Skip to main content

hyde_software/
lib.rs

1use hyde_core::{
2    backend::{BackendType, TeeBackend, WrappedKey},
3    error::{HydeError, Result},
4};
5
6/// Software-only fallback backend (stub in Phase 1).
7///
8/// WARNING: Unlike hardware TEE backends, key material in memory is
9/// readable by the OS and any privileged process.
10pub struct SoftwareBackend;
11
12impl SoftwareBackend {
13    pub fn new() -> Self {
14        tracing::warn!(
15            "SoftwareBackend provides no hardware protection. \
16             Secrets are NOT protected from privileged access."
17        );
18        Self
19    }
20}
21
22impl TeeBackend for SoftwareBackend {
23    fn is_available() -> bool {
24        true
25    }
26
27    fn initialize_primary_key(&mut self) -> Result<()> {
28        Err(HydeError::NoHardware)
29    }
30
31    fn generate_data_key(&mut self) -> Result<WrappedKey> {
32        Err(HydeError::NoHardware)
33    }
34
35    fn seal(&mut self, _key: &WrappedKey, _data: &[u8]) -> Result<Vec<u8>> {
36        Err(HydeError::NoHardware)
37    }
38
39    fn unseal(&mut self, _key: &WrappedKey, _sealed: &[u8]) -> Result<Vec<u8>> {
40        Err(HydeError::NoHardware)
41    }
42
43    fn backend_type(&self) -> BackendType {
44        BackendType::Software
45    }
46}