2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
19 * @author Lukasz Kostyra (l.kostyra@samsung.com)
22 #include <dpl/log/log.h>
24 #include <crypto-backend.h>
26 #include <platform/decider.h>
28 #include <generic-backend/exception.h>
29 #include <sw-backend/store.h>
30 #include <tz-backend/store.h>
32 #include <tee_client_api.h>
33 #include <km_ta_defines.h>
44 const std::string TA_STORE_PATH = "/usr/lib/tastore";
47 std::string ValueToString(const T& value)
49 std::stringstream str;
50 // we need to re-cast because otherwise stringstream
51 // will write our value incorrectly
52 str << std::setfill('0') << std::setw(2 * sizeof(T)) << std::hex
53 << static_cast<uint64_t>(value);
57 std::string convertTeecUUIDToString(TEEC_UUID uuid)
60 uuidStr += ValueToString(uuid.timeLow);
61 uuidStr += ValueToString(uuid.timeMid);
62 uuidStr += ValueToString(uuid.timeHiAndVersion);
63 for (auto& c: uuid.clockSeqAndNode)
64 uuidStr += ValueToString(c);
69 CryptoBackend chooseCryptoBackend(DataType data,
73 // user directly point proper backend - we will not discuss with it
74 if (policy.backend == CKM::PolicyBackend::FORCE_SOFTWARE)
75 return CryptoBackend::OpenSSL;
77 // user directly point proper backend - we will not discuss with it
78 if (policy.backend == CKM::PolicyBackend::FORCE_HARDWARE)
79 return CryptoBackend::TrustZone;
81 // For now only software backend supports device encyption key
82 // TODO tz-backend could support the master key, but it would require
83 // hardcoding a known key ID and querying TA whether the key is
86 return CryptoBackend::OpenSSL;
88 // Only software backend allows for key export
89 if (policy.extractable)
90 return CryptoBackend::OpenSSL;
92 // Use TrustZone only with symmetric keys until asymmetric
93 // cryptography is implemented
95 return CryptoBackend::OpenSSL;
97 // Check if key-manager TA exists
98 std::string taUUIDStr = convertTeecUUIDToString(KM_TA_UUID);
100 LogDebug("Checking for " << TA_STORE_PATH << "/" << taUUIDStr);
101 std::ifstream taFile(TA_STORE_PATH + "/" + taUUIDStr);
103 return CryptoBackend::TrustZone;
105 // no TA available - fallback to OpenSSL
106 return CryptoBackend::OpenSSL;
112 : m_swStore(new SW::Store(CryptoBackend::OpenSSL))
113 , m_tzStore(new TZ::Store(CryptoBackend::TrustZone))
117 GStore &Decider::getStore(const Token &token) const
119 return getStore(token.backendId);
122 GStore &Decider::getStore(CryptoBackend cryptoBackend) const
124 GStore *gStore = NULL;
126 if (cryptoBackend == CryptoBackend::OpenSSL)
127 gStore = m_swStore.get();
129 if (cryptoBackend == CryptoBackend::TrustZone)
130 gStore = m_tzStore.get();
135 ThrowErr(Exc::Crypto::InternalError,
136 "Backend not available. BackendId: ", (int)cryptoBackend);
139 GStore &Decider::getStore(DataType data, const Policy &policy, bool encrypted) const
141 return getStore(chooseCryptoBackend(data, policy, encrypted));
144 } // namespace Crypto