Mistake on this page? Email us
kcm_defs.h File Reference

Key and configuration manager (KCM) definitions. More...

#include <stdint.h>

Go to the source code of this file.

Data Structures

struct  kcm_csr_params_
 

Macros

#define KCM_MAX_FILENAME_SIZE   100
 
#define KCM_MAX_NUMBER_OF_CERTITICATES_IN_CHAIN   5
 
#define KCM_SHA256_SIZE   32
 
#define KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE   64
 
#define KCM_EC_SECP256R1_SHARED_SECRET_SIZE   32
 

Typedefs

typedef void * kcm_cert_chain_handle
 
typedef uintptr_t kcm_key_handle_t
 
typedef void * kcm_security_desc_s
 
typedef struct kcm_csr_params_ kcm_csr_params_s
 

Enumerations

enum  kcm_item_type_e {
  KCM_PRIVATE_KEY_ITEM, KCM_PUBLIC_KEY_ITEM, KCM_SYMMETRIC_KEY_ITEM, KCM_CERTIFICATE_ITEM,
  KCM_CONFIG_ITEM, KCM_LAST_ITEM
}
 
enum  kcm_md_type_e { KCM_MD_NONE = 0x0, KCM_MD_SHA256 = 0x1 }
 
enum  kcm_csr_key_usage_e {
  KCM_CSR_KU_NONE = 0x0, KCM_CSR_KU_DIGITAL_SIGNATURE = 0x1, KCM_CSR_KU_NON_REPUDIATION = 0x2, KCM_CSR_KU_KEY_CERT_SIGN = 0x4,
  KCM_CSR_KU_KEY_AGREEMENT = 0x8
}
 
enum  kcm_csr_ext_key_usage_e {
  KCM_CSR_EXT_KU_NONE = 0, KCM_CSR_EXT_KU_ANY = (1 << 0), KCM_CSR_EXT_KU_SERVER_AUTH = (1 << 1), KCM_CSR_EXT_KU_CLIENT_AUTH = (1 << 2),
  KCM_CSR_EXT_KU_CODE_SIGNING = (1 << 3), KCM_CSR_EXT_KU_EMAIL_PROTECTION = (1 << 4), KCM_CSR_EXT_KU_TIME_STAMPING = (1 << 8), KCM_CSR_EXT_KU_OCSP_SIGNING = (1 << 9)
}
 
enum  kcm_crypto_key_scheme_e { KCM_SCHEME_NONE, KCM_SCHEME_EC_SECP256R1 }
 

Detailed Description

Key and configuration manager (KCM) definitions.

Macro Definition Documentation

#define KCM_EC_SECP256R1_SHARED_SECRET_SIZE   32

Size in bytes of the EC SECP256R1 shared secret.

#define KCM_EC_SECP256R1_SIGNATURE_RAW_SIZE   64

Size in bytes of the EC SECP256R1 signature in raw format.

#define KCM_MAX_FILENAME_SIZE   100

Maximum KCM file name length.

#define KCM_MAX_NUMBER_OF_CERTITICATES_IN_CHAIN   5

Maximum length of the certificate chain on the device.

#define KCM_SHA256_SIZE   32

Size in bytes of the EC SECP256R1 hash digest.

Typedef Documentation

This struct contains CSR parameters for the future-generated CSR.

Parameters
subjectString that contains the subject (distinguished name) of the certificate in the predefined format.
Consists of a comma-separated list of the Object Identifier (OID) types and values; for example, "C=UK,O=ARM,CN=mbed TLS Server 1". See the instructions for generating a CSR for the full list of supported OIDs.
md_typeMessage digest selected from kcm_md_type_e.
key_usageKey usage extension bit-mask selected from kcm_csr_key_usage_e. If the requested CSR does not contain a key usage extension, set to ::KCM_CSR_KU_NONE.
ext_key_usageExtended key usage extensions bit-mask selected from kcm_csr_ext_key_usage_e. If the requested CSR does not contain an extended key usage extension, set to ::KCM_CSR_EXT_KU_NONE.
typedef uintptr_t kcm_key_handle_t

KCM key handle type. Represents a reference to an internal KCM key handler.

typedef void* kcm_security_desc_s

Optional item info. Currently used only for PSA configuration for PSA key policy transfer.

Enumeration Type Documentation

Cryptographic scheme types. Currently, only ECC-256 curve is supported. Additional schemes can be added.

Enumerator
KCM_SCHEME_EC_SECP256R1 

KCM ECC cryptographic scheme, 256-bit NIST curve.

X.509 v3 extended key usage extension bit-mask options.

Enumerator
KCM_CSR_EXT_KU_SERVER_AUTH 

SSL/TLS web server authentication.

KCM_CSR_EXT_KU_CLIENT_AUTH 

SSL/TLS web client authentication.

KCM_CSR_EXT_KU_CODE_SIGNING 

Code signing.

KCM_CSR_EXT_KU_EMAIL_PROTECTION 

Email protection (S/MIME).

KCM_CSR_EXT_KU_TIME_STAMPING 

Trusted time stamping.

KCM_CSR_EXT_KU_OCSP_SIGNING 

OCSP signing.

X.509 v3 key usage extension bit-mask options.

Enumerator
KCM_CSR_KU_DIGITAL_SIGNATURE 

Digital signature key usage extension bit.

KCM_CSR_KU_NON_REPUDIATION 

Nonrepudiation key usage extension bit.

KCM_CSR_KU_KEY_CERT_SIGN 

Certificate signing key usage extension bit.

KCM_CSR_KU_KEY_AGREEMENT 

Key agreement key usage extension bit.

KCM item types.

Enumerator
KCM_PRIVATE_KEY_ITEM 

KCM private key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (pal_Crypto.h).

KCM_PUBLIC_KEY_ITEM 

KCM public key item type. KCM supports ECC keys with curves defined in palGroupIndex_t (pal_Crypto.h).

KCM_SYMMETRIC_KEY_ITEM 

KCM symmetric key item type.

KCM_CERTIFICATE_ITEM 

KCM certificate item type. Supports x509 certificates in DER format.

KCM_CONFIG_ITEM 

KCM configuration parameter item type.

KCM_LAST_ITEM 

KCM undefined item type.

Supported message digests.

Enumerator
KCM_MD_SHA256 

KCM SHA256 message digest.