Mayank Gupta / Mbed OS pelion-example-frdm

Important changes to repositories hosted on mbed.com

Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.

To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.

It is also possible to export all your personal repositories from the account settings page.

Dependencies:   FXAS21002 FXOS8700Q

Embed: (wiki syntax)

« Back to documentation index

Show/hide line numbers kcm_defs.h Source File

kcm_defs.h

Go to the documentation of this file.
00001 // ----------------------------------------------------------------------------
00002 // Copyright 2016-2017 ARM Ltd.
00003 //
00004 // Licensed under the Apache License, Version 2.0 (the "License");
00005 // you may not use this file except in compliance with the License.
00006 // You may obtain a copy of the License at
00007 //
00008 //     http://www.apache.org/licenses/LICENSE-2.0
00009 //
00010 // Unless required by applicable law or agreed to in writing, software
00011 // distributed under the License is distributed on an "AS IS" BASIS,
00012 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
00013 // See the License for the specific language governing permissions and
00014 // limitations under the License.
00015 // ----------------------------------------------------------------------------
00016 
00017 #ifndef __KCM_DEFS_H__
00018 #define __KCM_DEFS_H__
00019 
00020 #ifdef __cplusplus
00021 extern "C" {
00022 #endif
00023 
00024     /**
00025     * @file kcm_defs.h
00026     *  \brief Keys and configuration manager (KCM) definitions.
00027     */
00028 
00029     /**
00030     * KCM item types
00031     */
00032     typedef enum {
00033         KCM_PRIVATE_KEY_ITEM,          //!< KCM private key item type. KCM Supports ECC keys with curves defined in palGroupIndex_t(pal_Crypto.h)
00034         KCM_PUBLIC_KEY_ITEM,           //!< KCM public key item type.  KCM Supports ECC keys with curves defined in palGroupIndex_t(pal_Crypto.h)
00035         KCM_SYMMETRIC_KEY_ITEM,        //!< KCM symmetric key item type.
00036         KCM_CERTIFICATE_ITEM,          //!< KCM certificate item type. Supported x509 certificates in der format.
00037         KCM_CONFIG_ITEM,               //!< KCM configuration parameter item type.
00038         KCM_LAST_ITEM                  //!< KCM not defined item type.
00039     } kcm_item_type_e;
00040 
00041 
00042 
00043     /** supported message digests */
00044     typedef enum {
00045         KCM_MD_NONE = 0x0,
00046         KCM_MD_SHA256 = 0x1               //!< KCM SHA256 message digest.
00047     } kcm_md_type_e;
00048 
00049 
00050     /** X.509 v3 Key Usage Extension bit-mask options */    
00051     typedef enum {
00052         KCM_CSR_KU_NONE = 0x0,
00053         KCM_CSR_KU_DIGITAL_SIGNATURE = 0x1, //!< Digital signature key usage extension bit.
00054         KCM_CSR_KU_NON_REPUDIATION = 0x2,   //!< Non repudiation key usage extension bit.
00055         KCM_CSR_KU_KEY_CERT_SIGN = 0x4,     //!< Certificate signing key usage extension bit.
00056         KCM_CSR_KU_KEY_AGREEMENT = 0x8      //!< Key agreement key usage extension bit.
00057     } kcm_csr_key_usage_e;
00058 
00059 
00060     /** X.509 v3 Extended Key Usage Extension bit-mask options */
00061     typedef enum {
00062         KCM_CSR_EXT_KU_NONE =             0,
00063         KCM_CSR_EXT_KU_ANY =              (1 << 0),
00064         KCM_CSR_EXT_KU_SERVER_AUTH =      (1 << 1), //!< SSL / TLS Web Server Authentication.
00065         KCM_CSR_EXT_KU_CLIENT_AUTH =      (1 << 2), //!< SSL / TLS Web Client Authentication.
00066         KCM_CSR_EXT_KU_CODE_SIGNING =     (1 << 3), //!< Code signing.
00067         KCM_CSR_EXT_KU_EMAIL_PROTECTION = (1 << 4), //!< E - mail Protection(S / MIME).
00068         KCM_CSR_EXT_KU_TIME_STAMPING =    (1 << 8), //!< Trusted Time stamping.
00069         KCM_CSR_EXT_KU_OCSP_SIGNING =     (1 << 9)  //!< OCSP Signing.
00070     } kcm_csr_ext_key_usage_e;
00071 
00072     /**
00073     * Security descriptor - contains different ACLs such as remote ACL, local ACL and audit.
00074     * Currently defined to `void*.`
00075     * May be changed in the future.
00076     */
00077     typedef void* kcm_security_desc_s;
00078 
00079 
00080     /** Cryptographic scheme types
00081     *   Currently only ECC-256 curve is supported.
00082     *   More schemes can be added later on.
00083     */
00084     typedef enum {
00085         KCM_SCHEME_NONE,
00086         KCM_SCHEME_EC_SECP256R1,       //!< KCM ECC cryptographic scheme, 256-bits NIST curve.
00087     }kcm_crypto_key_scheme_e;
00088 
00089     /**
00090     * Maximum KCM file name length.
00091     * If you are using Mbed OS 5.11 or higher with the built-in secure storage (KVStore), or your own secure storage (ported to the Pelion client), the KCM file name must be less than or equal to 100 bytes.
00092     * If you are using the Pelion client secure storage (SOTP and ESFS), the KCM file names must be less than or equal to 1012 bytes. Note that this feature will be deprecated in the future and the KCM file name will have to be less than or equal to 100 bytes.
00093     */
00094 #ifndef  MBED_CONF_MBED_CLOUD_CLIENT_EXTERNAL_SST_SUPPORT
00095     #define KCM_MAX_FILENAME_SIZE  1012
00096 #else
00097     #define KCM_MAX_FILENAME_SIZE  100
00098 #endif
00099     /**
00100     * Maximal length of the certificate chain in the device
00101     */
00102     #define KCM_MAX_NUMBER_OF_CERTITICATES_IN_CHAIN 5
00103 
00104     /*
00105     * Certificate chain handle
00106     */
00107     typedef void* kcm_cert_chain_handle;
00108 
00109     /** This struct contains CSR parameters for future generated CSR
00110     *
00111     *      @param subject String that contains the subject (distinguished name) of the certificate in predefined format.
00112     *                     The format should be as the following example: "C=US,ST=California,L=San Francisco,O=Wikimedia Foundation,Inc.,CN=*.wikipedia.org".
00113     *      @param md_type Message digest selected from `::kcm_md_type_e`.
00114     *      @param key_usage Key usage extension bit-mask selected from `::kcm_csr_key_usage_e`. If the requested CSR does not contain any key usage extension, it needs to be set to `::KCM_CSR_KU_NONE`.
00115     *      @param ext_key_usage Extended key usage extensions bit-mask selected from `::kcm_csr_ext_key_usage_e`. If the requested CSR does not contain any extended key usage extension, it needs to be set to `::KCM_CSR_EXT_KU_NONE`.
00116     */
00117     typedef struct kcm_csr_params_ {
00118         char *subject;
00119         kcm_md_type_e md_type;
00120         uint32_t key_usage;
00121         uint32_t ext_key_usage;
00122     } kcm_csr_params_s;
00123 
00124 
00125 #ifdef __cplusplus
00126 }
00127 #endif
00128 
00129 #endif //__KCM_DEFS_H__