blob: d8ea6c132f3c06f6aae47a65ff4b1f158f006400 [file] [log] [blame]
#include <common.h>
#include <config.h>
#include <asm/arch/cpu.h>
#include <config.h>
#include <asm/memory.h>
#include <asm/io.h>
#include <malloc.h>
#include <power/asr1802s_freq.h>
#include <asm/arch/asr1901.h>
#include "../../geu/asr_geu.h"
#include "asr_bcm.h"
#include "asr_cipher.h"
#define WORK_BUF_SIZE 2048
#define PAGE_SIZE 4096
/*
notice: 1) use hardware key if burned hardware key;
1) use input key if not burned hardware key but input key not null;
2) use default key if not burned rkek but input key is null;
char default_key[64] = {"asr-aes-default-key-without-rkek"};
*/
static const char default_key[64] = {"asr-aes-default-key-without-rkek"};
static void crypto_aes_sw_reset(void)
{
uint32_t val;
val = 0x1;
bcm_write32(CRYPTO_AES_CONTROL_REG, val);
val = 0x0;
bcm_write32(CRYPTO_AES_CONTROL_REG, val);
return;
}
static void crypto_aes_start(void)
{
uint32_t val;
val = 0x1;
bcm_write32(CRYPTO_AES_COMMAND_REG, val);
return;
}
static int crypto_aes_wait(void)
{
uint32_t val;
val = bcm_read32(CRYPTO_AES_INTRPT_SRC_REG);
bcm_write32(CRYPTO_AES_INTRPT_SRC_REG, val);
return 0;
}
static int crypto_engine_select(CRYPTO_ENG_SEL_T engine)
{
uint32_t val;
val = bcm_read32(CRYPTO_ENGINE_SEL_REG);
val &= ~0x3;
switch (engine) {
case ENG_AES:
val |= 0x1;
break;
case ENG_DES:
val |= 0x2;
break;
case ENG_RC4:
val |= 0x3;
break;
default:
printf("Illegal engine %d\n", engine);
return -1;
}
bcm_write32(CRYPTO_ENGINE_SEL_REG, val);
return 0;
}
static int crypto_aes_set_iv(const uint8_t *iv)
{
uint32_t val;
int reg_index;
if (iv == NULL)
return -1;
for (reg_index = 0; reg_index < 4; reg_index++) {
val = ((iv[(reg_index << 2) +0] & 0xFF) << 0) | \
((iv[(reg_index << 2) + 1] & 0xFF) << 8) | \
((iv[(reg_index << 2) + 2] & 0xFF) << 16) | \
((iv[(reg_index << 2) + 3] & 0xFF) << 24);
bcm_write32(CRYPTO_IV_REG(reg_index), val);
}
return 0;
}
static int crypto_aes_get_iv(uint8_t *iv)
{
uint32_t val;
int reg_index;
if (iv == NULL)
return -1;
for (reg_index = 0; reg_index < 4; reg_index++) {
val = bcm_read32(CRYPTO_IV_REG(reg_index));
iv[(reg_index << 2) +0] = val & 0xFF;
iv[(reg_index << 2) +1] = (val >> 8) & 0xFF;
iv[(reg_index << 2) +2] = (val >> 16) & 0xFF;
iv[(reg_index << 2) +3] = (val >> 24) & 0xFF;
}
return 0;
}
static int crypto_aes_set_mode(AES_MODE_T mode,
AES_OP_MODE_T op_mode,
AES_KEY_LEN_T keylen, bool use_rkey)
{
uint32_t val;
crypto_engine_select(ENG_AES);
val = bcm_read32(CRYPTO_AES_CONFIG_REG);
val &= ~(0x7 << 0x3);
switch (mode) {
case AES_ECB_ALG:
val |= (0x0 << 0x3);
break;
case AES_CBC_ALG:
val |= (0x1 << 0x3);
break;
case AES_CTR_ALG:
val |= (0x2 << 0x3);
break;
case AES_XTS_ALG:
val |= (0x3 << 0x3);
break;
case AES_KEYWRAP:
val |= (0x4 << 0x3);
break;
default:
printf("Illegal aes mode %d\n", mode);
return -1;
}
val &= ~(0x3 << 0x1);
switch (keylen) {
case AES_128:
val |= (0x0 << 0x1);
break;
case AES_192:
val |= (0x2 << 0x1);
break;
case AES_256:
val |= (0x1 << 0x1);
break;
default:
printf("Illegal aes keylen %d\n", mode);
return -1;
}
val &= ~(0x1 << 0x0);
if (op_mode == AES_DECRYPT_OP) {
val |= (0x1 << 0x0);
} else {
val |= (0x0 << 0x0);
}
val &= ~(0x1 << 0x6);
if (use_rkey == false) {
val |= (0x0 << 0x6);
} else {
val |= (0x1 << 0x6);
}
bcm_write32(CRYPTO_AES_CONFIG_REG, val);
return 0;
}
static int crypto_aes_set_key1(const uint8_t *key, AES_KEY_LEN_T keylen)
{
uint32_t val;
int reg_index, key_end;
if (!key)
return 0;
switch (keylen) {
case AES_128:
key_end = 4;
break;
case AES_192:
key_end = 6;
break;
case AES_256:
key_end = 8;
break;
default:
key_end = 0;
printf("Illegal aes keylen %d\n", keylen);
return -1;
}
for (reg_index = 0; reg_index < 8; reg_index++) {
if (reg_index < key_end) {
val = ((key[(reg_index << 2) +0] & 0xFF) << 0) | \
((key[(reg_index << 2) + 1] & 0xFF) << 8) | \
((key[(reg_index << 2) + 2] & 0xFF) << 16) | \
((key[(reg_index << 2) + 3] & 0xFF) << 24);
} else {
val = 0;
}
bcm_write32(CRYPTO_K1_W_REG(reg_index), val);
}
return 0;
}
static int crypto_aes_set_key2(const uint8_t *key, AES_KEY_LEN_T keylen)
{
uint32_t val;
int reg_index, key_end;
if (!key)
return 0;
switch (keylen) {
case AES_128:
key_end = 4;
break;
case AES_192:
key_end = 6;
break;
case AES_256:
key_end = 8;
break;
default:
key_end = 0;
printf("Illegal aes keylen %d\n", keylen);
return -1;
}
for (reg_index = 0; reg_index < 8; reg_index++) {
if (reg_index < key_end) {
val = ((key[(reg_index << 2) +0] & 0xFF) << 0) | \
((key[(reg_index << 2) + 1] & 0xFF) << 8) | \
((key[(reg_index << 2) + 2] & 0xFF) << 16) | \
((key[(reg_index << 2) + 3] & 0xFF) << 24);
} else {
val = 0;
}
bcm_write32(CRYPTO_K2_W_REG(reg_index), val);
}
return 0;
}
static void __maybe_unused free_dma_chain(DMA_DESC_T *header)
{
DMA_DESC_T *p = header, *q = NULL;
while(p) {
if (p->next_desc) {
q = (DMA_DESC_T *)p->next_desc;
free(p);
p = q;
} else {
free(p);
break;
}
}
return;
}
static DMA_DESC_T __maybe_unused *alloc_dma_chain(uint32_t vaddr, uint32_t size)
{
uint32_t paddr_s = virt_to_phys((void *)vaddr);
uint32_t paddr_e = virt_to_phys((void *)(vaddr + size));
DMA_DESC_T *header = NULL;
DMA_DESC_T *p = NULL, *q = NULL;
uint32_t vaddr_tmp = vaddr;
/* descriptor must be aligned to 16 bytes */
header = memalign(16, sizeof(DMA_DESC_T));
if (header == NULL) {
printf("Failed to malloc struct dma desc header !");
return NULL;
}
/* handle continous physical memory area */
if (paddr_s + size == paddr_e) {
header->paddr = (uint32_t) paddr_s;
header->size = size >> 2;
header->next_desc = 0;
header->reserved = 0;
flush_dcache_range((unsigned long)header, (unsigned long)header + sizeof(DMA_DESC_T));
return header;
}
/* handle non-continous physical memory area */
p = header;
header->paddr = (uint32_t) paddr_s;
header->size = ((uint32_t)(PAGE_SIZE - (paddr_s & (PAGE_SIZE - 1)))) >> 2;
header->next_desc = 0;
header->reserved = 0;
while (1) {
if ((p->paddr + (p->size << 2)) == virt_to_phys((void *)(vaddr_tmp + (p->size << 2))))
p->size += PAGE_SIZE >> 2;
else {
vaddr_tmp += (p->size << 2);
/* descriptor must be aligned to 16 bytes */
q = memalign(16, sizeof(DMA_DESC_T));
if (q == NULL) {
printf("Failed to malloc struct dma desc item!");
free_dma_chain(header);
return NULL;
}
q->paddr = (uint32_t)virt_to_phys((void *)vaddr_tmp);
q->size = PAGE_SIZE >> 2;
q->next_desc = 0;
p->next_desc = (uint32_t)(virt_to_phys(q));
flush_dcache_range((unsigned long)p, (unsigned long)p + sizeof(DMA_DESC_T));
p = q;
}
if (p->paddr + (p->size << 2) > paddr_e) {
p->size -= ((uint32_t)(PAGE_SIZE - (paddr_e & (PAGE_SIZE - 1)))) >> 2;
flush_dcache_range((unsigned long)p, (unsigned long)p + sizeof(DMA_DESC_T));
break;
}
}
return header;
}
static int aes_nblocks(AES_OP_MODE_T op_mode, const unsigned char *in , unsigned char *out,
unsigned long blocks, const symmetric_key *skey1, const symmetric_key *skey2,
AES_MODE_T mode, uint8_t *iv)
{
int ret;
int key_real_length;
int hwkey_select;
uint32_t pos, timeout = 100;
uint32_t start_time, current_time;
uint8_t tmp[16];
DMA_DESC_T *in_list, *out_list;
uint8_t *key_data;
/* save last block of in for encryption result check */
pos = (blocks - 1) * 16;
memcpy(tmp, in + pos, 16);
memcpy(out + pos, in + pos, 16);
in_list = alloc_dma_chain((uint32_t)in, blocks << 4);
if (!in_list)
return -1;
out_list = alloc_dma_chain((uint32_t)out, blocks << 4);
if (!out_list) {
free_dma_chain(in_list);
return -1;
}
bcm_enable(1);
adec_engine_hw_reset(ACC_ENG_DMA);
adec_engine_hw_reset(ACC_ENG_CRYPTO);
abus_set_mode(ABUS_GRP_A_HASH, ABUS_GRP_B_AES, ABUS_STRAIGHT, ABUS_STRAIGHT);
crypto_aes_sw_reset();
/* HW requires abs(rid - wid) > 2 */
dma_input_config(0, 0);
dma_output_config(0, 4);
ret = dma_input_address((uint32_t)virt_to_phys((void *)in_list), 0, true);
if (ret != 0) {
printf("dma_input_address error.");
ret = -1;
goto error;
}
ret = dma_output_address((uint32_t)virt_to_phys((void *)out_list), 0, true);
if (ret != 0) {
printf("dma_input_address error.");
ret = -1;
goto error;
}
/* Process key1 */
if (skey1 == NULL) {
printf("skey1 == NULL.");
ret = -1;
goto error;
}
key_real_length = skey1->rijndael.Nr & ~(0x3);
hwkey_select = skey1->rijndael.Nr & 0x3;
if (op_mode == AES_ENCRYPT_OP) {
key_data = (uint8_t *)skey1->rijndael.eK;
} else if (op_mode == AES_DECRYPT_OP) {
key_data = (uint8_t *)skey1->rijndael.dK;
} else {
ret = -1;
goto error;
}
switch (hwkey_select) {
case EXT_KEY: /* use provide key */
ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, false);
if (ret) {
printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \
mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
ret = crypto_aes_set_key1(key_data, key_real_length / BYTES_TO_BITS);
if (ret) {
printf("crypto_aes_set_key1 error. hwkey_select = %d, key_real_length = %d, \
mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
break;
case RK_KEY: /* use root key */
ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, true);
if (ret) {
printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \
mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
writel((readl(ASR1901_CIU_BASE + 0x5C) & ~(1 << 22)), ASR1901_CIU_BASE + 0x5C);
break;
case SSK_KEY: /* use ssk key */
ret = crypto_aes_set_mode(mode, op_mode, key_real_length / BYTES_TO_BITS, true);
if (ret) {
printf("crypto_aes_set_mode error. hwkey_select = %d, key_real_length = %d, \
mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
writel((readl(ASR1901_CIU_BASE + 0x5C) | (1 << 22)), ASR1901_CIU_BASE + 0x5C);
break;
default:
ret = -1;
printf("invalid hwkey_select. hwkey_select = %d, key_real_length = %d, \
mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
/* Process IV and XTS key2 here */
switch(mode) {
case AES_XTS_ALG:
if (skey2 == NULL) {
printf("skey2 == NULL, mode = %d", mode);
ret = -1;
goto error;
}
key_real_length = skey2->rijndael.Nr & ~(0x3);
ret = crypto_aes_set_key2((uint8_t *)skey2->rijndael.eK, key_real_length / BYTES_TO_BITS);
if (ret) {
printf("crypto_aes_set_key2 error. hwkey_select = %d, key_real_length = %d, mode = %d", hwkey_select, key_real_length, mode);
goto error;
}
break;
case AES_CBC_ALG:
case AES_CTR_ALG:
ret = crypto_aes_set_iv(iv);
if (ret != 0) {
printf("crypto_aes_set_iv failure. mode = %d, ret = 0x%x", mode ,ret);
goto error;
}
break;
case AES_ECB_ALG:
break;
default:
printf("Illegal aes mode %d\n", mode);
goto error;
}
bcm_write32(CRYPTO_AES_STREAM_SIZE_REG, blocks << 4);
flush_dcache_range((unsigned long)in, (unsigned long)in + blocks << 4);
flush_dcache_range((unsigned long)out, (unsigned long)in + blocks << 4);
dma_output_start();
udelay(1);
crypto_aes_start();
udelay(1);
dma_input_start();
ret = dma_wait_output_finish();
if (ret)
goto error;
ret = crypto_aes_wait();
if (ret)
goto error;
ret = dma_wait_input_finish();
if (ret)
goto error;
/* Process IV */
switch(mode) {
case AES_XTS_ALG:
case AES_CBC_ALG:
case AES_CTR_ALG:
ret = crypto_aes_get_iv(iv);
if (ret != 0) {
printf("crypto_aes_get_iv failure. mode = %d, ret = 0x%x", mode, ret);
goto error;
}
break;
case AES_ECB_ALG:
break;
default:
printf("Illegal aes mode %d\n", mode);
goto error;
}
/* make sure dma data transfered to DDR by checking last block of out changes */
start_time = get_timer(0);
if (ret != 0)
goto error;
while (!memcmp(out + pos, tmp, 16)) {
flush_dcache_range((unsigned long)(out+pos), (unsigned long)(out+pos) + 16);
current_time = get_timer(0);
if (current_time - start_time > timeout) {
printf("Encryption: plaintext ciphertext are the same !!!");
break;
}
}
free_dma_chain(in_list);
free_dma_chain(out_list);
bcm_enable(0);
return 0;
error:
free_dma_chain(in_list);
free_dma_chain(out_list);
printf("aes_nblocks error = 0x%x",ret);
bcm_enable(0);
return -1;
}
/* ciphers */
static int se_rijndael_setup_internal(const unsigned char *key, int keylen, symmetric_key *skey)
{
int key_real_length;
int hwkey_select;
int err;
if (!skey || keylen <= 0) {
err = -1;
goto error;
}
key_real_length = keylen & ~(0x3);
hwkey_select = keylen & 0x3;
switch (hwkey_select) {
case EXT_KEY: /* use provide key */
if ((!key) || (key_real_length > (int)(BYTES_TO_BITS * sizeof(skey->rijndael.eK)))
|| (key_real_length > (int)(BYTES_TO_BITS * sizeof(skey->rijndael.dK)))) {
err = -1;
goto error;
}
memcpy(skey->rijndael.eK, key, key_real_length / BYTES_TO_BITS);
memcpy(skey->rijndael.dK, key, key_real_length / BYTES_TO_BITS);
break;
case RK_KEY: /* use huk */
case SSK_KEY: /* use ssk */
skey->rijndael.Nr = keylen;
break;
default:
err = -1;
goto error;
}
return 0;
error:
printf("rijndael_setup_internal error = %d. [keylen = %d]", err, keylen);
return err;
}
static int se_rijndael_setup(const unsigned char *key, int keylen, symmetric_key *skey)
{
return se_rijndael_setup_internal(key, (((keylen & ~0x3) * BYTES_TO_BITS) | (keylen & 0x3)), skey);
}
static int se_rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey)
{
return aes_nblocks(AES_DECRYPT_OP, ct, pt, 1, skey, NULL, AES_ECB_ALG, NULL);
}
static int _aes_handle_noalign(AES_OP_MODE_T op_mode, const unsigned char *in, unsigned char *out,
uint32_t length, const symmetric_key *skey1, const symmetric_key *skey2,
AES_MODE_T mode, uint8_t *iv)
{
int ret = 0;
uint32_t len_bytes = (length + 0xf) & (~0xf);
uint8_t *in_cpy = NULL, *out_cpy = NULL;
uint8_t *in_work = NULL, *out_work = NULL;
uint8_t *aligned_buf_in = NULL, *aligned_buf_out = NULL;
int size;
if (((uint32_t)out & 0x3) || ((uint32_t)in & 0x3) || (len_bytes > length)) {
in_cpy = (uint8_t *)in;
out_cpy = (uint8_t *)out;
/* if length is not a multiple of 16, zero padding */
if (((uint32_t)in & 0x3) || (len_bytes > length)) {
aligned_buf_in = malloc(MIN((int)len_bytes, WORK_BUF_SIZE));
if (!aligned_buf_in)
return -1;
memset(aligned_buf_in, 0, MIN((int)len_bytes, WORK_BUF_SIZE));
}
if (((uint32_t)out & 0x3) || (len_bytes > length)) {
aligned_buf_out = malloc(MIN((int)len_bytes, WORK_BUF_SIZE));
if (!aligned_buf_out)
return -1;
}
while (len_bytes) {
size = MIN((int)len_bytes, WORK_BUF_SIZE);
if ((uint32_t)in & 0x3) {
memcpy(aligned_buf_in, in_cpy, size);
in_work = aligned_buf_in;
} else {
in_work = in_cpy;
}
if ((uint32_t)out & 0x3) {
memset(aligned_buf_out, 0x0, size);
out_work = aligned_buf_out;
} else {
out_work = out_cpy;
}
ret = aes_nblocks(op_mode, in_work, out_work, size >> 4, skey1, skey2, mode, iv);
if (ret != 0)
goto exit;
if ((uint32_t) out & 0x3)
memcpy(out_cpy, aligned_buf_out, size);
if (mode == AES_XTS_ALG && len_bytes != 0 && (len_bytes > WORK_BUF_SIZE)) {
symmetric_key *skey_local = malloc(sizeof(symmetric_key));
if (!skey_local) {
printf("Out of memory in allocating symmetric key !");
ret = -1;
goto exit;
}
ret = se_rijndael_setup((uint8_t *)skey2->rijndael.eK,
(skey2->rijndael.Nr/BYTES_TO_BITS), skey_local);
if (ret != 0) {
free(skey_local);
goto exit;
}
ret = se_rijndael_ecb_decrypt(iv, iv, skey_local);
if (ret != 0) {
free(skey_local);
goto exit;
}
free(skey_local);
}
out_cpy += size;
in_cpy += size;
len_bytes -= size;
}
exit:
if (aligned_buf_in)
free(aligned_buf_in);
if (aligned_buf_out)
free(aligned_buf_out);
} else {
ret = aes_nblocks(op_mode, in, out, len_bytes >> 4, skey1, skey2, mode, iv);
}
return ret;
}
static int aes_handle_noalign(AES_MODE_T mode, AES_OP_MODE_T op_mode, AES_KEY_SELECT_T key_select,
const uint8_t *key1, uint32_t keylen1, const uint8_t *key2, uint32_t keylen2,
const unsigned char *in, unsigned char *out, uint32_t size, uint8_t *iv)
{
int ret;
symmetric_key *pskey1, *pskey2;
pskey1 = malloc(sizeof(symmetric_key));
if (!pskey1) {
return -1;
}
pskey2 = malloc(sizeof(symmetric_key));
if (!pskey2) {
free(pskey1);
return -1;
}
memset(pskey1, 0, sizeof(symmetric_key));
memset(pskey1, 0, sizeof(symmetric_key));
if (op_mode == AES_ENCRYPT_OP) {
pskey1->rijndael.eK = (uint32_t *)key1;
} else if (op_mode == AES_DECRYPT_OP) {
pskey1->rijndael.dK = (uint32_t *)key1;
}
if (key_select == EXT_KEY) {
pskey1->rijndael.Nr = (keylen1 * BYTES_TO_BITS) & (~0x3);
} else if (key_select == RK_KEY) {
pskey1->rijndael.Nr = keylen1 * BYTES_TO_BITS | 0x1;
} else if (key_select == SSK_KEY) {
pskey1->rijndael.Nr = keylen1 * BYTES_TO_BITS | 0x2;
} else {
return -1;
}
if (mode == AES_XTS_ALG) {
if (op_mode == AES_ENCRYPT_OP) {
pskey2->rijndael.eK = (uint32_t *)key2;
pskey2->rijndael.Nr = keylen2 * BYTES_TO_BITS;
} else if (op_mode == AES_DECRYPT_OP) {
pskey2->rijndael.dK = (uint32_t *)key2;
pskey2->rijndael.Nr = keylen2 * BYTES_TO_BITS;
}
ret = _aes_handle_noalign(op_mode, in, out, size, pskey1, pskey2, mode, iv);
} else {
ret = _aes_handle_noalign(op_mode, in, out, size, pskey1, NULL, mode, iv);
}
free(pskey1);
free(pskey2);
return ret;
}
static int asr_kestrl_rkek_fused(void)
{
uint32_t val;
/* If RKEK is burned, SW access to it must be disabled as well */
/* check if LCS_DM is burned */
val = geu_read32(GEU_KSTR_BANK6_LCS);
val >>= GEU_KSTR_LCS_DM_BASE;
val &= GEU_KSTR_LCS_MASK;
if (hweight32(val) > 1)
return 1;
return 0;
}
/* cipher */
int aes_ecb_encrypt_bcm(uint8_t *key, uint32_t key_len, bool use_rkek,
void *in, void *out, uint32_t size)
{
uint8_t *use_key;
AES_KEY_SELECT_T key_select;
if ((key_len > 32) && (key_len < 16)) {
printf("err: aes ecb encrypt key len %d\n", key_len);
return -1;
}
if ((key == NULL) && (use_rkek == false)) {
printf("%s error: key can't NULL when not use rkek\n", __func__);
return -1;
}
if (!asr_kestrl_rkek_fused()) {
if (key == NULL) {
use_key = (uint8_t *)default_key;
} else {
use_key = key;
}
key_select = EXT_KEY;
} else {
if (use_rkek) {
use_key = NULL;
key_select = RK_KEY;
} else {
use_key = key;
key_select = EXT_KEY;
}
}
return aes_handle_noalign(AES_ECB_ALG, AES_ENCRYPT_OP, key_select,
use_key, key_len, NULL, 0, in, out, size, NULL);
}
int aes_ecb_decrypt_bcm(uint8_t *key, uint32_t key_len, bool use_rkek,
void *in, void *out, uint32_t size)
{
uint8_t *use_key;
AES_KEY_SELECT_T key_select;
if ((key_len > 32) && (key_len < 16)) {
printf("err: aes ecb encrypt key len %d\n", key_len);
return -1;
}
if ((key == NULL) && (use_rkek == false)) {
printf("%s error: key can't NULL when not use rkek\n", __func__);
return -1;
}
if (!asr_kestrl_rkek_fused()) {
if (key == NULL) {
use_key = (uint8_t *)default_key;
} else {
use_key = key;
}
key_select = EXT_KEY;
} else {
if (use_rkek) {
use_key = NULL;
key_select = RK_KEY;
} else {
use_key = key;
key_select = EXT_KEY;
}
}
return aes_handle_noalign(AES_ECB_ALG, AES_DECRYPT_OP, key_select,
use_key, key_len, NULL, 0, in, out, size, NULL);
}
int aes_cbc_encrypt_bcm(uint8_t *iv, uint8_t *key, uint32_t key_len,
bool use_rkek, void *in, void *out, uint32_t size)
{
uint8_t *use_key;
AES_KEY_SELECT_T key_select;
if ((key_len > 32) && (key_len < 16)) {
printf("err: aes ecb encrypt key len %d\n", key_len);
return -1;
}
if ((key == NULL) && (use_rkek == false)) {
printf("%s error: key can't NULL when not use rkek\n", __func__);
return -1;
}
if (!asr_kestrl_rkek_fused()) {
if (key == NULL) {
use_key = (uint8_t *)default_key;
} else {
use_key = key;
}
key_select = EXT_KEY;
} else {
if (use_rkek) {
use_key = NULL;
key_select = RK_KEY;
} else {
use_key = key;
key_select = EXT_KEY;
}
}
return aes_handle_noalign(AES_CBC_ALG, AES_ENCRYPT_OP, key_select,
use_key, key_len, NULL, 0, in, out, size, iv);
}
int aes_cbc_decrypt_bcm(uint8_t *iv, uint8_t *key, uint32_t key_len,
bool use_rkek, void *in, void *out, uint32_t size)
{
uint8_t *use_key;
AES_KEY_SELECT_T key_select;
if ((key_len > 32) && (key_len < 16)) {
printf("err: aes ecb encrypt key len %d\n", key_len);
return -1;
}
if ((key == NULL) && (use_rkek == false)) {
printf("%s error: key can't NULL when not use rkek\n", __func__);
return -1;
}
if (!asr_kestrl_rkek_fused()) {
if (key == NULL) {
use_key = (uint8_t *)default_key;
} else {
use_key = key;
}
key_select = EXT_KEY;
} else {
if (use_rkek) {
use_key = NULL;
key_select = RK_KEY;
} else {
use_key = key;
key_select = EXT_KEY;
}
}
return aes_handle_noalign(AES_CBC_ALG, AES_DECRYPT_OP, key_select,
use_key, key_len, NULL, 0, in, out, size, iv);
}