Retrieving items
Retrieving factory items
The KCM APIs for retrieving items are kcm_item_get_data_size, kcm_item_get_data and kcm_item_get_size_and_data.
The kcm_item_get_size_and_data API combines the functionality of the kcm_item_get_data_size and kcm_item_get_data APIs.
The APIs support the following item types, represented by the enumerator kcm_item_type_e:
- Private/public key
- Certificates
- Configuration parameters
You need to allocate a buffer to be filled with data using the kcm_item_get_data API. The API returns the size of the data in the buffer. When you use the kcm_item_get_size_and_data API, the buffer for the data is allocated internally, and you need to free the buffer only if the API returns a KCM_STATUS_SUCCESS value.
You can use the kcm_item_get_data_size API to allocate the needed buffer dynamically, or to allocate a sufficiently large static buffer.
Example of how to retrieve a single factory item
kcm_status_e kcm_status;
uint8_t *kcm_item_buffer = NULL;
size_t kcm_item_buff_size;
char *custom_key_name = "custom_key";
// Retrieving KCM item size
kcm_status = kcm_item_get_data_size((uint8_t*)custom_key_name,
strlen(custom_key_name),
KCM_PRIVATE_KEY_ITEM,
&kcm_item_buff_size);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
// Allocating buffer for the key
kcm_item_buffer = (uint8_t*)malloc(kcm_item_buff_size);
if(kcm_item_buffer == NULL) {
return 1;
}
kcm_status = kcm_item_get_data((uint8_t*)custom_key_name,
strlen(custom_key_name),
KCM_PRIVATE_KEY_ITEM,
kcm_item_buffer,
kcm_item_buff_size,
&kcm_item_buff_size);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
Alternatively, you can use the kcm_item_get_size_and_data API:
kcm_status_e kcm_status;
uint8_t *kcm_item_buffer = NULL;
size_t kcm_item_buff_size;
char *custom_key_name = "custom_key";
kcm_status = kcm_item_get_size_and_data((uint8_t*)custom_key_name,
strlen(custom_key_name),
KCM_PRIVATE_KEY_ITEM,
&kcm_item_buffer,
&kcm_item_buff_size);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
free(kcm_item_buffer);
Retrieving a certificate chain
The KCM APIs for retrieving certificate chains are kcm_cert_chain_get_next_size and kcm_cert_chain_get_next_data.
You need to allocate a buffer to be filled with data using the kcm_cert_chain_get_next_data API. The API returns the size of the data in the buffer.
You can use the kcm_cert_chain_get_next_size API to allocate the needed buffer dynamically, or to allocate a sufficiently large static buffer.
Example of how to retrieve a certificate chain
kcm_status_e kcm_status;
kcm_cert_chain_handle cert_chain_handle;
char chain_file_name[] = "test_cert_chain";
size_t kcm_chain_len;
uint8_t *data_buffer = NULL;
size_t buffer_size;
uint32_t j;
// open existing chain
kcm_status = kcm_cert_chain_open(&cert_chain_handle, (uint8_t*)chain_file_name, strlen(chain_file_name), &kcm_chain_len);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
for (j = 0; j < kcm_chain_len; j++) {
// get size
kcm_status = kcm_cert_chain_get_next_size(cert_chain_handle, &buffer_size);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
data_buffer = malloc(buffer_size);
if(data_buffer == NULL) {
return 1;
}
//get data
kcm_status = kcm_cert_chain_get_next_data(cert_chain_handle, data_buffer, buffer_size, &buffer_size);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}
free(data_buffer);
}
// close chain
kcm_status = kcm_cert_chain_close(cert_chain_handle);
if(kcm_status != KCM_STATUS_SUCCESS) {
return 1;
}