Mistake on this page? Email us
key_config_manager.h File Reference

Key and configuration manager (KCM) APIs. More...

#include <stdlib.h>
#include <stdbool.h>
#include <inttypes.h>
#include "kcm_status.h"
#include "kcm_defs.h"

Go to the source code of this file.

Functions

kcm_status_e kcm_init (void)
 
kcm_status_e kcm_finalize (void)
 
kcm_status_e kcm_item_store (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, bool kcm_item_is_factory, const uint8_t *kcm_item_data, size_t kcm_item_data_size, const kcm_security_desc_s kcm_item_info)
 
kcm_status_e kcm_item_get_data_size (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, size_t *kcm_item_data_size_out)
 
kcm_status_e kcm_item_get_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t *kcm_item_data_out, size_t kcm_item_data_max_size, size_t *kcm_item_data_act_size_out)
 
kcm_status_e kcm_item_get_size_and_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t **kcm_item_data_out, size_t *kcm_item_data_size_out)
 
kcm_status_e kcm_item_delete (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type)
 
kcm_status_e kcm_cert_chain_create (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t kcm_chain_len, bool kcm_chain_is_factory)
 
kcm_status_e kcm_cert_chain_open (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t *kcm_chain_len_out)
 
kcm_status_e kcm_cert_chain_add_next (kcm_cert_chain_handle kcm_chain_handle, const uint8_t *kcm_cert_data, size_t kcm_cert_data_size)
 
kcm_status_e kcm_cert_chain_delete (const uint8_t *kcm_chain_name, size_t kcm_chain_name_len)
 
kcm_status_e kcm_cert_chain_get_next_size (kcm_cert_chain_handle kcm_chain_handle, size_t *kcm_cert_data_size)
 
kcm_status_e kcm_cert_chain_get_next_data (kcm_cert_chain_handle kcm_chain_handle, uint8_t *kcm_cert_data, size_t kcm_max_cert_data_size, size_t *kcm_actual_cert_data_size)
 
kcm_status_e kcm_cert_chain_close (kcm_cert_chain_handle kcm_chain_handle)
 
kcm_status_e kcm_factory_reset (void)
 
kcm_status_e kcm_key_pair_generate_and_store (const kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_security_desc_s kcm_item_info)
 
kcm_status_e kcm_csr_generate (const uint8_t *private_key_name, size_t private_key_name_len, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size)
 
kcm_status_e kcm_generate_keys_and_csr (kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size_out, const kcm_security_desc_s kcm_item_info)
 
kcm_status_e kcm_certificate_verify_with_private_key (const uint8_t *kcm_cert_data, size_t kcm_cert_data_size, const uint8_t *kcm_priv_key_name, size_t kcm_priv_key_name_len)
 
kcm_status_e kcm_asymmetric_sign (const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *hash_digest, size_t hash_digest_size, uint8_t *signature_data_out, size_t signature_data_max_size, size_t *signature_data_act_size_out)
 
kcm_status_e kcm_asymmetric_verify (const uint8_t *public_key_name, size_t public_key_name_len, const uint8_t *hash_digest, size_t hash_digest_size, const uint8_t *signature, size_t signature_size)
 
kcm_status_e kcm_generate_random (uint8_t *buffer, size_t buffer_size)
 
kcm_status_e kcm_ecdh_key_agreement (const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *peer_public_key, size_t peer_public_key_size, uint8_t *shared_secret, size_t shared_secret_max_size, size_t *shared_secret_act_size_out)
 

Detailed Description

Key and configuration manager (KCM) APIs.

Function Documentation

kcm_status_e kcm_asymmetric_sign ( const uint8_t *  private_key_name,
size_t  private_key_name_len,
const uint8_t *  hash_digest,
size_t  hash_digest_size,
uint8_t *  signature_data_out,
size_t  signature_data_max_size,
size_t *  signature_data_act_size_out 
)

Calculates asymmetric signature on hash digest using associated private key.

The function retrieves a key data/handle according to the private key unique name, calls an asymmetric EC SECP256R1 sign function, and returns the calculated signature.

Parameters
[in]private_key_nameThe private key name to fetch from storage.
[in]private_key_name_lenThe length of the private key name.
[in]hash_digestA pointer to a SHA256 hash digest buffer.
[in]hash_digest_sizeThe size of the hash digest buffer. Must be exactly KCM_SHA256_SIZE bytes.
[out]signature_data_outA pointer to the output buffer for the calculated signature in raw format.
[in]signature_data_max_sizeThe size of the signature buffer. Must be at least KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE bytes.
[out]signature_data_act_size_outThe actual size of the output signature buffer.
Returns
KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_STATUS_FILE_NAME_TOO_LONG if private_key_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if private_key_name contains illegal characters.
KCM_STATUS_INSUFFICIENT_BUFFER if signature_data_max_size is too small.
KCM_STATUS_ITEM_NOT_FOUND if the key is not found in the storage.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_asymmetric_verify ( const uint8_t *  public_key_name,
size_t  public_key_name_len,
const uint8_t *  hash_digest,
size_t  hash_digest_size,
const uint8_t *  signature,
size_t  signature_size 
)

Verifies the signature of a previously hashed message using the associated public key.

The function retrieves a key data/handle based on the public key unique name, calls an asymmetric EC SECP256R1 verify function, and returns the result.

Parameters
[in]public_key_nameThe public key name to fetch from storage.
[in]public_key_name_lenThe length of the public key name.
[in]hash_digestA pointer to a SHA256 hash digest buffer.
[in]hash_digest_sizeThe size of the hash digest buffer. Must be exactly KCM_SHA256_SIZE bytes.
[in]signatureThe signature buffer in raw format.
[in]signature_sizeThe size of the signature buffer. Must be at most KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE bytes.
Returns
KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_STATUS_FILE_NAME_TOO_LONG if public_key_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if public_key_name contains illegal characters.
KCM_STATUS_INSUFFICIENT_BUFFER if signature_data_max_size is too small.
KCM_STATUS_ITEM_NOT_FOUND if the key is not found in storage.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_cert_chain_add_next ( kcm_cert_chain_handle  kcm_chain_handle,
const uint8_t *  kcm_cert_data,
size_t  kcm_cert_data_size 
)

Adds the next chain of certificates to storage. Call this API after the kcm_cert_chain_create API.

The API also validates the previous certificate (unless it is the first certificate) with the public key from kcm_cert_data. The certificates must be added in order - starting with the leaf, followed by the certificate that signs it, and so on - all the way to the root of the chain.

Parameters
[in]kcm_chain_handleThe certificate chain handle.
[in]kcm_cert_dataA pointer to the certificate data in DER format.
[in]kcm_cert_data_sizeThe size of the certificate data buffer.
Returns
KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED if one of the certificates in the chain failed to verify its predecessor.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_cert_chain_close ( kcm_cert_chain_handle  kcm_chain_handle)

Releases the context and frees allocated resources. When the operation type is creation, if the total number of added or stored certificates is not equal to the number of certificates in the chain, the API returns an error and deletes the whole chain that was stored.

Parameters
[in]kcm_chain_handleThe certificate chain handle.
Returns
KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_CLOSE_INCOMPLETE_CHAIN if all certificates were not saved. In this case, the chain is deleted. Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_cert_chain_create ( kcm_cert_chain_handle *  kcm_chain_handle,
const uint8_t *  kcm_chain_name,
size_t  kcm_chain_name_len,
size_t  kcm_chain_len,
bool  kcm_chain_is_factory 
)

Initializes the chain context for the write chain operation. This API must be called before the kcm_cert_chain_add_next API.

Parameters
[out]kcm_chain_handleA pointer to the certificate chain handle.
[in]kcm_chain_nameCertificate chain name.
[in]kcm_chain_name_lenCertificate chain name length.
[in]kcm_chain_lenThe number of certificates in the chain.
[in]kcm_chain_is_factoryTrue if the KCM chain is a factory item; otherwise, false.
Returns
KCM_STATUS_SUCCESS in case of success.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_cert_chain_delete ( const uint8_t *  kcm_chain_name,
size_t  kcm_chain_name_len 
)

Deletes all certificates of the chain from storage. For an invalid chain, the API deletes all reachable certificates and returns a relevant error.

Parameters
[in]kcm_chain_nameCertificate chain name.
[in]kcm_chain_name_lenCertificate chain name length.
Returns
KCM_STATUS_SUCCESS in the event of success.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_cert_chain_get_next_data ( kcm_cert_chain_handle  kcm_chain_handle,
uint8_t *  kcm_cert_data,
size_t  kcm_max_cert_data_size,
size_t *  kcm_actual_cert_data_size 
)

Returns the data of the next certificate in the chain. Call this API after kcm_cert_chain_open. To get the exact size of the next certificate, use kcm_cert_chain_get_next_size. In the end of the get data operation, the chain context points to the next certificate of the current chain.

Parameters
[in]kcm_chain_handleThe certificate chain handle.
[out]kcm_cert_dataA pointer to the certificate data in DER format.
[in]kcm_max_cert_data_sizeThe maximum size of the certificate data buffer.
[out]kcm_actual_cert_data_sizeThe actual size of the certificate data.
Returns
KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN if the end of the chain is reached.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_cert_chain_get_next_size ( kcm_cert_chain_handle  kcm_chain_handle,
size_t *  kcm_cert_data_size 
)

Returns the size of the next certificate in the chain. You must call this API after kcm_cert_chain_open. You can call this API before kcm_cert_chain_get_next_data. This operation does not increase the chain's context iterator.

Parameters
[in]kcm_chain_handleThe certificate chain handle.
[out]kcm_cert_data_sizeThe pointer size of the next certificate.
Returns
KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN if the end of the chain is reached.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_cert_chain_open ( kcm_cert_chain_handle *  kcm_chain_handle,
const uint8_t *  kcm_chain_name,
size_t  kcm_chain_name_len,
size_t *  kcm_chain_len_out 
)

Initializes the chain context for the read chain operation. This API must be called before the kcm_cert_chain_get_next_size and kcm_cert_chain_get_next_data APIs.

Parameters
[out]kcm_chain_handleA pointer to the certificate chain handle.
[in]kcm_chain_nameCertificate chain name.
[in]kcm_chain_name_lenCertificate chain name length. Must be equal to or less than KCM_MAX_NUMBER_OF_CERTIFICATES_IN_CHAIN.
[out]kcm_chain_lenThe length of the certificate chain.
Returns
KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_ITEM_NOT_FOUND if the first certificate of the chain is missing.
If one of the next certificates is missing, the function returns:

If there is an attempt to read the missing certificate using the opened chain handle, through the kcm_cert_chain_get_next_size or kcm_cert_chain_get_next_data APIs, the called API returns a KCM_STATUS_ITEM_NOT_FOUND error.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_certificate_verify_with_private_key ( const uint8_t *  kcm_cert_data,
size_t  kcm_cert_data_size,
const uint8_t *  kcm_priv_key_name,
size_t  kcm_priv_key_name_len 
)

Verifies the device-generated certificate against the given private key name from storage.
You can call this function when the device initiates certificate creation using the kcm_generate_keys_and_csr or kcm_csr_generate functions.
In this case, the function checks the correlation between the certificate's public key and the given private key generated by the device and saved in device storage.

We recommend verifying the certificate against the private key before injecting it to the device.

Parameters
[in]kcm_cert_dataThe DER certificate data buffer.
[in]kcm_cert_data_sizeThe size of the DER certificate data buffer in bytes.
[in]kcm_priv_key_nameThe private key name of the certificate. The function assumes that the key was generated by the device and saved in the storage.
[in]kcm_priv_key_name_lenThe length of the private key name of the certificate.
Returns
KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_ITEM_NOT_FOUND if the private key was not found in storage.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_csr_generate ( const uint8_t *  private_key_name,
size_t  private_key_name_len,
const kcm_csr_params_s csr_params,
uint8_t *  csr_buff_out,
size_t  csr_buff_max_size,
size_t *  csr_buff_act_size 
)

Generates a general CSR from the given (previously stored) private key.

Parameters
[in]private_key_nameThe private key name to fetch from storage.
[in]private_key_name_lenThe length of the private key name.
[in]csr_paramsCSR parameters.
[out]csr_buff_outA pointer to the generated CSR buffer to fill.
To calculate the approximate size of the CSR buffer size, take the sum of the public key size, signature size, kcm_csr_params_s size, and add 100 extra bytes for ASN.1 encoding.
[in]csr_buff_max_sizeThe size of the supplied CSR buffer.
[out]csr_buff_act_sizeThe actual size of the filled CSR buffer.
Returns
KCM_STATUS_SUCCESS in the event of success.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_factory_reset ( void  )

Resets the KCM secure storage to factory state.

Returns
KCM_STATUS_SUCCESS in success.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_finalize ( void  )

Finalizes the KCM module. Finalizes and frees file storage resources.

Returns
KCM_STATUS_SUCCESS in case of success. One of the kcm_status_e errors otherwise.
kcm_status_e kcm_generate_keys_and_csr ( kcm_crypto_key_scheme_e  key_scheme,
const uint8_t *  private_key_name,
size_t  private_key_name_len,
const uint8_t *  public_key_name,
size_t  public_key_name_len,
bool  kcm_item_is_factory,
const kcm_csr_params_s csr_params,
uint8_t *  csr_buff_out,
size_t  csr_buff_max_size,
size_t *  csr_buff_act_size_out,
const kcm_security_desc_s  kcm_item_info 
)

Generates a key pair. Stores the private key and, optionally, public key. Then generates a CSR from the private key.

This API combines the functionality of the kcm_key_pair_generate_and_store and kcm_csr_generate APIs.

Parameters
[in]key_schemeThe cryptographic scheme.
[in]private_key_nameThe private key name to generate.
[in]private_key_name_lenThe length of the private key name.
[in]public_key_nameThe public key name for which a key pair is generated. This parameter is optional. If not provided, the key is generated, but not stored.
[in]public_key_name_lenThe length of the public key name. Must be 0, if public_key_name is not provided.
[in]kcm_item_is_factoryTrue if the KCM item is a factory item; otherwise, it is false.
[in]csr_paramsCSR parameters.
[out]csr_buff_outA pointer to the generated CSR buffer to fill.
[in]csr_buff_max_sizeThe size of the supplied CSR buffer.
[out]csr_buff_act_sizeThe actual size of the filled CSR buffer.
[in]kcm_item_infoAdditional item data. For a non-PSA build, this parameter must be set to NULL. If you are using a secure element: (1) If NULL, the API generates and stores the private and public keys in the default location, which is set pre-build. (2) If set to kcm_item_extra_info_s, the API generates and stores the private and public keys in the selected location.
Returns
KCM_STATUS_SUCCESS in case of success.
Otherwise, one of the kcm_status_e errors.
kcm_status_e kcm_generate_random ( uint8_t *  buffer,
size_t  buffer_size 
)

Generates a random number into a given buffer of a given size in bytes.

The function returns an error if entropy is expected and the function is called before entropy was injected.

Parameters
[out]bufferA pointer to a buffer that holds the generated number.
[in]buffer_sizeThe size of the buffer and the size of the required random number to generate.
Returns
KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_CRYPTO_STATUS_ENTROPY_MISSING if entropy is expected and wasn't injected.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_init ( void  )

Initiates the KCM module. Allocates and initializes file storage resources.

Returns
KCM_STATUS_SUCCESS in case of success.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_item_delete ( const uint8_t *  kcm_item_name,
size_t  kcm_item_name_len,
kcm_item_type_e  kcm_item_type 
)

Deletes a KCM item from a secure storage.

Supports the following item types:

  • Private/public key
  • Certificates
  • Configuration parameters

    Parameters
    [in]kcm_item_nameKCM item name.
    [in]kcm_item_name_lenKCM item name length.
    [in]kcm_item_typeKCM item type as defined in kcm_item_type_e.
    Returns
    KCM_STATUS_SUCCESS status in case of success. One of the kcm_status_e errors otherwise.
kcm_status_e kcm_item_get_data ( const uint8_t *  kcm_item_name,
size_t  kcm_item_name_len,
kcm_item_type_e  kcm_item_type,
uint8_t *  kcm_item_data_out,
size_t  kcm_item_data_max_size,
size_t *  kcm_item_data_act_size_out 
)

Retrieves KCM item data from secure storage.

Supports the following item types:

  • Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
  • Certificates
  • Configuration parameters

    Parameters
    [in]kcm_item_nameKCM item name.
    [in]kcm_item_name_lenKCM item name length.
    [in]kcm_item_typeKCM item type as defined in kcm_item_type_e.
    [out]kcm_item_data_outKCM item data output buffer. Can be NULL if kcm_item_data_size is 0. Use the kcm_item_get_data_size API to get the required buffer size for allocation.
    [in]kcm_item_data_max_sizeThe maximum size of the KCM item data output buffer in bytes.
    [out]kcm_item_data_act_size_outActual KCM item data output buffer size in bytes.
    Returns
    KCM_STATUS_SUCCESS in case of success.
    KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in secure storage. One of the kcm_status_e errors otherwise.
kcm_status_e kcm_item_get_data_size ( const uint8_t *  kcm_item_name,
size_t  kcm_item_name_len,
kcm_item_type_e  kcm_item_type,
size_t *  kcm_item_data_size_out 
)

Retrieves the KCM item data size from secure storage.

Supports the following item types:

  • Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
  • Certificates
  • Configuration parameters

    Parameters
    [in]kcm_item_nameKCM item name.
    [in]kcm_item_name_lenKCM item name length.
    [in]kcm_item_typeKCM item type as defined in kcm_item_type_e.
    [out]kcm_item_data_size_outKCM item data size in bytes.
    Returns
    KCM_STATUS_SUCCESS in case of success.
    KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in the secure storage.
    One of the kcm_status_e errors otherwise.
kcm_status_e kcm_item_get_size_and_data ( const uint8_t *  kcm_item_name,
size_t  kcm_item_name_len,
kcm_item_type_e  kcm_item_type,
uint8_t **  kcm_item_data_out,
size_t *  kcm_item_data_size_out 
)

Retrieves KCM item data and its size from secure storage.

Combines the kcm_item_get_data_size and kcm_item_get_data APIs.

The buffer for the data is allocated internally and the caller is responsible to free it. If a kcm_status_e error returned, there is no need to free the buffer.

Supports the following item types:

  • Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
  • Certificates
  • Configuration parameters

    Parameters
    [in]kcm_item_nameKCM item name.
    [in]kcm_item_name_lenKCM item name length.
    [in]kcm_item_typeKCM item type as defined in kcm_item_type_e.
    [out]kcm_item_data_outKCM item data output buffer. The buffer allocated internally.
    [out]kcm_item_data_size_outKCM item data output buffer size in bytes.
    Returns
    KCM_STATUS_SUCCESS in case of success.
    KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in secure storage.
    One of the kcm_status_e errors otherwise.
kcm_status_e kcm_item_store ( const uint8_t *  kcm_item_name,
size_t  kcm_item_name_len,
kcm_item_type_e  kcm_item_type,
bool  kcm_item_is_factory,
const uint8_t *  kcm_item_data,
size_t  kcm_item_data_size,
const kcm_security_desc_s  kcm_item_info 
)

Stores a KCM item in secure storage.

Supports the following item types:

  • Private/public key
  • Certificates
  • Configuration parameters

Warning: Powering down a device, a power failure, or even a drop in power that occurs when you store an item with kcm_item_is_factory set to true can cause corruption of the saved factory item. The kcm_factory_reset API will fail if a factory item is corrupted. Do not power down a device while storing KCM factory items.

When MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is on, the KCM_PRIVATE_KEY_ITEM and KCM_PUBLIC_KEY_ITEM types are stored in PSA storage.

Item name restrictions (the kcm_item_name argument): kcm_item_name must only include the following characters: a-z, A-Z, 0-9, _, -, ..

Parameters
[in]kcm_item_nameKCM item name. See comment above.
[in]kcm_item_name_lenKCM item name length. kcm_item_name_len must be at most KCM_MAX_FILENAME_SIZE bytes.
[in]kcm_item_typeKCM item type as defined in kcm_item_type_e.
[in]kcm_item_is_factoryTrue if the KCM item is a factory item; otherwise, false.
[in]kcm_item_dataKCM item data buffer. Can be NULL if kcm_item_data_size is 0.
[in]kcm_item_data_sizeKCM item data buffer size in bytes. Can be 0 if you want to store an empty file.
[in]kcm_item_infoSecurity descriptor, caller must set this to NULL.
Returns
KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_FILE_EXIST when trying to store an item that already exists.
KCM_STATUS_FILE_NAME_TOO_LONG if kcm_item_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if kcm_item_name contains illegal characters.
One of the kcm_status_e errors otherwise.
kcm_status_e kcm_key_pair_generate_and_store ( const kcm_crypto_key_scheme_e  key_scheme,
const uint8_t *  private_key_name,
size_t  private_key_name_len,
const uint8_t *  public_key_name,
size_t  public_key_name_len,
bool  kcm_item_is_factory,
const kcm_security_desc_s  kcm_item_info 
)

Generates a key pair that complies with the given cryptographic scheme in DER format. Saves the private and public key, if provided.

Parameters
[in]key_schemeThe cryptographic scheme. Currently, the API only supports the NIST (National Institute of Standards and Technology) P-256 elliptic curve cryptography scheme (KCM_SCHEME_EC_SECP256R1).
[in]private_key_nameThe private key name for which a key pair is generated.
[in]private_key_name_lenThe length of the private key name.
[in]public_key_nameThe public key name for which a key pair is generated. This parameter is optional. If not provided, the key is generated, but not stored.
[in]public_key_name_lenThe length of the public key name. Must be 0, if public_key_name is not provided.
[in]kcm_item_is_factoryTrue if the KCM item is a factory item; otherwise, it is false.
[in]kcm_item_infoAdditional item data. For a non-PSA build, this parameter must be set to NULL. If you are using a secure element: (1) If NULL, the private and public keys are generated and stored in the default location, which is set pre-build. (2) If set to kcm_item_extra_info_s, the private and public keys are generated and stored in the selected location.
Returns
KCM_STATUS_SUCCESS in the event of success.
Otherwise, one of the kcm_status_e errors.