Gitiles
Code Review Sign In
192.168.1.100 / T108 / e958203796650e3959a43708d67534bf36f4c83b / . / marvell / uboot / drivers / crypto / te200_cipher.c
blob: d3f723837a83ba0f3f10fecc7cacf05d0661a7c8 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame^]1#include <common.h>
2#include <config.h>
3#include <asm/arch/cpu.h>
4#include <config.h>
5#include <asm/arch/asr1802.h>
6#include <power/asr1802s_freq.h>
7#include "te200_cipher.h"
8
9/*
10notice: 1) use hardware key if burned hardware key;
11 1) use input key if not burned hardware key but input key not null;
12 2) use default key if not burned rkek but input key is null;
13 char default_key[64] = {"asr-aes-default-key-without-rkek"};
14*/
15static const char default_key[64] = {"asr-aes-default-key-without-rkek"};
16
17void te200_enable_clk(int enable)
18{
19 uint32_t val;
20 /* it will no longer enable clk if the clk has been enabled */
21 static int enabled = 0;
22 if (enable) {
23 val = readl(ASR1802_APMU_BASE + AES_CLK_RES_CTRL);
24 if ((val & (1 << 3 | 1 << 0)) == (1 << 3 | 1 << 0)) {
25 enabled = 1;
26 return;
27 }
28 val |= (1 << 3);
29 val |= (1 << 0);
30 writel(val, ASR1802_APMU_BASE + AES_CLK_RES_CTRL);
31 } else {
32 if (enabled) {
33 return;
34 }
35 val = readl(ASR1802_APMU_BASE + AES_CLK_RES_CTRL);
36 val &= ~(1 << 3);
37 writel(val, ASR1802_APMU_BASE+ AES_CLK_RES_CTRL);
38 }
39}
40
41static int sca_clock_switch(int enable)
42{
43 uint32_t value;
44 value = readl(TE200_CLOCK_CTRL);
45 if (enable) {
46 value |= SCA_CLK_EN;
47 } else {
48 value &= ~SCA_CLK_EN;
49 }
50 writel(value, TE200_CLOCK_CTRL);
51 return 0;
52}
53
54static int sca_start_run(void)
55{
56 uint32_t value;
57 value = readl(TE200_SSCA_CTRL);
58 value |= SCA_RUN;
59 writel(value, TE200_SSCA_CTRL);
60 return 0;
61}
62
63static int sca_set_alg(int alg_type, uint32_t *value)
64{
65 switch (alg_type) {
66 case NORMAL_AES:
67 *value &= SCA_NORMAL_AES;
68 break;
69 case SM4:
70 *value |= SCA_SM4;
71 break;
72 default:
73 return -1;
74 }
75 return 0;
76}
77
78static int sca_set_cipher_mode(int mode, uint32_t *value)
79{
80 switch (mode) {
81 case ECB:
82 *value &= SCA_MODE_ECB;
83 break;
84 case CTR:
85 *value |= SCA_MODE_CTR;
86 break;
87 case CBC:
88 *value |= SCA_MODE_CBC;
89 break;
90 default:
91 return -1;
92 }
93 return 0;
94}
95
96static int sca_set_iv(const uint8_t *iv, uint32_t *value)
97{
98 if (iv) {
99 *value |= SCA_SET_IV | SCA_SET_IV_ADDR;
100 } else {
101 *value &= (~(SCA_SET_IV | SCA_SET_IV_ADDR));
102 }
103 return 0;
104}
105
106static int sca_set_key(const uint8_t *key, uint32_t key_len, uint32_t *value)
107{
108 switch (key_len) {
109 case 16:
110 *value &= SCA_KEY_128_BITS;
111 break;
112 case 24:
113 *value |= SCA_KEY_192_BITS;
114 break;
115 case 32:
116 *value |= SCA_KEY_256_BITS;
117 break;
118 default:
119 return -1;
120 }
121
122 if (key) {
123 *value |= SCA_EXTERNAL_KEY | SCA_KEY_IS_ADDR;
124 } else {
125 *value |= SCA_DEVICE_ROOT_KEY | SCA_KEY_IS_ADDR;
126 }
127
128 return 0;
129}
130
131static int sca_wait_intr(void)
132{
133 int ret = 0;
134 uint32_t value;
135 uint32_t time_start;
136 time_start = get_timer(0);
137 value = readl(TE200_SSCA_INTR_STAT);
138
139 while (1) {
140 value = readl(TE200_SSCA_INTR_STAT);
141
142 if (value & SCA_INVALID_CMD) {
143 printf("invallid cmd\n");
144 ret = -1;
145 break;
146 }
147
148 if (value & SCA_INVALID_KEY) {
149 printf("invallid key\n");
150 ret = -1;
151 break;
152 }
153
154 if (value & SCA_BUS_ERROR) {
155 printf("bus err\n");
156 ret = -1;
157 ret = -1;
158 break;
159 }
160
161 if ((get_timer(0) - time_start) > 500) {
162 printf("wait intr timeout !\n");
163 ret = -1;
164 break;
165 }
166
167 if (value & SCA_CMD_INTR) {
168 break;
169 }
170 }
171
172 value = readl(TE200_SSCA_INTR_STAT);
173 value |= SCA_CMD_INTR;
174 writel(value, TE200_SSCA_INTR_STAT);
175 return ret;
176}
177
178/* sync the same key ladder in /tos/uboot/kernel te200 driver */
179static const struct {
180 __attribute__ ((aligned (16))) uint8_t ek3[16];
181 __attribute__ ((aligned (16))) uint8_t ek2[16];
182 __attribute__ ((aligned (16))) uint8_t ek1[16];
183} key_ladder = {
184 { 0x50,0xCF,0x0F,0x29,0xD1,0xCF,0x32,0x41,0xC5,0x64,0xAC,0xDB,0xDD,0x9A,0xFC,0xF4 },
185 { 0x9C,0xAB,0x04,0x57,0xB7,0x17,0xD9,0x4A,0x34,0x74,0x28,0x30,0x34,0x16,0x3B,0x52 },
186 { 0xF5,0xA0,0x33,0x7B,0x4B,0xE8,0x18,0x84,0x51,0x4E,0x38,0x86,0x6D,0x08,0xBB,0x6E },
187};
188
189static int rkek_cfg_init(void)
190{
191 uint32_t value;
192
193 value = readl(TE200_CLOCK_CTRL);
194 value &= ~OTP_CLK_EN;
195 writel(value, TE200_CLOCK_CTRL);
196
197 value = readl(TE200_CLOCK_CTRL);
198 value |= OTP_CLK_EN;
199 writel(value, TE200_CLOCK_CTRL);
200
201 /* set opt key sel */
202 value = readl(ASR1802_CIU_BASE + 0x0C);
203 value |= (1 << 24);
204 writel(value, ASR1802_CIU_BASE + 0x0C);
205
206 /* enable lock */
207 value = readl(TE200_OTP_DUMMY_CFG);
208 value |= 0x10;
209 writel(value, TE200_OTP_DUMMY_CFG);
210
211 return 0;
212}
213
214static int sca_cipher_init(int alg_type, int mode, uint8_t *iv, uint8_t *key, uint32_t key_len)
215{
216 int ret;
217 uint32_t cmd = 0;
218 uint32_t param;
219
220 te200_enable_clk(1);
221 sca_clock_switch(0);
222 sca_clock_switch(1);
223
224 /* config rkek */
225 if (!key) {
226 rkek_cfg_init();
227 }
228
229 sca_start_run();
230
231 ret = sca_set_alg(alg_type, &cmd);
232 if (ret) {
233 ret = -1;
234 goto err;
235 }
236 ret = sca_set_cipher_mode(mode, &cmd);
237 if (ret) {
238 ret = -1;
239 goto err;
240 }
241
242 ret = sca_set_key(key, key_len, &cmd);
243 if (ret) {
244 ret = -1;
245 goto err;
246 }
247
248 ret = sca_set_iv(iv, &cmd);
249 if (ret) {
250 ret = -1;
251 goto err;
252 }
253
254 cmd |= SCA_INTER_TRIGGERD | SCA_INIT_CMD;
255 writel(cmd, TE200_SSCA_QUEUE);
256
257 /* set key params */
258 if (key) {
259 flush_dcache_range((unsigned long)key, (uint32_t)key + key_len);
260 param = (uint32_t)virt_to_phys((void *)key);
261 writel(param, TE200_SSCA_QUEUE);
262 } else {
263 flush_dcache_range((unsigned long)key_ladder.ek3,
264 (uint32_t)key_ladder.ek3 + sizeof(key_ladder.ek3));
265 param = (uint32_t)virt_to_phys((void *)key_ladder.ek3);
266 writel(param, TE200_SSCA_QUEUE);
267
268 flush_dcache_range((unsigned long)key_ladder.ek2,
269 (uint32_t)key_ladder.ek2 + sizeof(key_ladder.ek2));
270 param = (uint32_t)virt_to_phys((void *)key_ladder.ek2);
271 writel(param, TE200_SSCA_QUEUE);
272
273 flush_dcache_range((unsigned long)key_ladder.ek1,
274 (uint32_t)key_ladder.ek1 + sizeof(key_ladder.ek1));
275 param = (uint32_t)virt_to_phys((void *)key_ladder.ek1);
276 writel(param, TE200_SSCA_QUEUE);
277 }
278
279 /* set iv params */
280 if (iv) {
281 /* set iv addr */
282 flush_dcache_range((unsigned long)iv, (uint32_t)iv + 16);
283 param = (uint32_t)virt_to_phys((void *)iv);
284 writel(param, TE200_SSCA_QUEUE);
285 }
286
287 ret = sca_wait_intr();
288 if (ret) {
289 ret = -1;
290 goto err;
291 }
292 return 0;
293
294err:
295 sca_clock_switch(0);
296 te200_enable_clk(0);
297 return ret;
298}
299
300static int sca_cipher_process(int encrypt, int last_one, void *in, uint32_t size, void *out)
301{
302 int ret;
303 uint32_t cmd = 0;
304 uint32_t param;
305 /* set big endain */
306 if (encrypt) {
307 cmd |= SCA_ENCRYPTION;
308 } else {
309 cmd &= (~SCA_ENCRYPTION);
310 }
311
312 cmd |= SCA_INTER_TRIGGERD | SCA_PROCESS_CMD;
313 if (last_one) {
314 cmd |= SCA_LAST_ONE_SESSION;
315 } else {
316 cmd &= ~SCA_LAST_ONE_SESSION;
317 }
318 writel(cmd, TE200_SSCA_QUEUE);
319
320 /* set src addr */
321 flush_dcache_range((unsigned long)in, (uint32_t)in + size);
322 param = (uint32_t)virt_to_phys((void *)in);
323 writel(param, TE200_SSCA_QUEUE);
324
325 /* set data length */
326 param = (uint32_t)size;
327 writel(param, TE200_SSCA_QUEUE);
328
329 /* set dst addr */
330 if (out) {
331 flush_dcache_range((unsigned long)out, (uint32_t)out + size);
332 param = (uint32_t)virt_to_phys((void *)out);
333 writel(param, TE200_SSCA_QUEUE);
334 }
335
336 sca_start_run();
337 ret = sca_wait_intr();
338 if (ret) {
339 sca_clock_switch(0);
340 te200_enable_clk(0);
341 return -1;
342 }
343
344 return 0;
345}
346
347static int sca_cipher_finish(void)
348{
349 uint32_t cmd = 0;
350 /* set cmd*/
351 cmd |= SCA_INTER_TRIGGERD | SCA_FINISH_CMD;
352 writel(cmd, TE200_SSCA_QUEUE);
353
354 sca_start_run();
355 return sca_wait_intr();
356}
357
358static int sca_cipher_handle(struct sca_data *psca_data, uint8_t *iv,
359 uint8_t *key, uint32_t key_len, void *in, uint32_t size, void *out)
360{
361 int ret = 0;
362
363 ret = sca_cipher_init(psca_data->alg_type, psca_data->mode, iv, key, key_len);
364 if (ret) {
365 return -1;
366 }
367
368 ret = sca_cipher_process(psca_data->encrypt, 1, in, size, out);
369 if (ret) {
370 return -1;
371 }
372
373 ret = sca_cipher_finish();
374 if (ret) {
375 return -1;
376 }
377
378 return 0;
379}
380
381static int asr_lapw_rkek_fused(void)
382{
383 u32 val;
384 return 1;
385
386 /* If RKEK is burned, SW access to it must be disabled as well */
387 val = readl(GEU_FUSE_VAL_APCFG2);
388 if (val & (1 << 29))
389 return 1;
390
391 return 0;
392}
393
394/* cipher */
395int aes_ecb_encrypt_te200(uint8_t *key, uint32_t key_len, bool use_rkek,
396 void *in, void *out, uint32_t size)
397{
398 uint8_t *use_key;
399 struct sca_data sca_data;
400 memset(&sca_data, 0, sizeof(sca_data));
401
402 if ((key_len > 32) && (key_len < 16)) {
403 printf("err: aes ecb encrypt key len %d\n", key_len);
404 return -1;
405 }
406
407 if ((key == NULL) && (use_rkek == false)) {
408 printf("%s error: key can't NULL when not use rkek\n", __func__);
409 return -1;
410 }
411
412 if (!asr_lapw_rkek_fused()) {
413 if (key == NULL) {
414 use_key = (uint8_t *)default_key;
415 } else {
416 use_key = key;
417 }
418 } else {
419 if (use_rkek) {
420 use_key = NULL;
421 } else {
422 use_key = key;
423 }
424 }
425
426 sca_data.encrypt = 1;
427 sca_data.alg_type = NORMAL_AES;
428 sca_data.mode = ECB;
429
430 return sca_cipher_handle(&sca_data, NULL, use_key, key_len, in, size, out);
431}
432
433int aes_ecb_decrypt_te200(uint8_t *key, uint32_t key_len, bool use_rkek,
434 void *in, void *out, uint32_t size)
435{
436 uint8_t *use_key;
437 struct sca_data sca_data;
438 memset(&sca_data, 0, sizeof(sca_data));
439
440 if ((key_len > 32) && (key_len < 16)) {
441 printf("err: aes ecb decrypt key len %d\n", key_len);
442 return -1;
443 }
444
445 if (!asr_lapw_rkek_fused()) {
446 if (key == NULL) {
447 use_key = (uint8_t *)default_key;
448 } else {
449 use_key = key;
450 }
451 } else {
452 if (use_rkek) {
453 use_key = NULL;
454 } else {
455 use_key = key;
456 }
457 }
458
459 sca_data.encrypt = 0;
460 sca_data.alg_type = NORMAL_AES;
461 sca_data.mode = ECB;
462
463 return sca_cipher_handle(&sca_data, NULL, use_key, key_len, in, size, out);
464}
465
466int aes_cbc_encrypt_te200(uint8_t *iv, uint8_t *key, uint32_t key_len,
467 bool use_rkek, void *in, void *out, uint32_t size)
468{
469 uint8_t *use_key;
470 struct sca_data sca_data;
471 memset(&sca_data, 0, sizeof(sca_data));
472
473 if ((key_len > 32) && (key_len < 16)) {
474 printf("err: aes ecb encrypt key len %d\n", key_len);
475 return -1;
476 }
477
478 if ((key == NULL) && (use_rkek == false)) {
479 printf("%s error: key can't NULL when not use rkek\n", __func__);
480 return -1;
481 }
482
483 if (!asr_lapw_rkek_fused()) {
484 if (key == NULL) {
485 use_key = (uint8_t *)default_key;
486 } else {
487 use_key = key;
488 }
489 } else {
490 if (use_rkek) {
491 use_key = NULL;
492 } else {
493 use_key = key;
494 }
495 }
496
497 sca_data.encrypt = 1;
498 sca_data.alg_type = NORMAL_AES;
499 sca_data.mode = CBC;
500
501 return sca_cipher_handle(&sca_data, iv, use_key, key_len, in, size, out);
502}
503
504int aes_cbc_decrypt_te200(uint8_t *iv, uint8_t *key, uint32_t key_len,
505 bool use_rkek, void *in, void *out, uint32_t size)
506{
507 uint8_t *use_key;
508 struct sca_data sca_data;
509 memset(&sca_data, 0, sizeof(sca_data));
510
511 if ((key_len > 32) && (key_len < 16)) {
512 printf("err: aes ecb encrypt key len %d\n", key_len);
513 return -1;
514 }
515
516 if ((key == NULL) && (use_rkek == false)) {
517 printf("%s error: key can't NULL when not use rkek\n", __func__);
518 return -1;
519 }
520
521 if (!asr_lapw_rkek_fused()) {
522 if (key == NULL) {
523 use_key = (uint8_t *)default_key;
524 } else {
525 use_key = key;
526 }
527 } else {
528 if (use_rkek) {
529 use_key = NULL;
530 } else {
531 use_key = key;
532 }
533 }
534
535 sca_data.encrypt = 0;
536 sca_data.alg_type = NORMAL_AES;
537 sca_data.mode = CBC;
538
539 return sca_cipher_handle(&sca_data, iv, use_key, key_len, in, size, out);
540}