${KEY_MANAGER_PATH}/crypto/sw-backend/store.cpp
${KEY_MANAGER_PATH}/crypto/sw-backend/crypto-service.cpp
${KEY_MANAGER_PATH}/crypto/platform/decider.cpp
+ ${KEY_MANAGER_PATH}/crypto/tz-backend/key.cpp
+ ${KEY_MANAGER_PATH}/crypto/tz-backend/store.cpp
)
# -fPIE and -pie flag is added for ASLR
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <platform/decider.h>
#include <sw-backend/store.h>
+#include <tz-backend/store.h>
namespace CKM {
namespace Crypto {
Decider::Decider()
: m_swStore(new SW::Store(CryptoBackend::OpenSSL))
+ , m_tzStore(new TZ::Store(CryptoBackend::TrustZone))
{}
-GStore& Decider::getStore(const Token &) {
- // This the place where we should choose backend bases on token information.
- if (!m_swStore) {
- LogError("No backend available.");
- ThrowMsg(CKM::Crypto::Exception::Base, "No backend available.");
- }
- return *m_swStore;
+GStore& Decider::getStore(const Token &token) {
+ return getStore(token.backendId);
};
-CryptoBackend Decider::chooseCryptoBackend(DataType, const Policy &) const {
+GStore& Decider::getStore(CryptoBackend cryptoBackend) {
+ GStore *gStore = NULL;
+ if (cryptoBackend == CryptoBackend::OpenSSL)
+ gStore = m_swStore.get();
+ if (cryptoBackend == CryptoBackend::TrustZone)
+ gStore = m_tzStore.get();
+
+ if (gStore)
+ return *gStore;
+
+ LogError("Backend not available. BackendId: " << (int)cryptoBackend);
+ ThrowMsg(CKM::Crypto::Exception::Base,
+ "Backend not available. BackendId: " << (int)cryptoBackend);
+}
+
+CryptoBackend Decider::chooseCryptoBackend(DataType dataType, const Policy &policy) const {
+// The list of items that MUST be support by OpenSSL
+ if (dataType.isCertificate())
+ return CryptoBackend::OpenSSL;
+
+ if (dataType.isBinaryData())
+ return CryptoBackend::OpenSSL;
+
+ if (policy.extractable)
+ return CryptoBackend::OpenSSL;
+
+// This is the place where we can use trust zone backend
+// Examples:
+//
+// if (dataType.isKeyPrivate())
+// return CryptoBackend::TrustZone;
+
+// This item does not met Trust Zone requirements. Let's use software backend
return CryptoBackend::OpenSSL;
}
/*
- * Copyright (c) 2000 - 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
CryptoBackend chooseCryptoBackend(DataType data, const Policy &policy) const;
virtual ~Decider(){}
-private:
+protected:
+ GStore& getStore(CryptoBackend id);
+
std::unique_ptr<GStore> m_swStore;
+ std::unique_ptr<GStore> m_tzStore;
};
} // Crypto
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file key.cpp
+ * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+namespace CKM {
+namespace Crypto {
+namespace TZ {
+
+} // namespace TZ
+} // namespace Crypto
+} // namespace CKM
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file key.h
+ * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <generic-backend/gkey.h>
+
+namespace CKM {
+namespace Crypto {
+namespace TZ {
+
+class SKey : public GKey {
+public:
+ SKey(){}
+ virtual ~SKey(){}
+protected:
+};
+
+class AKey : public GKey {
+public:
+ AKey(){}
+ virtual ~AKey(){}
+protected:
+};
+
+} // namespace TZ
+} // namespace Crypto
+} // namespace CKM
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file store.cpp
+ * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#include <dpl/log/log.h>
+
+#include <generic-backend/exception.h>
+#include <tz-backend/key.h>
+#include <tz-backend/store.h>
+
+namespace CKM {
+namespace Crypto {
+namespace TZ {
+
+Store::Store(CryptoBackend backendId)
+ : GStore(backendId)
+{}
+
+GKeyShPtr Store::getKey(const Token &) {
+ LogError("Trust zone backend is not implemented!");
+ ThrowMsg(Exception::Base, "Trust zone backend is not implemented!");
+}
+
+Token Store::import(DataType, const RawBuffer &) {
+ LogError("Trust zone backend is not implemented!");
+ ThrowMsg(Exception::Base, "Trust zone backend is not implemented!");
+}
+
+} // namespace TZ
+} // namespace Crypto
+} // namespace CKM
+
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+/*
+ * @file store.h
+ * @author Bartłomiej Grzelewski (b.grzelewski@samsung.com)
+ * @version 1.0
+ */
+#pragma once
+
+#include <generic-backend/gkey.h>
+#include <generic-backend/gstore.h>
+
+namespace CKM {
+namespace Crypto {
+namespace TZ {
+
+class Store : public GStore {
+public:
+ explicit Store(CryptoBackend backendId);
+
+ virtual GKeyShPtr getKey(const Token &token);
+ virtual Token import(DataType dataType, const RawBuffer &buffer);
+ virtual void destroy(const Token &){}
+};
+
+} // namespace TZ
+} // namespace Crypto
+} // namespace CKM
+