key_config_manager.h File Reference

Key and configuration manager (KCM) APIs. More...

#include <stdlib.h>
#include <stdbool.h>
#include <inttypes.h>
#include "kcm_status.h"
#include "kcm_defs.h"

Go to the source code of this file.

Functions
kcm_status_e	kcm_init (void)
kcm_status_e	kcm_finalize (void)
kcm_status_e	kcm_item_store (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, bool kcm_item_is_factory, const uint8_t *kcm_item_data, size_t kcm_item_data_size, const kcm_security_desc_s kcm_item_info)
kcm_status_e	kcm_item_get_data_size (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, size_t *kcm_item_data_size_out)
kcm_status_e	kcm_item_get_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t *kcm_item_data_out, size_t kcm_item_data_max_size, size_t *kcm_item_data_act_size_out)
kcm_status_e	kcm_item_get_size_and_data (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type, uint8_t **kcm_item_data_out, size_t *kcm_item_data_size_out)
kcm_status_e	kcm_item_delete (const uint8_t *kcm_item_name, size_t kcm_item_name_len, kcm_item_type_e kcm_item_type)
kcm_status_e	kcm_cert_chain_create (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t kcm_chain_len, bool kcm_chain_is_factory)
kcm_status_e	kcm_cert_chain_open (kcm_cert_chain_handle *kcm_chain_handle, const uint8_t *kcm_chain_name, size_t kcm_chain_name_len, size_t *kcm_chain_len_out)
kcm_status_e	kcm_cert_chain_add_next (kcm_cert_chain_handle kcm_chain_handle, const uint8_t *kcm_cert_data, size_t kcm_cert_data_size)
kcm_status_e	kcm_cert_chain_delete (const uint8_t *kcm_chain_name, size_t kcm_chain_name_len)
kcm_status_e	kcm_cert_chain_get_next_size (kcm_cert_chain_handle kcm_chain_handle, size_t *kcm_cert_data_size)
kcm_status_e	kcm_cert_chain_get_next_data (kcm_cert_chain_handle kcm_chain_handle, uint8_t *kcm_cert_data, size_t kcm_max_cert_data_size, size_t *kcm_actual_cert_data_size)
kcm_status_e	kcm_cert_chain_close (kcm_cert_chain_handle kcm_chain_handle)
kcm_status_e	kcm_factory_reset (void)
kcm_status_e	kcm_key_pair_generate_and_store (const kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_security_desc_s kcm_item_info)
kcm_status_e	kcm_csr_generate (const uint8_t *private_key_name, size_t private_key_name_len, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size)
kcm_status_e	kcm_generate_keys_and_csr (kcm_crypto_key_scheme_e key_scheme, const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *public_key_name, size_t public_key_name_len, bool kcm_item_is_factory, const kcm_csr_params_s *csr_params, uint8_t *csr_buff_out, size_t csr_buff_max_size, size_t *csr_buff_act_size_out, const kcm_security_desc_s kcm_item_info)
kcm_status_e	kcm_certificate_verify_with_private_key (const uint8_t *kcm_cert_data, size_t kcm_cert_data_size, const uint8_t *kcm_priv_key_name, size_t kcm_priv_key_name_len)
kcm_status_e	kcm_asymmetric_sign (const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *hash_digest, size_t hash_digest_size, uint8_t *signature_data_out, size_t signature_data_max_size, size_t *signature_data_act_size_out)
kcm_status_e	kcm_asymmetric_verify (const uint8_t *public_key_name, size_t public_key_name_len, const uint8_t *hash_digest, size_t hash_digest_size, const uint8_t *signature, size_t signature_size)
kcm_status_e	kcm_generate_random (uint8_t *buffer, size_t buffer_size)
kcm_status_e	kcm_ecdh_key_agreement (const uint8_t *private_key_name, size_t private_key_name_len, const uint8_t *peer_public_key, size_t peer_public_key_size, uint8_t *shared_secret, size_t shared_secret_max_size, size_t *shared_secret_act_size_out)

Detailed Description

Key and configuration manager (KCM) APIs.

Function Documentation

kcm_status_e kcm_asymmetric_sign	(	const uint8_t *	private_key_name,
		size_t	private_key_name_len,
		const uint8_t *	hash_digest,
		size_t	hash_digest_size,
		uint8_t *	signature_data_out,
		size_t	signature_data_max_size,
		size_t *	signature_data_act_size_out
	)

Calculates asymmetric signature on hash digest using associated private key.

The function retrieves a key data/handle according to the private key unique name, calls an asymmetric EC SECP256R1 sign function, and returns the calculated signature.

Parameters

[in]	private_key_name	The private key name to fetch from storage.
[in]	private_key_name_len	The length of the private key name.
[in]	hash_digest	A pointer to a SHA256 hash digest buffer.
[in]	hash_digest_size	The size of the hash digest buffer. Must be exactly KCM_SHA256_SIZE bytes.
[out]	signature_data_out	A pointer to the output buffer for the calculated signature in raw format.
[in]	signature_data_max_size	The size of the signature buffer. Must be at least KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE bytes.
[out]	signature_data_act_size_out	The actual size of the output signature buffer.

Returns

KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_STATUS_FILE_NAME_TOO_LONG if private_key_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if private_key_name contains illegal characters.
KCM_STATUS_INSUFFICIENT_BUFFER if signature_data_max_size is too small.
KCM_STATUS_ITEM_NOT_FOUND if the key is not found in the storage.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_asymmetric_verify	(	const uint8_t *	public_key_name,
		size_t	public_key_name_len,
		const uint8_t *	hash_digest,
		size_t	hash_digest_size,
		const uint8_t *	signature,
		size_t	signature_size
	)

Verifies the signature of a previously hashed message using the associated public key.

The function retrieves a key data/handle based on the public key unique name, calls an asymmetric EC SECP256R1 verify function, and returns the result.

Parameters

[in]	public_key_name	The public key name to fetch from storage.
[in]	public_key_name_len	The length of the public key name.
[in]	hash_digest	A pointer to a SHA256 hash digest buffer.
[in]	hash_digest_size	The size of the hash digest buffer. Must be exactly KCM_SHA256_SIZE bytes.
[in]	signature	The signature buffer in raw format.
[in]	signature_size	The size of the signature buffer. Must be at most KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE bytes.

Returns

KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_STATUS_FILE_NAME_TOO_LONG if public_key_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if public_key_name contains illegal characters.
KCM_STATUS_INSUFFICIENT_BUFFER if signature_data_max_size is too small.
KCM_STATUS_ITEM_NOT_FOUND if the key is not found in storage.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_cert_chain_add_next	(	kcm_cert_chain_handle	kcm_chain_handle,
		const uint8_t *	kcm_cert_data,
		size_t	kcm_cert_data_size
	)

Adds the next chain of certificates to storage. Call this API after the kcm_cert_chain_create API.

The API also validates the previous certificate (unless it is the first certificate) with the public key from kcm_cert_data. The certificates must be added in order - starting with the leaf, followed by the certificate that signs it, and so on - all the way to the root of the chain.

Parameters

[in]	kcm_chain_handle	The certificate chain handle.
[in]	kcm_cert_data	A pointer to the certificate data in DER format.
[in]	kcm_cert_data_size	The size of the certificate data buffer.

Returns

KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_CERTIFICATE_CHAIN_VERIFICATION_FAILED if one of the certificates in the chain failed to verify its predecessor.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_cert_chain_close

(

kcm_cert_chain_handle

kcm_chain_handle

)

Releases the context and frees allocated resources. When the operation type is creation, if the total number of added or stored certificates is not equal to the number of certificates in the chain, the API returns an error and deletes the whole chain that was stored.

Parameters

[in]

kcm_chain_handle

The certificate chain handle.

Returns

KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_CLOSE_INCOMPLETE_CHAIN if all certificates were not saved. In this case, the chain is deleted. Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_cert_chain_create	(	kcm_cert_chain_handle *	kcm_chain_handle,
		const uint8_t *	kcm_chain_name,
		size_t	kcm_chain_name_len,
		size_t	kcm_chain_len,
		bool	kcm_chain_is_factory
	)

Initializes the chain context for the write chain operation. This API must be called before the kcm_cert_chain_add_next API.

Parameters

[out]	kcm_chain_handle	A pointer to the certificate chain handle.
[in]	kcm_chain_name	Certificate chain name.
[in]	kcm_chain_name_len	Certificate chain name length.
[in]	kcm_chain_len	The number of certificates in the chain.
[in]	kcm_chain_is_factory	True if the KCM chain is a factory item; otherwise, false.

Returns

KCM_STATUS_SUCCESS in case of success.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_cert_chain_delete	(	const uint8_t *	kcm_chain_name,
		size_t	kcm_chain_name_len
	)

Deletes all certificates of the chain from storage. For an invalid chain, the API deletes all reachable certificates and returns a relevant error.

Parameters

[in]	kcm_chain_name	Certificate chain name.
[in]	kcm_chain_name_len	Certificate chain name length.

Returns

KCM_STATUS_SUCCESS in the event of success.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_cert_chain_get_next_data	(	kcm_cert_chain_handle	kcm_chain_handle,
		uint8_t *	kcm_cert_data,
		size_t	kcm_max_cert_data_size,
		size_t *	kcm_actual_cert_data_size
	)

Returns the data of the next certificate in the chain. Call this API after kcm_cert_chain_open. To get the exact size of the next certificate, use kcm_cert_chain_get_next_size. In the end of the get data operation, the chain context points to the next certificate of the current chain.

Parameters

[in]	kcm_chain_handle	The certificate chain handle.
[out]	kcm_cert_data	A pointer to the certificate data in DER format.
[in]	kcm_max_cert_data_size	The maximum size of the certificate data buffer.
[out]	kcm_actual_cert_data_size	The actual size of the certificate data.

Returns

KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN if the end of the chain is reached.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_cert_chain_get_next_size	(	kcm_cert_chain_handle	kcm_chain_handle,
		size_t *	kcm_cert_data_size
	)

Returns the size of the next certificate in the chain. You must call this API after kcm_cert_chain_open. You can call this API before kcm_cert_chain_get_next_data. This operation does not increase the chain's context iterator.

Parameters

[in]	kcm_chain_handle	The certificate chain handle.
[out]	kcm_cert_data_size	The pointer size of the next certificate.

Returns

KCM_STATUS_SUCCESS in the event of success.
KCM_STATUS_INVALID_NUM_OF_CERT_IN_CHAIN if the end of the chain is reached.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_cert_chain_open	(	kcm_cert_chain_handle *	kcm_chain_handle,
		const uint8_t *	kcm_chain_name,
		size_t	kcm_chain_name_len,
		size_t *	kcm_chain_len_out
	)

Initializes the chain context for the read chain operation. This API must be called before the kcm_cert_chain_get_next_size and kcm_cert_chain_get_next_data APIs.

Parameters

[out]	kcm_chain_handle	A pointer to the certificate chain handle.
[in]	kcm_chain_name	Certificate chain name.
[in]	kcm_chain_name_len	Certificate chain name length. Must be equal to or less than KCM_MAX_NUMBER_OF_CERTIFICATES_IN_CHAIN.
[out]	kcm_chain_len	The length of the certificate chain.

Returns

KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_ITEM_NOT_FOUND if the first certificate of the chain is missing.
If one of the next certificates is missing, the function returns:

• KCM_STATUS_ITEM_NOT_FOUND for SST and PSA storage configurations.
  
• KCM_STATUS_SUCCESS for Device Management Client secure storage configuration.
  

If there is an attempt to read the missing certificate using the opened chain handle, through the kcm_cert_chain_get_next_size or kcm_cert_chain_get_next_data APIs, the called API returns a KCM_STATUS_ITEM_NOT_FOUND error.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_certificate_verify_with_private_key	(	const uint8_t *	kcm_cert_data,
		size_t	kcm_cert_data_size,
		const uint8_t *	kcm_priv_key_name,
		size_t	kcm_priv_key_name_len
	)

Verifies the device-generated certificate against the given private key name from storage.
You can call this function when the device initiates certificate creation using the kcm_generate_keys_and_csr or kcm_csr_generate functions.
In this case, the function checks the correlation between the certificate's public key and the given private key generated by the device and saved in device storage.

We recommend verifying the certificate against the private key before injecting it to the device.

Parameters

[in]	kcm_cert_data	The DER certificate data buffer.
[in]	kcm_cert_data_size	The size of the DER certificate data buffer in bytes.
[in]	kcm_priv_key_name	The private key name of the certificate. The function assumes that the key was generated by the device and saved in the storage.
[in]	kcm_priv_key_name_len	The length of the private key name of the certificate.

Returns

KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_ITEM_NOT_FOUND if the private key was not found in storage.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_csr_generate	(	const uint8_t *	private_key_name,
		size_t	private_key_name_len,
		const kcm_csr_params_s *	csr_params,
		uint8_t *	csr_buff_out,
		size_t	csr_buff_max_size,
		size_t *	csr_buff_act_size
	)

Generates a general CSR from the given (previously stored) private key.

Parameters

[in]	private_key_name	The private key name to fetch from storage.
[in]	private_key_name_len	The length of the private key name.
[in]	csr_params	CSR parameters.
[out]	csr_buff_out	A pointer to the generated CSR buffer to fill. To calculate the approximate size of the CSR buffer size, take the sum of the public key size, signature size, kcm_csr_params_s size, and add 100 extra bytes for ASN.1 encoding.
[in]	csr_buff_max_size	The size of the supplied CSR buffer.
[out]	csr_buff_act_size	The actual size of the filled CSR buffer.

Returns

KCM_STATUS_SUCCESS in the event of success.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_factory_reset

(

void

)

Resets the KCM secure storage to factory state.

Returns

KCM_STATUS_SUCCESS in success.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_finalize

(

void

)

Finalizes the KCM module. Finalizes and frees file storage resources.

Returns

KCM_STATUS_SUCCESS in case of success. One of the kcm_status_e errors otherwise.

kcm_status_e kcm_generate_keys_and_csr	(	kcm_crypto_key_scheme_e	key_scheme,
		const uint8_t *	private_key_name,
		size_t	private_key_name_len,
		const uint8_t *	public_key_name,
		size_t	public_key_name_len,
		bool	kcm_item_is_factory,
		const kcm_csr_params_s *	csr_params,
		uint8_t *	csr_buff_out,
		size_t	csr_buff_max_size,
		size_t *	csr_buff_act_size_out,
		const kcm_security_desc_s	kcm_item_info
	)

Generates a key pair. Stores the private key and, optionally, public key. Then generates a CSR from the private key.

This API combines the functionality of the kcm_key_pair_generate_and_store and kcm_csr_generate APIs.

Parameters

[in]	key_scheme	The cryptographic scheme.
[in]	private_key_name	The private key name to generate.
[in]	private_key_name_len	The length of the private key name.
[in]	public_key_name	The public key name for which a key pair is generated. This parameter is optional. If not provided, the key is generated, but not stored.
[in]	public_key_name_len	The length of the public key name. Must be 0, if public_key_name is not provided.
[in]	kcm_item_is_factory	True if the KCM item is a factory item; otherwise, it is false.
[in]	csr_params	CSR parameters.
[out]	csr_buff_out	A pointer to the generated CSR buffer to fill.
[in]	csr_buff_max_size	The size of the supplied CSR buffer.
[out]	csr_buff_act_size	The actual size of the filled CSR buffer.
[in]	kcm_item_info	Additional item data. For a non-PSA build, this parameter must be set to NULL. If you are using a secure element: (1) If NULL, the API generates and stores the private and public keys in the default location, which is set pre-build. (2) If set to kcm_item_extra_info_s, the API generates and stores the private and public keys in the selected location.

Returns

KCM_STATUS_SUCCESS in case of success.
Otherwise, one of the kcm_status_e errors.

kcm_status_e kcm_generate_random	(	uint8_t *	buffer,
		size_t	buffer_size
	)

Generates a random number into a given buffer of a given size in bytes.

The function returns an error if entropy is expected and the function is called before entropy was injected.

Parameters

[out]	buffer	A pointer to a buffer that holds the generated number.
[in]	buffer_size	The size of the buffer and the size of the required random number to generate.

Returns

KCM_STATUS_SUCCESS on success.
KCM_STATUS_INVALID_PARAMETER if one of the parameters is illegal.
KCM_CRYPTO_STATUS_ENTROPY_MISSING if entropy is expected and wasn't injected.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_init

(

void

)

Initiates the KCM module. Allocates and initializes file storage resources.

Returns

KCM_STATUS_SUCCESS in case of success.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_item_delete	(	const uint8_t *	kcm_item_name,
		size_t	kcm_item_name_len,
		kcm_item_type_e	kcm_item_type
	)

Deletes a KCM item from a secure storage.

Supports the following item types:

• Private/public key
• Certificates

• Configuration parameters

  Parameters

  [in]	kcm_item_name	KCM item name.
  [in]	kcm_item_name_len	KCM item name length.
  [in]	kcm_item_type	KCM item type as defined in kcm_item_type_e.

  Returns

  KCM_STATUS_SUCCESS status in case of success. One of the kcm_status_e errors otherwise.

kcm_status_e kcm_item_get_data	(	const uint8_t *	kcm_item_name,
		size_t	kcm_item_name_len,
		kcm_item_type_e	kcm_item_type,
		uint8_t *	kcm_item_data_out,
		size_t	kcm_item_data_max_size,
		size_t *	kcm_item_data_act_size_out
	)

Retrieves KCM item data from secure storage.

Supports the following item types:

• Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
• Certificates

• Configuration parameters

  Parameters

  [in]	kcm_item_name	KCM item name.
  [in]	kcm_item_name_len	KCM item name length.
  [in]	kcm_item_type	KCM item type as defined in kcm_item_type_e.
  [out]	kcm_item_data_out	KCM item data output buffer. Can be NULL if kcm_item_data_size is 0. Use the kcm_item_get_data_size API to get the required buffer size for allocation.
  [in]	kcm_item_data_max_size	The maximum size of the KCM item data output buffer in bytes.
  [out]	kcm_item_data_act_size_out	Actual KCM item data output buffer size in bytes.

  Returns

  KCM_STATUS_SUCCESS in case of success.
  KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in secure storage. One of the kcm_status_e errors otherwise.

kcm_status_e kcm_item_get_data_size	(	const uint8_t *	kcm_item_name,
		size_t	kcm_item_name_len,
		kcm_item_type_e	kcm_item_type,
		size_t *	kcm_item_data_size_out
	)

Retrieves the KCM item data size from secure storage.

Supports the following item types:

• Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
• Certificates

• Configuration parameters

  Parameters

  [in]	kcm_item_name	KCM item name.
  [in]	kcm_item_name_len	KCM item name length.
  [in]	kcm_item_type	KCM item type as defined in kcm_item_type_e.
  [out]	kcm_item_data_size_out	KCM item data size in bytes.

  Returns

  KCM_STATUS_SUCCESS in case of success.
  KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in the secure storage.
  One of the kcm_status_e errors otherwise.

kcm_status_e kcm_item_get_size_and_data	(	const uint8_t *	kcm_item_name,
		size_t	kcm_item_name_len,
		kcm_item_type_e	kcm_item_type,
		uint8_t **	kcm_item_data_out,
		size_t *	kcm_item_data_size_out
	)

Retrieves KCM item data and its size from secure storage.

Combines the kcm_item_get_data_size and kcm_item_get_data APIs.

The buffer for the data is allocated internally and the caller is responsible to free it. If a kcm_status_e error returned, there is no need to free the buffer.

Supports the following item types:

• Private/public key for non-PSA mode (MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is off)
• Certificates

• Configuration parameters

  Parameters

  [in]	kcm_item_name	KCM item name.
  [in]	kcm_item_name_len	KCM item name length.
  [in]	kcm_item_type	KCM item type as defined in kcm_item_type_e.
  [out]	kcm_item_data_out	KCM item data output buffer. The buffer allocated internally.
  [out]	kcm_item_data_size_out	KCM item data output buffer size in bytes.

  Returns

  KCM_STATUS_SUCCESS in case of success.
  KCM_STATUS_ITEM_NOT_FOUND if kcm_item_name isn't found in secure storage.
  One of the kcm_status_e errors otherwise.

kcm_status_e kcm_item_store	(	const uint8_t *	kcm_item_name,
		size_t	kcm_item_name_len,
		kcm_item_type_e	kcm_item_type,
		bool	kcm_item_is_factory,
		const uint8_t *	kcm_item_data,
		size_t	kcm_item_data_size,
		const kcm_security_desc_s	kcm_item_info
	)

Stores a KCM item in secure storage.

Supports the following item types:

• Private/public key
• Certificates
• Configuration parameters

Warning: Powering down a device, a power failure, or even a drop in power that occurs when you store an item with kcm_item_is_factory set to true can cause corruption of the saved factory item. The kcm_factory_reset API will fail if a factory item is corrupted. Do not power down a device while storing KCM factory items.

When MBED_CONF_MBED_CLOUD_CLIENT_PSA_SUPPORT is on, the KCM_PRIVATE_KEY_ITEM and KCM_PUBLIC_KEY_ITEM types are stored in PSA storage.

Item name restrictions (the kcm_item_name argument): kcm_item_name must only include the following characters: a-z, A-Z, 0-9, _, -, ..

Parameters

[in]	kcm_item_name	KCM item name. See comment above.
[in]	kcm_item_name_len	KCM item name length. kcm_item_name_len must be at most KCM_MAX_FILENAME_SIZE bytes.
[in]	kcm_item_type	KCM item type as defined in kcm_item_type_e.
[in]	kcm_item_is_factory	True if the KCM item is a factory item; otherwise, false.
[in]	kcm_item_data	KCM item data buffer. Can be NULL if kcm_item_data_size is 0.
[in]	kcm_item_data_size	KCM item data buffer size in bytes. Can be 0 if you want to store an empty file.
[in]	kcm_item_info	Security descriptor, caller must set this to NULL.

Returns

KCM_STATUS_SUCCESS in case of success.
KCM_STATUS_FILE_EXIST when trying to store an item that already exists.
KCM_STATUS_FILE_NAME_TOO_LONG if kcm_item_name_len is too long.
KCM_STATUS_FILE_NAME_INVALID if kcm_item_name contains illegal characters.
One of the kcm_status_e errors otherwise.

kcm_status_e kcm_key_pair_generate_and_store	(	const kcm_crypto_key_scheme_e	key_scheme,
		const uint8_t *	private_key_name,
		size_t	private_key_name_len,
		const uint8_t *	public_key_name,
		size_t	public_key_name_len,
		bool	kcm_item_is_factory,
		const kcm_security_desc_s	kcm_item_info
	)

Generates a key pair that complies with the given cryptographic scheme in DER format. Saves the private and public key, if provided.

Parameters

[in]	key_scheme	The cryptographic scheme. Currently, the API only supports the NIST (National Institute of Standards and Technology) P-256 elliptic curve cryptography scheme (KCM_SCHEME_EC_SECP256R1).
[in]	private_key_name	The private key name for which a key pair is generated.
[in]	private_key_name_len	The length of the private key name.
[in]	public_key_name	The public key name for which a key pair is generated. This parameter is optional. If not provided, the key is generated, but not stored.
[in]	public_key_name_len	The length of the public key name. Must be 0, if public_key_name is not provided.
[in]	kcm_item_is_factory	True if the KCM item is a factory item; otherwise, it is false.
[in]	kcm_item_info	Additional item data. For a non-PSA build, this parameter must be set to NULL. If you are using a secure element: (1) If NULL, the private and public keys are generated and stored in the default location, which is set pre-build. (2) If set to kcm_item_extra_info_s, the private and public keys are generated and stored in the selected location.

Returns

KCM_STATUS_SUCCESS in the event of success.
Otherwise, one of the kcm_status_e errors.