Simple interface for Mbed Cloud Client
key_config_manager.h File Reference
Keys and Configuration Manager (KCM) APIs. More...
Go to the source code of this file.
Functions | |
kcm_status_e | kcm_init (void) |
Initiate the KCM module. | |
kcm_status_e | kcm_finalize (void) |
Finalize the KCM module. | |
kcm_status_e | kcm_item_store (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, bool kcm_item_is_factory, const uint8_t *kcm_item_data, size_t kcm_item_data_size, const kcm_security_desc_s security_desc) |
Store the KCM item into a secure storage. | |
kcm_status_e | kcm_item_get_data_size (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, size_t *kcm_item_data_size_out) |
Retrieve the KCM item data size from a secure storage. | |
kcm_status_e | kcm_item_get_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t *kcm_item_data_out, size_t kcm_item_data_max_size, size_t *kcm_item_data_act_size_out) |
Retrieve KCM item data from a secure storage. | |
kcm_status_e | kcm_item_delete (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type) |
Delete a KCM item from a secure storage. | |
kcm_status_e | kcm_cert_chain_create (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t kcm_chain_len, bool kcm_chain_is_factory) |
The API initializes chain context for write chain operation, This API should be called prior to kcm_cert_chain_add_certificate API. | |
kcm_status_e | kcm_cert_chain_open (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t *kcm_chain_len_out) |
The API initializes chain context for read chain operation. | |
kcm_status_e | kcm_cert_chain_add_next (kcm_cert_chain_handle kcm_chain_handle, const uint8_t *kcm_cert_data, size_t kcm_cert_data_size) |
This API adds next certificate of chain to the storage. | |
kcm_status_e | kcm_cert_chain_delete (const uint8_t *kcm_chain_name, size_t kcm_chain_name_len) |
The API deletes all certificates of the chain from the storage. | |
kcm_status_e | kcm_cert_chain_get_next_size (kcm_cert_chain_handle kcm_chain_handle, size_t *kcm_cert_data_size) |
The API returns size of the next certificate in the chain. | |
kcm_status_e | kcm_cert_chain_get_next_data (kcm_cert_chain_handle kcm_chain_handle, uint8_t *kcm_cert_data, size_t kcm_max_cert_data_size, size_t *kcm_actual_cert_data_size) |
The API returns data of the next certificate in the chain. | |
kcm_status_e | kcm_cert_chain_close (kcm_cert_chain_handle kcm_chain_handle) |
The API releases the context and frees allocated resources. | |
kcm_status_e | kcm_factory_reset (void) |
Reset the KCM secure storage to factory state. | |
kcm_status_e | kcm_key_pair_generate_and_store (kcm_crypto_key_scheme_s key_scheme, const uint8_t *key_name, size_t key_name_len, uint8_t *pub_key_der_out, size_t pub_key_der_size, const kcm_security_desc_s priv_key_sec_desc, const kcm_security_desc_s pub_key_sec_desc) |
Generate a key pair complying the given crypto scheme DER. | |
kcm_status_e | kcm_csr_generate (const uint8_t *key_name, size_t key_name_len, uint8_t **csr_out, size_t *csr_size_out) |
Generate a general CSR from the given private and public keys. |
Detailed Description
Keys and Configuration Manager (KCM) APIs.
Definition in file key_config_manager.h.
Function Documentation
kcm_status_e kcm_cert_chain_add_next | ( | kcm_cert_chain_handle | kcm_chain_handle, |
const uint8_t * | kcm_cert_data, | ||
size_t | kcm_cert_data_size | ||
) |
This API adds next certificate of chain to the storage.
The certificates should be added in the order from root of chain, followed by the certificates it signs and so on.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. [in] kcm_cert_data pointer to certificate data in DER format. [in] kcm_cert_data_size size of certificate data buffer.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 549 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_close | ( | kcm_cert_chain_handle | kcm_chain_handle ) |
The API releases the context and frees allocated resources.
When operation type is creation--> if total number of added/stored certificates is not equal to number of certificates in the chain, the API will return an error.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle.
- Returns:
- KCM_STATUS_SUCCESS in case of success. KCM_STATUS_CLOSE_INCOMPLETE_CHAIN in case of not all certificates were saved. In this case the chain will be deleted. Otherwise one of the `kcm_status_e` errors.
Definition at line 760 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_create | ( | kcm_cert_chain_handle * | kcm_chain_handle, |
const uint8_t * | kcm_chain_name, | ||
size_t | kcm_chain_name_len, | ||
size_t | kcm_chain_len, | ||
bool | kcm_chain_is_factory | ||
) |
The API initializes chain context for write chain operation, This API should be called prior to kcm_cert_chain_add_certificate API.
- Parameters:
-
[out] kcm_chain_handle pointer to certificate chain handle. [in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len length of certificate name buffer. [in] kcm_chain_len number of certificates in the chain. [in] kcm_chain_is_factory True if the KCM chain is a factory item, otherwise false.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 406 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_delete | ( | const uint8_t * | kcm_chain_name, |
size_t | kcm_chain_name_len | ||
) |
The API deletes all certificates of the chain from the storage.
- Parameters:
-
[in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len length of certificate chain name.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 607 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_get_next_data | ( | kcm_cert_chain_handle | kcm_chain_handle, |
uint8_t * | kcm_cert_data, | ||
size_t | kcm_max_cert_data_size, | ||
size_t * | kcm_actual_cert_data_size | ||
) |
The API returns data of the next certificate in the chain.
To get exact size of a next certificate use kcm_cert_chain_get_next_certificate_size. In the end of get data operation, chain context points to the next certificate of current chain.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. in/out] kcm_cert_data pointer to certificate data in DER format. [in] kcm_max_cert_data_size max size of certificate data buffer. [out] kcm_actual_cert_data_size actual size of certificate data.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 713 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_get_next_size | ( | kcm_cert_chain_handle | kcm_chain_handle, |
size_t * | kcm_cert_data_size | ||
) |
The API returns size of the next certificate in the chain.
This API should be called prior to kcm_cert_chain_get_next_data. This operation does not increase chain's context iterator.
- Parameters:
-
[in] kcm_chain_handle certificate chain handle. [out] kcm_cert_data_size pointer size of next certificate.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 671 of file key_config_manager.c.
kcm_status_e kcm_cert_chain_open | ( | kcm_cert_chain_handle * | kcm_chain_handle, |
const uint8_t * | kcm_chain_name, | ||
size_t | kcm_chain_name_len, | ||
size_t * | kcm_chain_len_out | ||
) |
The API initializes chain context for read chain operation.
This API should be called prior to kcm_cert_chain_get_next_certificate_size and kcm_cert_chain_get_next_certificate_data APIs
- Parameters:
-
[out] kcm_chain_handle pointer to certificate chain handle. [in] kcm_chain_name pointer to certificate chain name. [in] kcm_chain_name_len size of certificate name buffer. [out] kcm_chain_len length of certificate chain.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 471 of file key_config_manager.c.
kcm_status_e kcm_csr_generate | ( | const uint8_t * | key_name, |
size_t | key_name_len, | ||
uint8_t ** | csr_out, | ||
size_t * | csr_size_out | ||
) |
Generate a general CSR from the given private and public keys.
Further design is needed
- Parameters:
-
key_name The key name to fetch from storage(public/private). key_name_len The key name len. csr_out Pointer to generated E2E CSR. csr_size_out Size of the E2E CSR.
- Returns:
- Operation status.
kcm_status_e kcm_factory_reset | ( | void | ) |
Reset the KCM secure storage to factory state.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 359 of file key_config_manager.c.
kcm_status_e kcm_finalize | ( | void | ) |
Finalize the KCM module.
Finalizes and frees file storage resources.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 122 of file key_config_manager.c.
kcm_status_e kcm_init | ( | void | ) |
Initiate the KCM module.
Allocates and initializes file storage resources.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 96 of file key_config_manager.c.
kcm_status_e kcm_item_delete | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type | ||
) |
Delete a KCM item from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e`
- Returns:
- KCM_STATUS_SUCCESS status in case of success or one of kcm_status_e errors otherwise.
Definition at line 322 of file key_config_manager.c.
kcm_status_e kcm_item_get_data | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
uint8_t * | kcm_item_data_out, | ||
size_t | kcm_item_data_max_size, | ||
size_t * | kcm_item_data_act_size_out | ||
) |
Retrieve KCM item data from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [out] kcm_item_data_out KCM item data output buffer. Can be NULL if `kcm_item_data_size` is 0. [in] kcm_item_data_max_size The maximum size of the KCM item data output buffer in bytes. [out] kcm_item_data_act_size_out Actual KCM item data output buffer size in bytes.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 260 of file key_config_manager.c.
kcm_status_e kcm_item_get_data_size | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
size_t * | kcm_item_data_size_out | ||
) |
Retrieve the KCM item data size from a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [out] kcm_item_data_size_out KCM item data size in bytes.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 215 of file key_config_manager.c.
kcm_status_e kcm_item_store | ( | const uint8_t * | kcm_item_name, |
size_t | kcm_item_name_len, | ||
kcm_item_type_e | kcm_item_type, | ||
bool | kcm_item_is_factory, | ||
const uint8_t * | kcm_item_data, | ||
size_t | kcm_item_data_size, | ||
const kcm_security_desc_s | security_desc | ||
) |
Store the KCM item into a secure storage.
- Parameters:
-
[in] kcm_item_name KCM item name. [in] kcm_item_name_len KCM item name length. [in] kcm_item_type KCM item type as defined in `kcm_item_type_e` [in] kcm_item_is_factory True if the KCM item is a factory item, otherwise false. [in] kcm_item_data KCM item data buffer. Can be NULL if `kcm_item_data_size` is 0. [in] kcm_item_data_size KCM item data buffer size in bytes. Can be 0 if you wish to store an empty file. [in] security_desc Security descriptor.
- Returns:
- KCM_STATUS_SUCCESS in case of success or one of the `kcm_status_e` errors otherwise.
Definition at line 147 of file key_config_manager.c.
kcm_status_e kcm_key_pair_generate_and_store | ( | kcm_crypto_key_scheme_s | key_scheme, |
const uint8_t * | key_name, | ||
size_t | key_name_len, | ||
uint8_t * | pub_key_der_out, | ||
size_t | pub_key_der_size, | ||
const kcm_security_desc_s | priv_key_sec_desc, | ||
const kcm_security_desc_s | pub_key_sec_desc | ||
) |
Generate a key pair complying the given crypto scheme DER.
Saves the private key and exposes the public key.
- Parameters:
-
key_scheme The crypto scheme. key_name The key name for which a key pair is generated. key_name_len Key name length. pub_key_der_out Public key to generate in DER format. pub_key_der_size Public key size in bytes. priv_key_sec_desc Private key security descriptor. pub_key_sec_desc Public key security descriptor.
- Returns:
- Operation status.
Generated on Tue Jul 12 2022 19:01:38 by 1.7.2