mirror of https://github.com/F-Stack/f-stack.git
179 lines
4.2 KiB
C
179 lines
4.2 KiB
C
|
/* SPDX-License-Identifier: (BSD-3-Clause OR GPL-2.0)
|
||
|
*
|
||
|
* Copyright 2008-2016 Freescale Semiconductor Inc.
|
||
|
* Copyright 2016,2019 NXP
|
||
|
*/
|
||
|
|
||
|
#ifndef __RTA_KEY_CMD_H__
|
||
|
#define __RTA_KEY_CMD_H__
|
||
|
|
||
|
extern enum rta_sec_era rta_sec_era;
|
||
|
|
||
|
/* Allowed encryption flags for each SEC Era */
|
||
|
static const uint32_t key_enc_flags[] = {
|
||
|
ENC,
|
||
|
ENC | NWB | EKT | TK,
|
||
|
ENC | NWB | EKT | TK,
|
||
|
ENC | NWB | EKT | TK,
|
||
|
ENC | NWB | EKT | TK,
|
||
|
ENC | NWB | EKT | TK,
|
||
|
ENC | NWB | EKT | TK | PTS,
|
||
|
ENC | NWB | EKT | TK | PTS,
|
||
|
ENC | NWB | EKT | TK | PTS,
|
||
|
ENC | NWB | EKT | TK | PTS
|
||
|
};
|
||
|
|
||
|
static inline int
|
||
|
rta_key(struct program *program, uint32_t key_dst,
|
||
|
uint32_t encrypt_flags, uint64_t src, uint32_t length,
|
||
|
uint32_t flags)
|
||
|
{
|
||
|
uint32_t opcode = 0;
|
||
|
bool is_seq_cmd = false;
|
||
|
unsigned int start_pc = program->current_pc;
|
||
|
|
||
|
if (encrypt_flags & ~key_enc_flags[rta_sec_era]) {
|
||
|
pr_err("KEY: Flag(s) not supported by SEC Era %d\n",
|
||
|
USER_SEC_ERA(rta_sec_era));
|
||
|
goto err;
|
||
|
}
|
||
|
|
||
|
/* write cmd type */
|
||
|
if (flags & SEQ) {
|
||
|
opcode = CMD_SEQ_KEY;
|
||
|
is_seq_cmd = true;
|
||
|
} else {
|
||
|
opcode = CMD_KEY;
|
||
|
}
|
||
|
|
||
|
/* check parameters */
|
||
|
if (is_seq_cmd) {
|
||
|
if ((flags & IMMED) || (flags & SGF)) {
|
||
|
pr_err("SEQKEY: Invalid flag. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc,
|
||
|
program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
} else {
|
||
|
if ((flags & AIDF) || (flags & VLF)) {
|
||
|
pr_err("KEY: Invalid flag. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc,
|
||
|
program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
if ((flags & SGF) && (flags & IMMED)) {
|
||
|
pr_err("KEY: Invalid flag. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc,
|
||
|
program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ((encrypt_flags & PTS) &&
|
||
|
((encrypt_flags & ENC) || (encrypt_flags & NWB) ||
|
||
|
(key_dst == PKE))) {
|
||
|
pr_err("KEY: Invalid flag / destination. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc, program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
|
||
|
if (key_dst == AFHA_SBOX) {
|
||
|
if (flags & IMMED) {
|
||
|
pr_err("KEY: Invalid flag. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc,
|
||
|
program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
|
||
|
/*
|
||
|
* Sbox data loaded into the ARC-4 processor must be exactly
|
||
|
* 258 bytes long, or else a data sequence error is generated.
|
||
|
*/
|
||
|
if (length != 258) {
|
||
|
pr_err("KEY: Invalid length. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc,
|
||
|
program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
/* write key destination and class fields */
|
||
|
switch (key_dst) {
|
||
|
case (KEY1):
|
||
|
opcode |= KEY_DEST_CLASS1;
|
||
|
break;
|
||
|
case (KEY2):
|
||
|
opcode |= KEY_DEST_CLASS2;
|
||
|
break;
|
||
|
case (PKE):
|
||
|
opcode |= KEY_DEST_CLASS1 | KEY_DEST_PKHA_E;
|
||
|
break;
|
||
|
case (AFHA_SBOX):
|
||
|
opcode |= KEY_DEST_CLASS1 | KEY_DEST_AFHA_SBOX;
|
||
|
break;
|
||
|
case (MDHA_SPLIT_KEY):
|
||
|
opcode |= KEY_DEST_CLASS2 | KEY_DEST_MDHA_SPLIT;
|
||
|
break;
|
||
|
default:
|
||
|
pr_err("KEY: Invalid destination. SEC PC: %d; Instr: %d\n",
|
||
|
program->current_pc, program->current_instruction);
|
||
|
goto err;
|
||
|
}
|
||
|
|
||
|
/* write key length */
|
||
|
length &= KEY_LENGTH_MASK;
|
||
|
opcode |= length;
|
||
|
|
||
|
/* write key command specific flags */
|
||
|
if (encrypt_flags & ENC) {
|
||
|
/* Encrypted (black) keys must be padded to 8 bytes (CCM) or
|
||
|
* 16 bytes (ECB) depending on EKT bit. AES-CCM encrypted keys
|
||
|
* (EKT = 1) have 6-byte nonce and 6-byte MAC after padding.
|
||
|
*/
|
||
|
opcode |= KEY_ENC;
|
||
|
if (encrypt_flags & EKT) {
|
||
|
opcode |= KEY_EKT;
|
||
|
length = ALIGN(length, 8);
|
||
|
length += 12;
|
||
|
} else {
|
||
|
length = ALIGN(length, 16);
|
||
|
}
|
||
|
if (encrypt_flags & TK)
|
||
|
opcode |= KEY_TK;
|
||
|
}
|
||
|
if (encrypt_flags & NWB)
|
||
|
opcode |= KEY_NWB;
|
||
|
if (encrypt_flags & PTS)
|
||
|
opcode |= KEY_PTS;
|
||
|
|
||
|
/* write general command flags */
|
||
|
if (!is_seq_cmd) {
|
||
|
if (flags & IMMED)
|
||
|
opcode |= KEY_IMM;
|
||
|
if (flags & SGF)
|
||
|
opcode |= KEY_SGF;
|
||
|
} else {
|
||
|
if (flags & AIDF)
|
||
|
opcode |= KEY_AIDF;
|
||
|
if (flags & VLF)
|
||
|
opcode |= KEY_VLF;
|
||
|
}
|
||
|
|
||
|
__rta_out32(program, opcode);
|
||
|
program->current_instruction++;
|
||
|
|
||
|
if (flags & IMMED)
|
||
|
__rta_inline_data(program, src, flags & __COPY_MASK, length);
|
||
|
else
|
||
|
__rta_out64(program, program->ps, src);
|
||
|
|
||
|
return (int)start_pc;
|
||
|
|
||
|
err:
|
||
|
program->first_error_pc = start_pc;
|
||
|
program->current_instruction++;
|
||
|
return -EINVAL;
|
||
|
}
|
||
|
|
||
|
#endif /* __RTA_KEY_CMD_H__ */
|