2 * Copyright (c) 2017-2022 Samsung Electronics Co., Ltd. All rights reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License
18 * @author isaac2.lee (isaac2.lee@samsung.com)
24 #include <generic-backend/exception.h>
25 #include <generic-backend/algo-validation.h>
26 #include <generic-backend/crypto-params.h>
27 #include <dpl/log/log.h>
28 #include <ckm/ckm-type.h>
30 #include <se-backend/internals.h>
31 #include <key-manager-se-backend.h>
32 #include <key-provider.h>
34 #ifndef UNUSED_PARAMETER
35 #define UNUSED_PARAMETER(x) (void)(x)
43 RawBuffer toRawBuffer(unsigned char* buf, uint32_t buf_len)
46 output.assign(buf, buf + buf_len);
50 kmsb_hash_algo_e getHashType(const CryptoAlgorithm &alg)
52 HashAlgorithm hash = unpack<HashAlgorithm>(alg, ParamName::SV_HASH_ALGO);
55 case HashAlgorithm::SHA1:
56 return KMSB_HASH_SHA1;
57 case HashAlgorithm::SHA256:
58 return KMSB_HASH_SHA256;
59 case HashAlgorithm::SHA384:
60 return KMSB_HASH_SHA384;
61 case HashAlgorithm::SHA512:
62 return KMSB_HASH_SHA512;
66 return KMSB_HASH_SHA256;
69 kmsb_ec_type_e getEcType(const ElipticCurve ecType)
71 if (ecType == ElipticCurve::prime192v1)
72 return KMSB_EC_PRIME192V1;
73 else if (ecType == ElipticCurve::prime256v1)
74 return KMSB_EC_PRIME256V1;
75 else if (ecType == ElipticCurve::secp384r1)
76 return KMSB_EC_SECP384R1;
77 return KMSB_EC_PRIME256V1;
80 int kmsb_failure_retry(std::function<int()> func)
82 int result = KMSB_ERROR_NONE;
83 for (size_t attempt = 0; attempt < 3; ++attempt) {
85 if (result == KMSB_ERROR_NONE || result == KMSB_ERROR_NO_KEY)
87 LogError("occured err inside SE(errcode:" << result << ")");
93 void generateSKey(const CryptoAlgorithm &alg,
94 const uint32_t key_idx)
96 UNUSED_PARAMETER(alg);
97 UNUSED_PARAMETER(key_idx);
99 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
102 void generateAKey(const CryptoAlgorithm &alg,
103 const uint32_t key_idx)
105 UNUSED_PARAMETER(alg);
106 UNUSED_PARAMETER(key_idx);
108 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported");
111 /// @brief encrypt key data using SE api for DB metadata
112 /// @param key: target data for encryption
113 /// @param key_len: target data length
114 /// @param iv: iv data
115 /// @param iv_len: iv data length
116 /// @return Rawbuffer encrypted output
117 RawBuffer encryptWithDbpKey(const unsigned char* key, const uint32_t key_len,
118 const unsigned char* iv, const uint32_t iv_len)
121 unsigned char* output_data;
124 int ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
125 SE_BACKEND_DBP_SCHEME_VERSION,
128 &output_data, &output_len));
129 if (ret == KMSB_ERROR_NO_KEY) {
130 ret = kmsb_failure_retry(std::bind(kmsb_generate_dbp_key,
132 if (ret != KMSB_ERROR_NONE) {
133 LogError("Generate Key: SE Internal error: " << ret);
134 ThrowErr(Exc::Crypto::InternalError, "Generate Key: SE Internal error");
136 ret = kmsb_failure_retry(std::bind(kmsb_encrypt_with_dbp_key,
137 SE_BACKEND_DBP_SCHEME_VERSION,
140 &output_data, &output_len));
142 if (ret != KMSB_ERROR_NONE) {
143 LogError("Encrypt Key: SE Internal error: " << ret);
144 ThrowErr(Exc::Crypto::InternalError, "Encrypt key: SE Internal error");
146 return toRawBuffer(output_data, output_len);
149 RawBuffer halAES(const uint32_t key_idx,
150 const CryptoAlgorithm &alg,
152 const bool isEncrypt)
154 UNUSED_PARAMETER(key_idx);
155 UNUSED_PARAMETER(alg);
156 UNUSED_PARAMETER(data);
157 UNUSED_PARAMETER(isEncrypt);
159 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported AES yet");
162 RawBuffer symmetricEncrypt(const uint32_t key_idx,
163 const CryptoAlgorithm &alg,
166 return halAES(key_idx, alg, data, true);
169 RawBuffer symmetricDecrypt(const uint32_t key_idx,
170 const CryptoAlgorithm &alg,
173 return halAES(key_idx, alg, data, false);
176 RawBuffer asymmetricEncrypt(const uint32_t key_idx,
177 const CryptoAlgorithm &alg,
180 UNUSED_PARAMETER(key_idx);
181 UNUSED_PARAMETER(alg);
182 UNUSED_PARAMETER(data);
184 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
187 RawBuffer asymmetricDecrypt(const uint32_t key_idx,
188 const CryptoAlgorithm &alg,
191 UNUSED_PARAMETER(key_idx);
192 UNUSED_PARAMETER(alg);
193 UNUSED_PARAMETER(data);
195 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported RSA");
198 RawBuffer sign(const uint32_t key_idx,
199 const CryptoAlgorithm &alg,
202 UNUSED_PARAMETER(key_idx);
203 UNUSED_PARAMETER(alg);
204 UNUSED_PARAMETER(message);
206 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported signing yet");
209 int verify(const uint32_t key_idx,
210 const CryptoAlgorithm &alg,
212 RawBuffer &signature)
214 UNUSED_PARAMETER(key_idx);
215 UNUSED_PARAMETER(alg);
216 UNUSED_PARAMETER(hash);
217 UNUSED_PARAMETER(signature);
219 ThrowErr(Exc::Crypto::OperationNotSupported, "SE Backend not supported verifying yet");
222 } // namespace Internals
224 } // namespace Crypto