Hello
I am using the APII described here:
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/include/modem/modem_key_mgmt.html
to add keys to the modem.
I use the write() function to write keys and then to read and compare. The write function returns successfully, but the comparison fails.
here is my code:
static int _emma_certificate_write_key(enum modem_key_mgmt_cred_type key_type, const char *key_string)
{
int ret;
int len;
len = strlen(key_string);
LOG_INF("Writting key to the modem. tag=%d type=%d len=%d", CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, len);
ret = modem_key_mgmt_write(CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, key_string, len);
if (ret)
{
LOG_ERR("Could not write key of tag=%d type=%d len=%d ret=%d", CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, len, ret);
return EMMA_RET_FAILED_WRITE_CERTIFICATE;
}
return EMMA_RET_OK;
}
/*-----------------------------------------------*/
/* Write All keys */
/*-----------------------------------------------*/
static void _emma_certificate_write_all_keys(void)
{
_emma_certificate_write_key(MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN, EMMA_CERTIFICATE);
_emma_certificate_write_key(MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, EMMA_CERTIFICATE_PRIVATE_KEY);
_emma_certificate_write_key(MODEM_KEY_MGMT_CRED_TYPE_PSK, EMMA_CERTIFICATE_PSK_KEY);
}
/*-----------------------------------------------*/
/* Verify a key exists */
/*-----------------------------------------------*/
static bool _emma_certificate_verify_key(enum modem_key_mgmt_cred_type key_type, char *key_string)
{
int ret;
bool exists;
uint8_t perm_flags;
int len;
ret = modem_key_mgmt_exists(CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, &exists, &perm_flags);
if(ret != EMMA_RET_OK)
{
LOG_ERR("Failed to check if Certificate %d exists in the modem err=%d", key_type, ret);
return false;
}
if(exists)
{
LOG_INF("The Certificate %d already exists in the modem.", key_type);
}
len = strlen(key_string);
ret = modem_key_mgmt_cmp(CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, key_string, len);
if (ret)
{
LOG_ERR("The existing key in the modem does not match the expected. tag=%d type=%d len=%d ret=%d", CONFIG_AZURE_IOT_HUB_SEC_TAG, key_type, len, ret);
return false;
}
return true;
}
/*-----------------------------------------------*/
/* Verify our keys exist */
/*-----------------------------------------------*/
static bool _emma_certificate_verify_all_keys(void)
{
int num_existing_keys = 0;
if(_emma_certificate_verify_key(MODEM_KEY_MGMT_CRED_TYPE_CA_CHAIN, EMMA_CERTIFICATE))
{
num_existing_keys++;
}
if(_emma_certificate_verify_key(MODEM_KEY_MGMT_CRED_TYPE_PRIVATE_CERT, EMMA_CERTIFICATE_PRIVATE_KEY))
{
num_existing_keys++;
}
if(_emma_certificate_verify_key(MODEM_KEY_MGMT_CRED_TYPE_PSK, EMMA_CERTIFICATE_PSK_KEY))
{
num_existing_keys++;
}
if(num_existing_keys != 3)
{
return true;
}
return false;
}
_emma_certificate_write_all_keys();
if(_emma_certificate_verify_all_keys())
{
LOG_INF("All the keys exist in the modem");
return EMMA_RET_OK;
}
The output is:
00:00:00.221,618] <inf> emma: The Certificate 0 already exists in the modem.
[00:00:00.238,677] <inf> emma: The Certificate 2 already exists in the modem.
[00:00:00.246,551] <err> emma: The existing key in the modem does not match the expected. tag=5659593 type=2 len=1062 ret=1
[00:00:00.248,779] <inf> emma: The Certificate 3 already exists in the modem.
[00:00:00.250,610] <err> emma: The existing key in the modem does not match the expected. tag=5659593 type=3 len=44 ret=1
Would you please someone help?
Danny
