order from lowest child, followed by the certificate that signs it and so on, all the way to the root of the chain.

Parameters:

[in]	kcm_chain_handle	certificate chain handle.
[in]	kcm_cert_data	pointer to certificate data in DER format.
[in]	kcm_cert_data_size	size of certificate data buffer.

Returns:

KCM_STATUS_SUCCESS in case of success. KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED in case that one of the certificate in the chain failed to verify its predecessor In other casese - one of the `kcm_status_e` errors.

Definition at line 557 of file key_config_manager.c.

The API releases the context and frees allocated resources.

When operation type is creation--> if total number of added/stored certificates is not equal to number of certificates in the chain, the API will return an error.

Parameters:

[in]

kcm_chain_handle

certificate chain handle.

Returns:

KCM_STATUS_SUCCESS in case of success. KCM_STATUS_CLOSE_INCOMPLETE_CHAIN in case of not all certificates were saved. In this case the chain will be deleted. Otherwise one of the `kcm_status_e` errors.

Definition at line 789 of file key_config_manager.c.

The API initializes chain context for write chain operation, This API should be called prior to kcm_cert_chain_add_next API.

Parameters:

[out]	kcm_chain_handle	pointer to certificate chain handle.
[in]	kcm_chain_name	pointer to certificate chain name.
[in]	kcm_chain_name_len	length of certificate name buffer.
[in]	kcm_chain_len	number of certificates in the chain.
[in]	kcm_chain_is_factory	True if the KCM chain is a factory item, otherwise false.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 406 of file key_config_manager.c.

The API deletes all certificates of the chain from the storage.

Parameters:

[in]	kcm_chain_name	pointer to certificate chain name.
[in]	kcm_chain_name_len	length of certificate chain name.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 636 of file key_config_manager.c.

The API returns data of the next certificate in the chain.

To get exact size of a next certificate use kcm_cert_chain_get_next_size. In the end of get data operation, chain context points to the next certificate of current chain.

Parameters:

[in]	kcm_chain_handle	certificate chain handle.
	in/out]	kcm_cert_data pointer to certificate data in DER format.
[in]	kcm_max_cert_data_size	max size of certificate data buffer.
[out]	kcm_actual_cert_data_size	actual size of certificate data.

Returns:

KCM_STATUS_SUCCESS in case of success. KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN in case we reached the end of the chain Otherwise one of the `kcm_status_e` errors.

Definition at line 742 of file key_config_manager.c.

The API returns size of the next certificate in the chain.

This API should be called prior to kcm_cert_chain_get_next_data. This operation does not increase chain's context iterator.

Parameters:

[in]	kcm_chain_handle	certificate chain handle.
[out]	kcm_cert_data_size	pointer size of next certificate.

Returns:

KCM_STATUS_SUCCESS in case of success. KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN in case we reached the end of the chain Otherwise one of the `kcm_status_e` errors.

Definition at line 700 of file key_config_manager.c.

The API initializes chain context for read chain operation.

This API should be called prior to kcm_cert_chain_get_next_size and kcm_cert_chain_get_next_data APIs

Parameters:

[out]	kcm_chain_handle	pointer to certificate chain handle.
[in]	kcm_chain_name	pointer to certificate chain name.
[in]	kcm_chain_name_len	size of certificate name buffer.
[out]	kcm_chain_len	length of certificate chain.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 471 of file key_config_manager.c.

Verify the device-generated certificate against given private key name from storage.

This function can be called when certificate creation is initiated by device using `kcm_generate_keys_and_csr` or `kcm_csr_generate` functions. In this case, the function checks correlation between certificate's public key and given private key generated by the device and saved in device storage.

Parameters:

[in]	kcm_cert_data	DER certificate data buffer.
[in]	kcm_cert_data_size	DER certificate data buffer size in bytes.
[in]	kcm_priv_key_name	Private key name of the certificate, the function assumes that the key was generated by the device and saved in the storage.
[in]	kcm_priv_key_name_len	Private key name length of the certificate.

Returns:

KCM_STATUS_SUCCESS in case of success. KCM_STATUS_ITEM_NOT_FOUND in case private key wasn't found in the storage, otherwise one of the `kcm_status_e` errors.

Definition at line 1041 of file key_config_manager.c.

Generate a general CSR from the given private key.

Parameters:

private_key_name	The private key name to fetch from storage.
private_key_name_len	The private key name len.
csr_params	CSR parameters.
csr_buff_out	Pointer to generated CSR buffer to fill.
csr_buff_max_size	Size of the supplied CSR buffer.
csr_buff_act_size	Actual size of the filled CSR buffer.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 904 of file key_config_manager.c.

Reset the KCM secure storage to factory state.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 359 of file key_config_manager.c.

Finalize the KCM module.

Finalizes and frees file storage resources.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 123 of file key_config_manager.c.

Generate private and public key and CSR from the generated keys.

Parameters:

key_scheme	The cryptographic scheme.
private_key_name	The private key name to generate.
private_key_name_len	The private key name len.
public_key_name	The public key name for which a key pair is generated. This parameter is optional. If not provided, the key will be generated, but not stored.
public_key_name_len	Public key name length. Must be 0, if public_key_name not provided.
kcm_item_is_factory	True if the KCM item is a factory item, otherwise false.
csr_params	CSR parameters.
csr_buff_out	Pointer to generated CSR buffer to fill.
csr_buff_max_size	Size of the supplied CSR buffer.
csr_buff_act_size	Actual size of the filled CSR buffer.
kcm_data_pkcm_params	Additional kcm_params. Currently void.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 958 of file key_config_manager.c.

Initiate the KCM module.

Allocates and initializes file storage resources.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 97 of file key_config_manager.c.

Delete a KCM item from a secure storage.

Parameters:

[in]	kcm_item_name	KCM item name.
[in]	kcm_item_name_len	KCM item name length.
[in]	kcm_item_type	KCM item type as defined in `kcm_item_type_e`

Returns:

KCM_STATUS_SUCCESS status in case of success or one of kcm_status_e errors otherwise.

Definition at line 322 of file key_config_manager.c.

Retrieve KCM item data from a secure storage.

Parameters:

[in]	kcm_item_name	KCM item name.
[in]	kcm_item_name_len	KCM item name length.
[in]	kcm_item_type	KCM item type as defined in `kcm_item_type_e`
[out]	kcm_item_data_out	KCM item data output buffer. Can be NULL if `kcm_item_data_size` is 0.
[in]	kcm_item_data_max_size	The maximum size of the KCM item data output buffer in bytes.
[out]	kcm_item_data_act_size_out	Actual KCM item data output buffer size in bytes.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 260 of file key_config_manager.c.

Retrieve the KCM item data size from a secure storage.

Parameters:

[in]	kcm_item_name	KCM item name.
[in]	kcm_item_name_len	KCM item name length.
[in]	kcm_item_type	KCM item type as defined in `kcm_item_type_e`
[out]	kcm_item_data_size_out	KCM item data size in bytes.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 215 of file key_config_manager.c.

Store the KCM item into a secure storage.

Parameters:

[in]	kcm_item_name	KCM item name.
[in]	kcm_item_name_len	KCM item name length.
[in]	kcm_item_type	KCM item type as defined in `kcm_item_type_e`
[in]	kcm_item_is_factory	True if the KCM item is a factory item, otherwise false.
[in]	kcm_item_data	KCM item data buffer. Can be NULL if `kcm_item_data_size` is 0.
[in]	kcm_item_data_size	KCM item data buffer size in bytes. Can be 0 if you wish to store an empty file.
[in]	security_desc	Security descriptor.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 148 of file key_config_manager.c.

Generate a key pair complying the given cryptographic scheme in DER format.

Saves private key and public key if provided.

Parameters:

key_scheme	The cryptographic scheme.
private_key_name	The private key name for which a key pair is generated.
private_key_name_len	Private key name length
public_key_name	The public key name for which a key pair is generated. This parameter is optional. If not provided, the key will be generated, but not stored.
public_key_name_len	Public key name length. Must be 0, if public_key_name not provided.
kcm_item_is_factory	True if the KCM item is a factory item, otherwise false.
kcm_params	Additional kcm_params. Currently void.

Returns:

KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.

Definition at line 832 of file key_config_manager.c.