#include <generic-backend/exception.h>
#include <sw-backend/store.h>
#include <tz-backend/store.h>
+#include <tz-backend/tz-context.h>
#include <tee_client_api.h>
#include <km_ta_defines.h>
namespace {
-const std::string TA_STORE_PATH = "/usr/lib/tastore";
-
template <typename T>
std::string ValueToString(const T& value)
{
return str.str();
}
-std::string convertTeecUUIDToString(TEEC_UUID uuid)
-{
- std::string uuidStr;
- uuidStr += ValueToString(uuid.timeLow);
- uuidStr += ValueToString(uuid.timeMid);
- uuidStr += ValueToString(uuid.timeHiAndVersion);
- for (auto& c: uuid.clockSeqAndNode)
- uuidStr += ValueToString(c);
-
- return uuidStr;
-}
-
CryptoBackend chooseCryptoBackend(DataType data,
const Policy &policy,
bool encrypted)
if (!data.isSKey())
return CryptoBackend::OpenSSL;
- // Check if key-manager TA exists
- std::string taUUIDStr = convertTeecUUIDToString(KM_TA_UUID);
-
- LogDebug("Checking for " << TA_STORE_PATH << "/" << taUUIDStr);
- std::ifstream taFile(TA_STORE_PATH + "/" + taUUIDStr);
- if (taFile)
- return CryptoBackend::TrustZone;
+ try {
+ LogDebug("Trying to open TA session...");
+ TZ::Internals::TrustZoneContext::Instance();
+ } catch (const Exc::Crypto::InternalError& e) {
+ LogDebug("...failed. Selecting SW backend.");
+ return CryptoBackend::OpenSSL;
+ }
- // no TA available - fallback to OpenSSL
- return CryptoBackend::OpenSSL;
+ LogDebug("...succeeded. Selecting TZ backend.");
+ return CryptoBackend::TrustZone;
}
} // namespace