| #include <common.h> |
| #include <config.h> |
| #include <asm/arch/cpu.h> |
| #include <config.h> |
| #include <asm/memory.h> |
| #include <asm/io.h> |
| #include <malloc.h> |
| #include <power/asr1802s_freq.h> |
| #include <asm/arch/asr1901.h> |
| #include "../../geu/asr_geu.h" |
| #include "asr_bcm.h" |
| #include "asr_cipher.h" |
| |
| #define WORK_BUF_SIZE 2048 |
| #define PAGE_SIZE 4096 |
| |
| /* |
| notice: 1) use hardware key if burned hardware key; |
| 1) use input key if not burned hardware key but input key not null; |
| 2) use default key if not burned rkek but input key is null; |
| char default_key[64] = {"asr-aes-default-key-without-rkek"}; |
| */ |
| static const char default_key[64] = {"asr-aes-default-key-without-rkek"}; |
| |
| static void crypto_aes_sw_reset(void) |
| { |
| uint32_t val; |
| |
| val = 0x1; |
| bcm_write32(CRYPTO_AES_CONTROL_REG, val); |
| val = 0x0; |
| bcm_write32(CRYPTO_AES_CONTROL_REG, val); |
| |
| return; |
| } |
| |
| static void crypto_aes_start(void) |
| { |
| uint32_t val; |
| |
| val = 0x1; |
| bcm_write32(CRYPTO_AES_COMMAND_REG, val); |
| |
| return; |
| } |
| |
| static int crypto_aes_wait(void) |
| { |
| uint32_t val; |
| |
| val = bcm_read32(CRYPTO_AES_INTRPT_SRC_REG); |
| bcm_write32(CRYPTO_AES_INTRPT_SRC_REG, val); |
| |
| return 0; |
| } |
| |
| static int crypto_engine_select(CRYPTO_ENG_SEL_T engine) |
| { |
| uint32_t val; |
| |
| val = bcm_read32(CRYPTO_ENGINE_SEL_REG); |
| val &= ~0x3; |
| |
| switch (engine) { |
| case ENG_AES: |
| val |= 0x1; |
| break; |
| case ENG_DES: |
| val |= 0x2; |
| break; |
| case ENG_RC4: |
| val |= 0x3; |
| break; |
| default: |
| printf("Illegal engine %d\n", engine); |
| return -1; |
| } |
| |
| bcm_write32(CRYPTO_ENGINE_SEL_REG, val); |
| |
| return 0; |
| } |
| |
| static int crypto_aes_set_iv(const uint8_t *iv) |
| { |
| uint32_t val; |
| int reg_index; |
| |
| if (iv == NULL) |
| return -1; |
| |
| for (reg_index = 0; reg_index < 4; reg_index++) { |
| val = ((iv[(reg_index << 2) +0] & 0xFF) << 0) | \ |
| ((iv[(reg_index << 2) + 1] & 0xFF) << 8) | \ |
| ((iv[(reg_index << 2) + 2] & 0xFF) << 16) | \ |
| ((iv[(reg_index << 2) + 3] & 0xFF) << 24); |
| bcm_write32(CRYPTO_IV_REG(reg_index), val); |
| } |
| |
| return 0; |
| } |
| |
| static int crypto_aes_get_iv(uint8_t *iv) |
| { |
| uint32_t val; |
| int reg_index; |
| |
| if (iv == NULL) |
| return -1; |
| |
| for (reg_index = 0; reg_index < 4; reg_index++) { |
| val = bcm_read32(CRYPTO_IV_REG(reg_index)); |
| iv[(reg_index << 2) +0] = val & 0xFF; |
| iv[(reg_index << 2) +1] = (val >> 8) & 0xFF; |
| iv[(reg_index << 2) +2] = (val >> 16) & 0xFF; |
| iv[(reg_index << 2) +3] = (val >> 24) & 0xFF; |
| } |
| |
| return 0; |
| } |
| |
| static int crypto_aes_set_mode(AES_MODE_T mode, |
| AES_OP_MODE_T op_mode, |
| AES_KEY_LEN_T keylen, bool use_rkey) |
| { |
| uint32_t val; |
| |
| crypto_engine_select(ENG_AES); |
| |
| val = bcm_read32(CRYPTO_AES_CONFIG_REG); |
| val &= ~(0x7 << 0x3); |
| switch (mode) { |
| case AES_ECB_ALG: |
| val |= (0x0 << 0x3); |
| break; |
| case AES_CBC_ALG: |
| val |= (0x1 << 0x3); |
| break; |
| case AES_CTR_ALG: |
| val |= (0x2 << 0x3); |
| break; |
| case AES_XTS_ALG: |
| val |= (0x3 << 0x3); |
| break; |
| case AES_KEYWRAP: |
| val |= (0x4 << 0x3); |
| break; |
| default: |
| printf("Illegal aes mode %d\n", mode); |
| return -1; |
| } |
| |
| val &= ~(0x3 << 0x1); |
| switch (keylen) { |
| case AES_128: |
| val |= (0x0 << 0x1); |
| break; |
| case AES_192: |
| val |= (0x2 << 0x1); |
| break; |
| case AES_256: |
| val |= (0x1 << 0x1); |
| break; |
| default: |
| printf("Illegal aes keylen %d\n", mode); |
| return -1; |
| } |
| |
| val &= ~(0x1 << 0x0); |
| if (op_mode == AES_DECRYPT_OP) { |
| val |= (0x1 << 0x0); |
| } else { |
| val |= (0x0 << 0x0); |
| } |
| |
| val &= ~(0x1 << 0x6); |
| if (use_rkey == false) { |
| val |= (0x0 << 0x6); |
| } else { |
| val |= (0x1 << 0x6); |
| } |
| |
| bcm_write32(CRYPTO_AES_CONFIG_REG, val); |
| |
| return 0; |
| } |
| |
| static int crypto_aes_set_key1(const uint8_t *key, AES_KEY_LEN_T keylen) |
| { |
| uint32_t val; |
| int reg_index, key_end; |
| |
| if (!key) |
| return 0; |
| |
| switch (keylen) { |
| case AES_128: |
| key_end = 4; |
| break; |
| case AES_192: |
| key_end = 6; |
| break; |
| case AES_256: |
| key_end = 8; |
| break; |
| default: |
| key_end = 0; |
| printf("Illegal aes keylen %d\n", keylen); |
| return -1; |
| } |
| |
| for (reg_index = 0; reg_index < 8; reg_index++) { |
| if (reg_index < key_end) { |
| val = ((key[(reg_index << 2) +0] & 0xFF) << 0) | \ |
| ((key[(reg_index << 2) + 1] & 0xFF) << 8) | \ |
| ((key[(reg_index << 2) + 2] & 0xFF) << 16) | \ |
| ((key[(reg_index << 2) + 3] & 0xFF) << 24); |
| } else { |
| val = 0; |
| } |
| bcm_write32(CRYPTO_K1_W_REG(reg_index), val); |
| } |
| |
| return 0; |
| } |
| |
| static int crypto_aes_set_key2(const uint8_t *key, AES_KEY_LEN_T keylen) |
| { |
| uint32_t val; |
| int reg_index, key_end; |
| |
| if (!key) |
| return 0; |
| |
| switch (keylen) { |
| case AES_128: |
| key_end = 4; |
| break; |
| case AES_192: |
| key_end = 6; |
| break; |
| case AES_256: |
| key_end = 8; |
| break; |
| default: |
| key_end = 0; |
| printf("Illegal aes keylen %d\n", keylen); |
| return -1; |
| } |
| |
| for (reg_index = 0; reg_index < 8; reg_index++) { |
| if (reg_index < key_end) { |
| val = ((key[(reg_index << 2) +0] & 0xFF) << 0) | \ |
| ((key[(reg_index << 2) + 1] & 0xFF) << 8) | \ |
| ((key[(reg_index << 2) + 2] & 0xFF) << 16) | \ |
| ((key[(reg_index << 2) + 3] & 0xFF) << 24); |
| } else { |
| val = 0; |
| } |
| bcm_write32(CRYPTO_K2_W_REG(reg_index), val); |
| } |
| |
| return 0; |
| } |
| |
| static void __maybe_unused free_dma_chain(DMA_DESC_T *header) |
| { |
| DMA_DESC_T *p = header, *q = NULL; |
| |
| while(p) { |
| if (p->next_desc) { |
| q = (DMA_DESC_T *)p->next_desc; |
| free(p); |
| p = q; |
| } else { |
| free(p); |
| break; |
| } |
| } |
| |
| return; |
| } |
| |
| static DMA_DESC_T __maybe_unused *alloc_dma_chain(uint32_t vaddr, uint32_t size) |
| { |
| uint32_t paddr_s = virt_to_phys((void *)vaddr); |
| uint32_t paddr_e = virt_to_phys((void *)(vaddr + size)); |
| DMA_DESC_T *header = NULL; |
| DMA_DESC_T *p = NULL, *q = NULL; |
| uint32_t vaddr_tmp = vaddr; |
| |
| /* descriptor must be aligned to 16 bytes */ |
| header = memalign(16, sizeof(DMA_DESC_T)); |
| if (header == NULL) { |
| printf("Failed to malloc struct dma desc header !"); |
| return NULL; |
| } |
| |
| /* handle continous physical memory area */ |
| if (paddr_s + size == paddr_e) { |
| header->paddr = (uint32_t) paddr_s; |
| header->size = size >> 2; |
| header->next_desc = 0; |
| header->reserved = 0; |
| flush_dcache_range((unsigned long)header, (unsigned long)header + sizeof(DMA_DESC_T)); |
| return header; |
| } |
| |
| /* handle non-continous physical memory area */ |
| p = header; |
| header->paddr = (uint32_t) paddr_s; |
| header->size = ((uint32_t)(PAGE_SIZE - (paddr_s & (PAGE_SIZE - 1)))) >> 2; |
| header->next_desc = 0; |
| header->reserved = 0; |
| |
| while (1) { |
| if ((p->paddr + (p->size << 2)) == virt_to_phys((void *)(vaddr_tmp + (p->size << 2)))) |
| p->size += PAGE_SIZE >> 2; |
| else { |
| vaddr_tmp += (p->size << 2); |
| /* descriptor must be aligned to 16 bytes */ |
| q = memalign(16, sizeof(DMA_DESC_T)); |
| if (q == NULL) { |
| printf("Failed to malloc struct dma desc item!"); |
| free_dma_chain(header); |
| return NULL; |
| } |
| q->paddr = (uint32_t)virt_to_phys((void *)vaddr_tmp); |
| q->size = PAGE_SIZE >> 2; |
| q->next_desc = 0; |
| p->next_desc = (uint32_t)(virt_to_phys(q)); |
| flush_dcache_range((unsigned long)p, (unsigned long)p + sizeof(DMA_DESC_T)); |
| p = q; |
| } |
| if (p->paddr + (p->size << 2) > paddr_e) { |
| p->size -= ((uint32_t)(PAGE_SIZE - (paddr_e & (PAGE_SIZE - 1)))) >> 2; |
| flush_dcache_range((unsigned long)p, (unsigned long)p + sizeof(DMA_DESC_T)); |
| break; |
| } |
| } |
| |
| return header; |
| } |
| |
| static int aes_nblocks(AES_OP_MODE_T op_mode, const unsigned char *in , unsigned char *out, |
| unsigned long blocks, const symmetric_key *skey1, const symmetric_key *skey2, |
| AES_MODE_T mode, uint8_t *iv) |
| { |
| int ret; |
| int key_real_length; |
| int hwkey_select; |
| uint32_t pos, timeout = 100; |
| uint32_t start_time, current_time; |
| uint8_t tmp[16]; |
| DMA_DESC_T *in_list, *out_list; |
| uint8_t *key_data; |
| |
| /* save last block of in for encryption result check */ |
| pos = (blocks - 1) * 16; |
| memcpy(tmp, in + pos, 16); |
| memcpy(out + pos, in + pos, 16); |
| |
| in_list = alloc_dma_chain((uint32_t)in, blocks << 4); |
| if (!in_list) |
| return -1; |
| |
| out_list = alloc_dma_chain((uint32_t)out, blocks << 4); |
| if (!out_list) { |
| free_dma_chain(in_list); |
| return -1; |
| } |
| |
| bcm_enable(1); |
| |
| adec_engine_hw_reset(ACC_ENG_DMA); |
| adec_engine_hw_reset(ACC_ENG_CRYPTO); |
| abus_set_mode(ABUS_GRP_A_HASH, ABUS_GRP_B_AES, ABUS_STRAIGHT, ABUS_STRAIGHT); |
| crypto_aes_sw_reset(); |
| |
| /* HW requires abs(rid - wid) > 2 */ |
| dma_input_config(0, 0); |
| dma_output_config(0, 4); |
| ret = dma_input_address((uint32_t)virt_to_phys((void *)in_list), 0, true); |
| if (ret != 0) { |
| printf("dma_input_address error."); |
| ret = -1; |
| goto error; |
| } |
| |
| ret = dma_output_address((uint32_t)virt_to_phys((void *)out_list), 0, true); |
| if (ret != 0) { |
| printf("dma_input_address error."); |
| ret = -1; |
| goto error; |
| } |
| |
| /* Process key1 */ |
| if (skey1 == NULL) { |
| printf("skey1 == NULL."); |
| ret = -1; |
| goto error; |
| } |
| key_real_length = skey1->rijndael.Nr & ~(0x3); |
| hwkey_select = skey1->rijndael.Nr & 0x3; |
| |
| if (op_mode == AES_ENCRYPT_OP) { |
| key_data = (uint8_t *)skey1->rijndael.eK; |
| } else if (op_mode == AES_DECRYPT_OP) { |
| key_data = (uint8_t *)skey1->rijndael.dK; |
| } else { |
| ret = -1; |
| goto error; |
| } |
| |
| switch (hwkey_select) { |
| case EXT_KEY: /* use provide key */ |
| ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, false); |
| if (ret) { |
| printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \ |
| mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| ret = crypto_aes_set_key1(key_data, key_real_length / BYTES_TO_BITS); |
| if (ret) { |
| printf("crypto_aes_set_key1 error. hwkey_select = %d, key_real_length = %d, \ |
| mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| break; |
| case RK_KEY: /* use root key */ |
| ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, true); |
| if (ret) { |
| printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \ |
| mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| writel((readl(ASR1901_CIU_BASE + 0x5C) & ~(1 << 22)), ASR1901_CIU_BASE + 0x5C); |
| break; |
| case SSK_KEY: /* use ssk key */ |
| ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, true); |
| if (ret) { |
| printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \ |
| mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| writel((readl(ASR1901_CIU_BASE + 0x5C) | (1 << 22)), ASR1901_CIU_BASE + 0x5C); |
| break; |
| default: |
| ret = -1; |
| printf("invalid hwkey_select. hwkey_select = %d, key_real_length = %d, \ |
| mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| |
| /* Process IV and XTS key2 here */ |
| switch(mode) { |
| case AES_XTS_ALG: |
| if (skey2 == NULL) { |
| printf("skey2 == NULL, mode = %d", mode); |
| ret = -1; |
| goto error; |
| } |
| key_real_length = skey2->rijndael.Nr & ~(0x3); |
| ret = crypto_aes_set_key2((uint8_t *)skey2->rijndael.eK, key_real_length / BYTES_TO_BITS); |
| if (ret) { |
| printf("crypto_aes_set_key2 error. hwkey_select = %d, key_real_length = %d, mode = %d", hwkey_select, key_real_length, mode); |
| goto error; |
| } |
| break; |
| case AES_CBC_ALG: |
| case AES_CTR_ALG: |
| ret = crypto_aes_set_iv(iv); |
| if (ret != 0) { |
| printf("crypto_aes_set_iv failure. mode = %d, ret = 0x%x", mode ,ret); |
| goto error; |
| } |
| break; |
| case AES_ECB_ALG: |
| break; |
| default: |
| printf("Illegal aes mode %d\n", mode); |
| goto error; |
| } |
| |
| bcm_write32(CRYPTO_AES_STREAM_SIZE_REG, blocks << 4); |
| flush_dcache_range((unsigned long)in, (unsigned long)in + blocks << 4); |
| flush_dcache_range((unsigned long)out, (unsigned long)in + blocks << 4); |
| |
| dma_output_start(); |
| udelay(1); |
| crypto_aes_start(); |
| udelay(1); |
| dma_input_start(); |
| |
| ret = dma_wait_output_finish(); |
| if (ret) |
| goto error; |
| |
| ret = crypto_aes_wait(); |
| if (ret) |
| goto error; |
| |
| ret = dma_wait_input_finish(); |
| if (ret) |
| goto error; |
| |
| /* Process IV */ |
| switch(mode) { |
| case AES_XTS_ALG: |
| case AES_CBC_ALG: |
| case AES_CTR_ALG: |
| ret = crypto_aes_get_iv(iv); |
| if (ret != 0) { |
| printf("crypto_aes_get_iv failure. mode = %d, ret = 0x%x", mode, ret); |
| goto error; |
| } |
| break; |
| case AES_ECB_ALG: |
| break; |
| default: |
| printf("Illegal aes mode %d\n", mode); |
| goto error; |
| } |
| |
| /* make sure dma data transfered to DDR by checking last block of out changes */ |
| start_time = get_timer(0); |
| if (ret != 0) |
| goto error; |
| while (!memcmp(out + pos, tmp, 16)) { |
| flush_dcache_range((unsigned long)(out+pos), (unsigned long)(out+pos) + 16); |
| |
| current_time = get_timer(0); |
| if (current_time - start_time > timeout) { |
| printf("Encryption: plaintext ciphertext are the same !!!"); |
| break; |
| } |
| } |
| |
| free_dma_chain(in_list); |
| free_dma_chain(out_list); |
| bcm_enable(0); |
| return 0; |
| error: |
| free_dma_chain(in_list); |
| free_dma_chain(out_list); |
| printf("aes_nblocks error = 0x%x",ret); |
| bcm_enable(0); |
| return -1; |
| } |
| |
| /* ciphers */ |
| static int se_rijndael_setup_internal(const unsigned char *key, int keylen, symmetric_key *skey) |
| { |
| int key_real_length; |
| int hwkey_select; |
| int err; |
| |
| if (!skey || keylen <= 0) { |
| err = -1; |
| goto error; |
| } |
| |
| key_real_length = keylen & ~(0x3); |
| hwkey_select = keylen & 0x3; |
| switch (hwkey_select) { |
| case EXT_KEY: /* use provide key */ |
| if ((!key) || (key_real_length > (int)(BYTES_TO_BITS * sizeof(skey->rijndael.eK))) |
| || (key_real_length > (int)(BYTES_TO_BITS * sizeof(skey->rijndael.dK)))) { |
| err = -1; |
| goto error; |
| } |
| memcpy(skey->rijndael.eK, key, key_real_length / BYTES_TO_BITS); |
| memcpy(skey->rijndael.dK, key, key_real_length / BYTES_TO_BITS); |
| break; |
| case RK_KEY: /* use huk */ |
| case SSK_KEY: /* use ssk */ |
| skey->rijndael.Nr = keylen; |
| break; |
| default: |
| err = -1; |
| goto error; |
| } |
| |
| return 0; |
| |
| error: |
| printf("rijndael_setup_internal error = %d. [keylen = %d]", err, keylen); |
| return err; |
| } |
| |
| static int se_rijndael_setup(const unsigned char *key, int keylen, symmetric_key *skey) |
| { |
| return se_rijndael_setup_internal(key, (((keylen & ~0x3) * BYTES_TO_BITS) | (keylen & 0x3)), skey); |
| } |
| |
| static int se_rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey) |
| { |
| return aes_nblocks(AES_DECRYPT_OP, ct, pt, 1, skey, NULL, AES_ECB_ALG, NULL); |
| } |
| |
| static int _aes_handle_noalign(AES_OP_MODE_T op_mode, const unsigned char *in, unsigned char *out, |
| uint32_t length, const symmetric_key *skey1, const symmetric_key *skey2, |
| AES_MODE_T mode, uint8_t *iv) |
| { |
| int ret = 0; |
| uint32_t len_bytes = (length + 0xf) & (~0xf); |
| uint8_t *in_cpy = NULL, *out_cpy = NULL; |
| uint8_t *in_work = NULL, *out_work = NULL; |
| uint8_t *aligned_buf_in = NULL, *aligned_buf_out = NULL; |
| int size; |
| |
| if (((uint32_t)out & 0x3) || ((uint32_t)in & 0x3) || (len_bytes > length)) { |
| in_cpy = (uint8_t *)in; |
| out_cpy = (uint8_t *)out; |
| |
| /* if length is not a multiple of 16, zero padding */ |
| if (((uint32_t)in & 0x3) || (len_bytes > length)) { |
| aligned_buf_in = malloc(MIN((int)len_bytes, WORK_BUF_SIZE)); |
| if (!aligned_buf_in) |
| return -1; |
| memset(aligned_buf_in, 0, MIN((int)len_bytes, WORK_BUF_SIZE)); |
| } |
| |
| if (((uint32_t)out & 0x3) || (len_bytes > length)) { |
| aligned_buf_out = malloc(MIN((int)len_bytes, WORK_BUF_SIZE)); |
| if (!aligned_buf_out) |
| return -1; |
| } |
| |
| while (len_bytes) { |
| size = MIN((int)len_bytes, WORK_BUF_SIZE); |
| |
| if ((uint32_t)in & 0x3) { |
| memcpy(aligned_buf_in, in_cpy, size); |
| in_work = aligned_buf_in; |
| } else { |
| in_work = in_cpy; |
| } |
| |
| if ((uint32_t)out & 0x3) { |
| memset(aligned_buf_out, 0x0, size); |
| out_work = aligned_buf_out; |
| } else { |
| out_work = out_cpy; |
| } |
| |
| ret = aes_nblocks(op_mode, in_work, out_work, size >> 4, skey1, skey2, mode, iv); |
| if (ret != 0) |
| goto exit; |
| |
| if ((uint32_t) out & 0x3) |
| memcpy(out_cpy, aligned_buf_out, size); |
| |
| if (mode == AES_XTS_ALG && len_bytes != 0 && (len_bytes > WORK_BUF_SIZE)) { |
| symmetric_key *skey_local = malloc(sizeof(symmetric_key)); |
| if (!skey_local) { |
| printf("Out of memory in allocating symmetric key !"); |
| ret = -1; |
| goto exit; |
| } |
| |
| ret = se_rijndael_setup((uint8_t *)skey2->rijndael.eK, |
| (skey2->rijndael.Nr/BYTES_TO_BITS), skey_local); |
| if (ret != 0) { |
| free(skey_local); |
| goto exit; |
| } |
| |
| ret = se_rijndael_ecb_decrypt(iv, iv, skey_local); |
| if (ret != 0) { |
| free(skey_local); |
| goto exit; |
| } |
| |
| free(skey_local); |
| } |
| |
| out_cpy += size; |
| in_cpy += size; |
| len_bytes -= size; |
| } |
| exit: |
| if (aligned_buf_in) |
| free(aligned_buf_in); |
| if (aligned_buf_out) |
| free(aligned_buf_out); |
| } else { |
| ret = aes_nblocks(op_mode, in, out, len_bytes >> 4, skey1, skey2, mode, iv); |
| } |
| |
| return ret; |
| } |
| |
| static int aes_handle_noalign(AES_MODE_T mode, AES_OP_MODE_T op_mode, AES_KEY_SELECT_T key_select, |
| const uint8_t *key1, uint32_t keylen1, const uint8_t *key2, uint32_t keylen2, |
| const unsigned char *in, unsigned char *out, uint32_t size, uint8_t *iv) |
| { |
| int ret; |
| symmetric_key *pskey1, *pskey2; |
| |
| pskey1 = malloc(sizeof(symmetric_key)); |
| if (!pskey1) { |
| return -1; |
| } |
| |
| pskey2 = malloc(sizeof(symmetric_key)); |
| if (!pskey2) { |
| free(pskey1); |
| return -1; |
| } |
| |
| memset(pskey1, 0, sizeof(symmetric_key)); |
| memset(pskey1, 0, sizeof(symmetric_key)); |
| |
| if (op_mode == AES_ENCRYPT_OP) { |
| pskey1->rijndael.eK = (uint32_t *)key1; |
| } else if (op_mode == AES_DECRYPT_OP) { |
| pskey1->rijndael.dK = (uint32_t *)key1; |
| } |
| |
| if (key_select == EXT_KEY) { |
| pskey1->rijndael.Nr = (keylen1 * BYTES_TO_BITS) & (~0x3); |
| } else if (key_select == RK_KEY) { |
| pskey1->rijndael.Nr = keylen1 * BYTES_TO_BITS | 0x1; |
| } else if (key_select == SSK_KEY) { |
| pskey1->rijndael.Nr = keylen1 * BYTES_TO_BITS | 0x2; |
| } else { |
| return -1; |
| } |
| |
| if (mode == AES_XTS_ALG) { |
| if (op_mode == AES_ENCRYPT_OP) { |
| pskey2->rijndael.eK = (uint32_t *)key2; |
| pskey2->rijndael.Nr = keylen2 * BYTES_TO_BITS; |
| } else if (op_mode == AES_DECRYPT_OP) { |
| pskey2->rijndael.dK = (uint32_t *)key2; |
| pskey2->rijndael.Nr = keylen2 * BYTES_TO_BITS; |
| } |
| ret = _aes_handle_noalign(op_mode, in, out, size, pskey1, pskey2, mode, iv); |
| } else { |
| ret = _aes_handle_noalign(op_mode, in, out, size, pskey1, NULL, mode, iv); |
| } |
| |
| free(pskey1); |
| free(pskey2); |
| return ret; |
| } |
| |
| static int asr_kestrl_rkek_fused(void) |
| { |
| uint32_t val; |
| |
| /* If RKEK is burned, SW access to it must be disabled as well */ |
| /* check if LCS_DM is burned */ |
| val = geu_read32(GEU_KSTR_BANK6_LCS); |
| val >>= GEU_KSTR_LCS_DM_BASE; |
| val &= GEU_KSTR_LCS_MASK; |
| if (hweight32(val) > 1) |
| return 1; |
| |
| return 0; |
| } |
| |
| /* cipher */ |
| int aes_ecb_encrypt_bcm(uint8_t *key, uint32_t key_len, bool use_rkek, |
| void *in, void *out, uint32_t size) |
| { |
| uint8_t *use_key; |
| AES_KEY_SELECT_T key_select; |
| |
| if ((key_len > 32) && (key_len < 16)) { |
| printf("err: aes ecb encrypt key len %d\n", key_len); |
| return -1; |
| } |
| |
| if ((key == NULL) && (use_rkek == false)) { |
| printf("%s error: key can't NULL when not use rkek\n", __func__); |
| return -1; |
| } |
| |
| if (!asr_kestrl_rkek_fused()) { |
| if (key == NULL) { |
| use_key = (uint8_t *)default_key; |
| } else { |
| use_key = key; |
| } |
| key_select = EXT_KEY; |
| } else { |
| if (use_rkek) { |
| use_key = NULL; |
| key_select = RK_KEY; |
| } else { |
| use_key = key; |
| key_select = EXT_KEY; |
| } |
| } |
| |
| return aes_handle_noalign(AES_ECB_ALG, AES_ENCRYPT_OP, key_select, |
| use_key, key_len, NULL, 0, in, out, size, NULL); |
| } |
| |
| int aes_ecb_decrypt_bcm(uint8_t *key, uint32_t key_len, bool use_rkek, |
| void *in, void *out, uint32_t size) |
| { |
| uint8_t *use_key; |
| AES_KEY_SELECT_T key_select; |
| |
| if ((key_len > 32) && (key_len < 16)) { |
| printf("err: aes ecb encrypt key len %d\n", key_len); |
| return -1; |
| } |
| |
| if ((key == NULL) && (use_rkek == false)) { |
| printf("%s error: key can't NULL when not use rkek\n", __func__); |
| return -1; |
| } |
| |
| if (!asr_kestrl_rkek_fused()) { |
| if (key == NULL) { |
| use_key = (uint8_t *)default_key; |
| } else { |
| use_key = key; |
| } |
| key_select = EXT_KEY; |
| } else { |
| if (use_rkek) { |
| use_key = NULL; |
| key_select = RK_KEY; |
| } else { |
| use_key = key; |
| key_select = EXT_KEY; |
| } |
| } |
| |
| return aes_handle_noalign(AES_ECB_ALG, AES_DECRYPT_OP, key_select, |
| use_key, key_len, NULL, 0, in, out, size, NULL); |
| } |
| |
| int aes_cbc_encrypt_bcm(uint8_t *iv, uint8_t *key, uint32_t key_len, |
| bool use_rkek, void *in, void *out, uint32_t size) |
| { |
| uint8_t *use_key; |
| AES_KEY_SELECT_T key_select; |
| |
| if ((key_len > 32) && (key_len < 16)) { |
| printf("err: aes ecb encrypt key len %d\n", key_len); |
| return -1; |
| } |
| |
| if ((key == NULL) && (use_rkek == false)) { |
| printf("%s error: key can't NULL when not use rkek\n", __func__); |
| return -1; |
| } |
| |
| if (!asr_kestrl_rkek_fused()) { |
| if (key == NULL) { |
| use_key = (uint8_t *)default_key; |
| } else { |
| use_key = key; |
| } |
| key_select = EXT_KEY; |
| } else { |
| if (use_rkek) { |
| use_key = NULL; |
| key_select = RK_KEY; |
| } else { |
| use_key = key; |
| key_select = EXT_KEY; |
| } |
| } |
| |
| return aes_handle_noalign(AES_CBC_ALG, AES_ENCRYPT_OP, key_select, |
| use_key, key_len, NULL, 0, in, out, size, iv); |
| } |
| |
| int aes_cbc_decrypt_bcm(uint8_t *iv, uint8_t *key, uint32_t key_len, |
| bool use_rkek, void *in, void *out, uint32_t size) |
| { |
| uint8_t *use_key; |
| AES_KEY_SELECT_T key_select; |
| |
| if ((key_len > 32) && (key_len < 16)) { |
| printf("err: aes ecb encrypt key len %d\n", key_len); |
| return -1; |
| } |
| |
| if ((key == NULL) && (use_rkek == false)) { |
| printf("%s error: key can't NULL when not use rkek\n", __func__); |
| return -1; |
| } |
| |
| if (!asr_kestrl_rkek_fused()) { |
| if (key == NULL) { |
| use_key = (uint8_t *)default_key; |
| } else { |
| use_key = key; |
| } |
| key_select = EXT_KEY; |
| } else { |
| if (use_rkek) { |
| use_key = NULL; |
| key_select = RK_KEY; |
| } else { |
| use_key = key; |
| key_select = EXT_KEY; |
| } |
| } |
| |
| return aes_handle_noalign(AES_CBC_ALG, AES_DECRYPT_OP, key_select, |
| use_key, key_len, NULL, 0, in, out, size, iv); |
| } |