2 * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
19 * @author Lukasz Kostyra (l.kostyra@samsung.com)
22 #include <dpl/log/log.h>
24 #include <crypto-backend.h>
26 #include <platform/decider.h>
28 #include <generic-backend/exception.h>
29 #include <sw-backend/store.h>
30 #include <tz-backend/store.h>
32 #include <tee_client_api.h>
33 #include <km_ta_defines.h>
44 const std::string TA_STORE_PATH = "/usr/lib/tastore";
47 std::string ValueToString(const T& value)
49 std::stringstream str;
50 // we need to re-cast because otherwise stringstream
51 // will write our value incorrectly
52 str << std::setfill('0') << std::setw(2 * sizeof(T)) << std::hex
53 << static_cast<uint64_t>(value);
57 std::string convertTeecUUIDToString(TEEC_UUID uuid)
60 uuidStr += ValueToString(uuid.timeLow);
61 uuidStr += ValueToString(uuid.timeMid);
62 uuidStr += ValueToString(uuid.timeHiAndVersion);
63 for (auto& c: uuid.clockSeqAndNode)
64 uuidStr += ValueToString(c);
69 CryptoBackend chooseCryptoBackend(DataType data, bool exportable,
72 // For now only software backend supports device encyption key
73 // TODO tz-backend could support the master key, but it would require
74 // hardcoding a known key ID and querying TA whether the key is
77 return CryptoBackend::OpenSSL;
79 // Only software backend allows for key export
81 return CryptoBackend::OpenSSL;
83 // Use TrustZone only with symmetric keys until asymmetric
84 // cryptography is implemented
86 return CryptoBackend::OpenSSL;
88 // Check if key-manager TA exists
89 std::string taUUIDStr = convertTeecUUIDToString(KM_TA_UUID);
91 LogDebug("Checking for " << TA_STORE_PATH << "/" << taUUIDStr);
92 std::ifstream taFile(TA_STORE_PATH + "/" + taUUIDStr);
94 return CryptoBackend::TrustZone;
96 // no TA available - fallback to OpenSSL
97 return CryptoBackend::OpenSSL;
103 : m_swStore(new SW::Store(CryptoBackend::OpenSSL))
104 , m_tzStore(new TZ::Store(CryptoBackend::TrustZone))
108 GStore &Decider::getStore(const Token &token) const
110 return getStore(token.backendId);
113 GStore &Decider::getStore(CryptoBackend cryptoBackend) const
115 GStore *gStore = NULL;
117 if (cryptoBackend == CryptoBackend::OpenSSL)
118 gStore = m_swStore.get();
120 if (cryptoBackend == CryptoBackend::TrustZone)
121 gStore = m_tzStore.get();
126 ThrowErr(Exc::Crypto::InternalError,
127 "Backend not available. BackendId: ", (int)cryptoBackend);
130 GStore &Decider::getStore(DataType data, bool exportable, bool encrypted) const
132 return getStore(chooseCryptoBackend(data, exportable, encrypted));
135 } // namespace Crypto