Simulated product dispenser
Fork of mbed-cloud-workshop-connect-HTS221 by
key_config_manager.h File Reference
Keys and Configuration Manager (KCM) APIs. More...
Go to the source code of this file.
Functions | |
kcm_status_e | kcm_init (void) |
Initiate the KCM module. | |
kcm_status_e | kcm_finalize (void) |
Finalize the KCM module. | |
kcm_status_e | kcm_item_store (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, bool kcm_item_is_factory, const uint8_t *kcm_item_data, size_t kcm_item_data_size, const kcm_security_desc_s security_desc) |
Store the KCM item into a secure storage. | |
kcm_status_e | kcm_item_get_data_size (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, size_t *kcm_item_data_size_out) |
Retrieve the KCM item data size from a secure storage. | |
kcm_status_e | kcm_item_get_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t *kcm_item_data_out, size_t kcm_item_data_max_size, size_t *kcm_item_data_act_size_out) |
Retrieve KCM item data from a secure storage. | |
kcm_status_e | kcm_item_delete (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type) |
Delete a KCM item from a secure storage. | |
kcm_status_e | kcm_cert_chain_create (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t kcm_chain_len, bool kcm_chain_is_factory) |
The API initializes chain context for write chain operation, This API should be called prior to kcm_cert_chain_add_next API. | |
kcm_status_e | kcm_cert_chain_open (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t *kcm_chain_len_out) |
The API initializes chain context for read chain operation. | |
kcm_status_e | kcm_cert_chain_add_next (kcm_cert_chain_handle kcm_chain_handle, const uint8_t *kcm_cert_data, size_t kcm_cert_data_size) |
This API adds next certificate of chain to the storage. | |
kcm_status_e | kcm_cert_chain_delete (const uint8_t *kcm_chain_name, size_t kcm_chain_name_len) |
The API deletes all certificates of the chain from the storage. | |
kcm_status_e | kcm_cert_chain_get_next_size (kcm_cert_chain_handle kcm_chain_handle, size_t *kcm_cert_data_size) |
The API returns size of the next certificate in the chain. | |
kcm_status_e | kcm_cert_chain_get_next_data (kcm_cert_chain_handle kcm_chain_handle, uint8_t *kcm_cert_data, size_t kcm_max_cert_data_size, size_t *kcm_actual_cert_data_size) |
The API returns data of the next certificate in the chain. | |
kcm_status_e | kcm_cert_chain_close (kcm_cert_chain_handle kcm_chain_handle) |
The API releases the context and frees allocated resources. | |
kcm_status_e | kcm_factory_reset (void) |
Reset the KCM secure storage to factory state. | |
kcm_status_e | kcm_key_pair_generate_and_store (const kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_security_desc_s *kcm_params) |
Generate a key pair complying the given cryptographic scheme in DER format. | |
kcm_status_e | kcm_csr_generate (const uint8_t *private_key_name, size_t private_key_name_len, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size) |
Generate a general CSR from the given private key. | |
kcm_status_e | kcm_generate_keys_and_csr (kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size_out, const kcm_security_desc_s *kcm_params) |
Generate private and public key and CSR from the generated keys. | |
kcm_status_e | kcm_certificate_verify_with_private_key (const uint8_t *kcm_cert_data, size_t kcm_cert_data_size, const uint8_t *kcm_priv_key_name, size_t kcm_priv_key_name_len) |
Verify the device-generated certificate against given private key name from storage. |
Detailed Description
Keys and Configuration Manager (KCM) APIs.
Definition in file key_config_manager.h.
Function Documentation
kcm_status_e kcm_cert_chain_add_next | ( | kcm_cert_chain_handle | kcm_chain_handle, |
const uint8_t * | kcm_cert_data, | ||
size_t | kcm_cert_data_size | ||
) |
This API adds next certificate of chain to the storage.
It also validates the previous certificate (unless it is the first certificate) with the public key from kcm_cert_data. The certificates should be added in the order from lowest child, followed by the certificate that signs it and so on, all the way to the root of the chain.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. [in] kcm_cert_data pointer to certificate data in DER format. [in] kcm_cert_data_size size of certificate data buffer.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED in case that one of the certificate in the chain failed to verify its predecessor In other casese - one of the `kcm_status_e` errors.
Definition at line 557 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_close | ( | kcm_cert_chain_handle | kcm_chain_handle ) |
The API releases the context and frees allocated resources.
When operation type is creation--> if total number of added/stored certificates is not equal to number of certificates in the chain, the API will return an error.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_CLOSE_INCOMPLETE_CHAIN in case of not all certificates were saved. In this case the chain will be deleted. Otherwise one of the `kcm_status_e` errors.
Definition at line 789 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_create | ( | kcm_cert_chain_handle * | kcm_chain_handle, |
const uint8_t * | kcm_chain_name, | ||
size_t | kcm_chain_name_len, | ||
size_t | kcm_chain_len, | ||
bool | kcm_chain_is_factory | ||
) |
The API initializes chain context for write chain operation, This API should be called prior to kcm_cert_chain_add_next API.
- Parameters:
-
[out] kcm_chain_handle pointer to certificate chain handle. [in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len length of certificate name buffer. [in] kcm_chain_len number of certificates in the chain. [in] kcm_chain_is_factory True if the KCM chain is a factory item, otherwise false.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 406 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_delete | ( | const uint8_t * | kcm_chain_name, |
size_t | kcm_chain_name_len | ||
) |
The API deletes all certificates of the chain from the storage.
- Parameters:
-
[in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len length of certificate chain name.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 636 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_get_next_data | ( | kcm_cert_chain_handle | kcm_chain_handle, |
uint8_t * | kcm_cert_data, | ||
size_t | kcm_max_cert_data_size, | ||
size_t * | kcm_actual_cert_data_size | ||
) |
The API returns data of the next certificate in the chain.
To get exact size of a next certificate use kcm_cert_chain_get_next_size. In the end of get data operation, chain context points to the next certificate of current chain.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. in/out] kcm_cert_data pointer to certificate data in DER format. [in] kcm_max_cert_data_size max size of certificate data buffer. [out] kcm_actual_cert_data_size actual size of certificate data.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN in case we reached the end of the chain Otherwise one of the `kcm_status_e` errors.
Definition at line 742 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_get_next_size | ( | kcm_cert_chain_handle | kcm_chain_handle, |
size_t * | kcm_cert_data_size | ||
) |
The API returns size of the next certificate in the chain.
This API should be called prior to kcm_cert_chain_get_next_data. This operation does not increase chain's context iterator.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. [out] kcm_cert_data_size pointer size of next certificate.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN in case we reached the end of the chain Otherwise one of the `kcm_status_e` errors.
Definition at line 700 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_open | ( | kcm_cert_chain_handle * | kcm_chain_handle, |
const uint8_t * | kcm_chain_name, | ||
size_t | kcm_chain_name_len, | ||
size_t * | kcm_chain_len_out | ||
) |
The API initializes chain context for read chain operation.
This API should be called prior to kcm_cert_chain_get_next_size and kcm_cert_chain_get_next_data APIs
- Parameters:
-
[out] kcm_chain_handle pointer to certificate chain handle. [in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len size of certificate name buffer. [out] kcm_chain_len length of certificate chain.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 471 of file key_config_manager.c.
kcm_status_e kcm_certificate_verify_with_private_key | ( | const uint8_t * | kcm_cert_data, |
size_t | kcm_cert_data_size, | ||
const uint8_t * | kcm_priv_key_name, | ||
size_t | kcm_priv_key_name_len | ||
) |
Verify the device-generated certificate against given private key name from storage.
This function can be called when certificate creation is initiated by device using `kcm_generate_keys_and_csr` or `kcm_csr_generate` functions. In this case, the function checks correlation between certificate's public key and given private key generated by the device and saved in device storage.
- Parameters:
-
[in] kcm_cert_data DER certificate data buffer. [in] kcm_cert_data_size DER certificate data buffer size in bytes. [in] kcm_priv_key_name Private key name of the certificate, the function assumes that the key was generated by the device and saved in the storage. [in] kcm_priv_key_name_len Private key name length of the certificate.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_ITEM_NOT_FOUND in case private key wasn't found in the storage, otherwise one of the `kcm_status_e` errors.
Definition at line 1041 of file key_config_manager.c.
kcm_status_e kcm_csr_generate | ( | const uint8_t * | private_key_name, |
size_t | private_key_name_len, | ||
const kcm_csr_params_s * | csr_params, | ||
uint8_t * | csr_buff_out, | ||
size_t | csr_buff_max_size, | ||
size_t * | csr_buff_act_size | ||
) |
Generate a general CSR from the given private key.
- Parameters:
-
private_key_name The private key name to fetch from storage. private_key_name_len The private key name len. csr_params CSR parameters. csr_buff_out Pointer to generated CSR buffer to fill. csr_buff_max_size Size of the supplied CSR buffer. csr_buff_act_size Actual size of the filled CSR buffer.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 904 of file key_config_manager.c.
kcm_status_e kcm_factory_reset | ( | void | ) |
Reset the KCM secure storage to factory state.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 359 of file key_config_manager.c.
kcm_status_e kcm_finalize | ( | void | ) |
Finalize the KCM module.
Finalizes and frees file storage resources.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 123 of file key_config_manager.c.
kcm_status_e kcm_generate_keys_and_csr | ( | kcm_crypto_key_scheme_e | key_scheme, |
const uint8_t * | private_key_name, | ||
size_t | private_key_name_len, | ||
const uint8_t * | public_key_name, | ||
size_t | public_key_name_len, | ||
bool | kcm_item_is_factory, | ||
const kcm_csr_params_s * | csr_params, | ||
uint8_t * | csr_buff_out, | ||
size_t | csr_buff_max_size, | ||
size_t * | csr_buff_act_size_out, | ||
const kcm_security_desc_s * | kcm_params | ||
) |
Generate private and public key and CSR from the generated keys.
- Parameters:
-
key_scheme The cryptographic scheme. private_key_name The private key name to generate. private_key_name_len The private key name len. public_key_name The public key name for which a key pair is generated. This parameter is optional. If not provided, the key will be generated, but not stored. public_key_name_len Public key name length. Must be 0, if public_key_name not provided. kcm_item_is_factory True if the KCM item is a factory item, otherwise false. csr_params CSR parameters. csr_buff_out Pointer to generated CSR buffer to fill. csr_buff_max_size Size of the supplied CSR buffer. csr_buff_act_size Actual size of the filled CSR buffer. kcm_data_pkcm_params Additional kcm_params. Currently void.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 958 of file key_config_manager.c.
kcm_status_e kcm_init | ( | void | ) |
Initiate the KCM module.
Allocates and initializes file storage resources.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 97 of file key_config_manager.c.
kcm_status_e kcm_item_delete | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type | ||
) |
Delete a KCM item from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e`
- Returns:
- KCM_STATUS_SUCCESS status in case of success or one of kcm_status_e errors otherwise.
Definition at line 322 of file key_config_manager.c.
kcm_status_e kcm_item_get_data | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
uint8_t * | kcm_item_data_out, | ||
size_t | kcm_item_data_max_size, | ||
size_t * | kcm_item_data_act_size_out | ||
) |
Retrieve KCM item data from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [out] kcm_item_data_out KCM item data output buffer. Can be NULL if `kcm_item_data_size` is 0. [in] kcm_item_data_max_size The maximum size of the KCM item data output buffer in bytes. [out] kcm_item_data_act_size_out Actual KCM item data output buffer size in bytes.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 260 of file key_config_manager.c.
kcm_status_e kcm_item_get_data_size | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
size_t * | kcm_item_data_size_out | ||
) |
Retrieve the KCM item data size from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [out] kcm_item_data_size_out KCM item data size in bytes.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 215 of file key_config_manager.c.
kcm_status_e kcm_item_store | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
bool | kcm_item_is_factory, | ||
const uint8_t * | kcm_item_data, | ||
size_t | kcm_item_data_size, | ||
const kcm_security_desc_s | security_desc | ||
) |
Store the KCM item into a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [in] kcm_item_is_factory True if the KCM item is a factory item, otherwise false. [in] kcm_item_data KCM item data buffer. Can be NULL if `kcm_item_data_size` is 0. [in] kcm_item_data_size KCM item data buffer size in bytes. Can be 0 if you wish to store an empty file. [in] security_desc Security descriptor.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 148 of file key_config_manager.c.
kcm_status_e kcm_key_pair_generate_and_store | ( | const kcm_crypto_key_scheme_e | key_scheme, |
const uint8_t * | private_key_name, | ||
size_t | private_key_name_len, | ||
const uint8_t * | public_key_name, | ||
size_t | public_key_name_len, | ||
bool | kcm_item_is_factory, | ||
const kcm_security_desc_s * | kcm_params | ||
) |
Generate a key pair complying the given cryptographic scheme in DER format.
Saves private key and public key if provided.
- Parameters:
-
key_scheme The cryptographic scheme. private_key_name The private key name for which a key pair is generated. private_key_name_len Private key name length public_key_name The public key name for which a key pair is generated. This parameter is optional. If not provided, the key will be generated, but not stored. public_key_name_len Public key name length. Must be 0, if public_key_name not provided. kcm_item_is_factory True if the KCM item is a factory item, otherwise false. kcm_params Additional kcm_params. Currently void.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 832 of file key_config_manager.c.
Generated on Tue Jul 12 2022 19:12:17 by 1.7.2