1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3 * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved
4 * Author: Jorge Ramirez <jorge@foundries.io>
5 */
6 #include <assert.h>
7 #include <bitstring.h>
8 #include <config.h>
9 #include <crypto/crypto.h>
10 #include <kernel/huk_subkey.h>
11 #include <kernel/mutex.h>
12 #include <kernel/panic.h>
13 #include <kernel/refcount.h>
14 #include <kernel/tee_common_otp.h>
15 #include <kernel/thread.h>
16 #include <mm/mobj.h>
17 #include <optee_rpc_cmd.h>
18 #include <se050.h>
19 #include <se050_utils.h>
20 #include <scp.h>
21 #include <stdint.h>
22 #include <stdio.h>
23 #include <string.h>
24 #include <tee_api_defines_extensions.h>
25 #include <tee/tee_cryp_utl.h>
26 #include <utee_defines.h>
27
28 static enum se050_scp03_ksrc scp03_ksrc;
29 static bool scp03_enabled;
30
31 #define SE050A1 0
32 #define SE050A2 1
33 #define SE050B1 2
34 #define SE050B2 3
35 #define SE050C1 4
36 #define SE050C2 5
37 #define SE050DV 6
38 #define SE051A2 7
39 #define SE051C2 8
40 #define SE050F2 9
41 #define SE050E 10
42 #define SE051A 11
43 #define SE051C 12
44 #define SE051W 13
45 #define SE050F 14
46 #define SE052F2 15
47
48 static const struct se050_scp_key se050_default_keys[] = {
49 [SE050A1] = {
50 .enc = { 0x34, 0xae, 0x09, 0x67, 0xe3, 0x29, 0xe9, 0x51,
51 0x8e, 0x72, 0x65, 0xd5, 0xad, 0xcc, 0x01, 0xc2 },
52 .mac = { 0x52, 0xb2, 0x53, 0xca, 0xdf, 0x47, 0x2b, 0xdb,
53 0x3d, 0x0f, 0xb3, 0x8e, 0x09, 0x77, 0x00, 0x99 },
54 .dek = { 0xac, 0xc9, 0x14, 0x31, 0xfe, 0x26, 0x81, 0x1b,
55 0x5e, 0xcb, 0xc8, 0x45, 0x62, 0x0d, 0x83, 0x44 },
56 },
57 [SE050A2] = {
58 .enc = { 0x46, 0xa9, 0xc4, 0x8c, 0x34, 0xef, 0xe3, 0x44,
59 0xa5, 0x22, 0xe6, 0x67, 0x44, 0xf8, 0x99, 0x6a },
60 .mac = { 0x12, 0x03, 0xff, 0x61, 0xdf, 0xbc, 0x9c, 0x86,
61 0x19, 0x6a, 0x22, 0x74, 0xae, 0xf4, 0xed, 0x28 },
62 .dek = { 0xf7, 0x56, 0x1c, 0x6f, 0x48, 0x33, 0x61, 0x19,
63 0xee, 0x39, 0x43, 0x9a, 0xab, 0x34, 0x09, 0x8e },
64 },
65 [SE050B1] = {
66 .enc = { 0xd4, 0x99, 0xbc, 0x90, 0xde, 0xa5, 0x42, 0xcf,
67 0x78, 0xd2, 0x5e, 0x13, 0xd6, 0x4c, 0xbb, 0x1f },
68 .mac = { 0x08, 0x15, 0x55, 0x96, 0x43, 0xfb, 0x79, 0xeb,
69 0x85, 0x01, 0xa0, 0xdc, 0x83, 0x3d, 0x90, 0x1f },
70 .dek = { 0xbe, 0x7d, 0xdf, 0xb4, 0x06, 0xe8, 0x1a, 0xe4,
71 0xe9, 0x66, 0x5a, 0x9f, 0xed, 0x64, 0x26, 0x7c },
72 },
73 [SE050B2] = {
74 .enc = { 0x5f, 0xa4, 0x3d, 0x82, 0x02, 0xd2, 0x5e, 0x9a,
75 0x85, 0xb1, 0xfe, 0x7e, 0x2d, 0x26, 0x47, 0x8d },
76 .mac = { 0x10, 0x5c, 0xea, 0x22, 0x19, 0xf5, 0x2b, 0xd1,
77 0x67, 0xa0, 0x74, 0x63, 0xc6, 0x93, 0x79, 0xc3 },
78 .dek = { 0xd7, 0x02, 0x81, 0x57, 0xf2, 0xad, 0x37, 0x2c,
79 0x74, 0xbe, 0x96, 0x9b, 0xcc, 0x39, 0x06, 0x27 },
80 },
81 [SE050C1] = {
82 .enc = { 0x85, 0x2b, 0x59, 0x62, 0xe9, 0xcc, 0xe5, 0xd0,
83 0xbe, 0x74, 0x6b, 0x83, 0x3b, 0xcc, 0x62, 0x87 },
84 .mac = { 0xdb, 0x0a, 0xa3, 0x19, 0xa4, 0x08, 0x69, 0x6c,
85 0x8e, 0x10, 0x7a, 0xb4, 0xe3, 0xc2, 0x6b, 0x47 },
86 .dek = { 0x4c, 0x2f, 0x75, 0xc6, 0xa2, 0x78, 0xa4, 0xae,
87 0xe5, 0xc9, 0xaf, 0x7c, 0x50, 0xee, 0xa8, 0x0c },
88 },
89 [SE050C2] = {
90 .enc = { 0xbd, 0x1d, 0xe2, 0x0a, 0x81, 0xea, 0xb2, 0xbf,
91 0x3b, 0x70, 0x9a, 0x9d, 0x69, 0xa3, 0x12, 0x54 },
92 .mac = { 0x9a, 0x76, 0x1b, 0x8d, 0xba, 0x6b, 0xed, 0xf2,
93 0x27, 0x41, 0xe4, 0x5d, 0x8d, 0x42, 0x36, 0xf5 },
94 .dek = { 0x9b, 0x99, 0x3b, 0x60, 0x0f, 0x1c, 0x64, 0xf5,
95 0xad, 0xc0, 0x63, 0x19, 0x2a, 0x96, 0xc9, 0x47 },
96 },
97 [SE050DV] = {
98 .enc = { 0x35, 0xc2, 0x56, 0x45, 0x89, 0x58, 0xa3, 0x4f,
99 0x61, 0x36, 0x15, 0x5f, 0x82, 0x09, 0xd6, 0xcd },
100 .mac = { 0xaf, 0x17, 0x7d, 0x5d, 0xbd, 0xf7, 0xc0, 0xd5,
101 0xc1, 0x0a, 0x05, 0xb9, 0xf1, 0x60, 0x7f, 0x78 },
102 .dek = { 0xa1, 0xbc, 0x84, 0x38, 0xbf, 0x77, 0x93, 0x5b,
103 0x36, 0x1a, 0x44, 0x25, 0xfe, 0x79, 0xfa, 0x29 },
104 },
105 [SE051A2] = {
106 .enc = { 0x84, 0x0a, 0x5d, 0x51, 0x79, 0x55, 0x11, 0xc9,
107 0xce, 0xf0, 0xc9, 0x6f, 0xd2, 0xcb, 0xf0, 0x41 },
108 .mac = { 0x64, 0x6b, 0xc2, 0xb8, 0xc3, 0xa4, 0xd9, 0xc1,
109 0xfa, 0x8d, 0x71, 0x16, 0xbe, 0x04, 0xfd, 0xfe },
110 .dek = { 0x03, 0xe6, 0x69, 0x9a, 0xca, 0x94, 0x26, 0xd9,
111 0xc3, 0x89, 0x22, 0xf8, 0x91, 0x4c, 0xe5, 0xf7 },
112 },
113 [SE051C2] = {
114 .enc = { 0x88, 0xdb, 0xcd, 0x65, 0x82, 0x0d, 0x2a, 0xa0,
115 0x6f, 0xfa, 0xb9, 0x2a, 0xa8, 0xe7, 0x93, 0x64 },
116 .mac = { 0xa8, 0x64, 0x4e, 0x2a, 0x04, 0xd9, 0xe9, 0xc8,
117 0xc0, 0xea, 0x60, 0x86, 0x68, 0x29, 0x99, 0xe5 },
118 .dek = { 0x8a, 0x38, 0x72, 0x38, 0x99, 0x88, 0x18, 0x44,
119 0xe2, 0xc1, 0x51, 0x3d, 0xac, 0xd9, 0xf8, 0x0d },
120 },
121 [SE050F2] = {
122 .enc = { 0x91, 0x88, 0xda, 0x8c, 0xf3, 0x69, 0xcf, 0xa9,
123 0xa0, 0x08, 0x91, 0x62, 0x7b, 0x65, 0x34, 0x5a },
124 .mac = { 0xcb, 0x20, 0xf8, 0x09, 0xc7, 0xa0, 0x39, 0x32,
125 0xbc, 0x20, 0x3b, 0x0a, 0x01, 0x81, 0x6c, 0x81 },
126 .dek = { 0x27, 0x8e, 0x61, 0x9d, 0x83, 0x51, 0x8e, 0x14,
127 0xc6, 0xf1, 0xe4, 0xfa, 0x96, 0x8b, 0xe5, 0x1c },
128 },
129 [SE050E] = {
130 .enc = { 0xd2, 0xdb, 0x63, 0xe7, 0xa0, 0xa5, 0xae, 0xd7,
131 0x2a, 0x64, 0x60, 0xc4, 0xdf, 0xdc, 0xaf, 0x64 },
132 .mac = { 0x73, 0x8d, 0x5b, 0x79, 0x8e, 0xd2, 0x41, 0xb0,
133 0xb2, 0x47, 0x68, 0x51, 0x4b, 0xfb, 0xa9, 0x5b },
134 .dek = { 0x67, 0x02, 0xda, 0xc3, 0x09, 0x42, 0xb2, 0xc8,
135 0x5e, 0x7f, 0x47, 0xb4, 0x2c, 0xed, 0x4e, 0x7f },
136 },
137 [SE051A] = {
138 .enc = { 0x88, 0xea, 0x9f, 0xa6, 0x86, 0xf3, 0xcf, 0x2f,
139 0xfc, 0xaf, 0x4b, 0x1c, 0xba, 0x93, 0xe4, 0x42 },
140 .mac = { 0x4f, 0x16, 0x3f, 0x59, 0xf0, 0x74, 0x31, 0xf4,
141 0x3e, 0xe2, 0xee, 0x18, 0x34, 0xa5, 0x23, 0x34 },
142 .dek = { 0xd4, 0x76, 0xcf, 0x47, 0xaa, 0x27, 0xb5, 0x4a,
143 0xb3, 0xdb, 0xeb, 0xe7, 0x65, 0x6d, 0x67, 0x70 },
144 },
145 [SE051C] = {
146 .enc = { 0xbf, 0xc2, 0xdb, 0xe1, 0x82, 0x8e, 0x03, 0x5d,
147 0x3e, 0x7f, 0xa3, 0x6b, 0x90, 0x2a, 0x05, 0xc6 },
148 .mac = { 0xbe, 0xf8, 0x5b, 0xd7, 0xba, 0x04, 0x97, 0xd6,
149 0x28, 0x78, 0x1c, 0xe4, 0x7b, 0x18, 0x8c, 0x96 },
150 .dek = { 0xd8, 0x73, 0xf3, 0x16, 0xbe, 0x29, 0x7f, 0x2f,
151 0xc9, 0xc0, 0xe4, 0x5f, 0x54, 0x71, 0x06, 0x99 }
152 },
153 [SE051W] = {
154 .enc = { 0x18, 0xb3, 0xb4, 0xe3, 0x40, 0xc0, 0x80, 0xd9,
155 0x9b, 0xeb, 0xb8, 0xb8, 0x64, 0x4b, 0x8c, 0x52 },
156 .mac = { 0x3d, 0x0c, 0xfa, 0xc8, 0x7b, 0x96, 0x7c, 0x00,
157 0xe3, 0x3b, 0xa4, 0x96, 0x61, 0x38, 0x38, 0xa2 },
158 .dek = { 0x68, 0x06, 0x83, 0xf9, 0x4e, 0x6b, 0xcb, 0x94,
159 0x73, 0xec, 0xc1, 0x56, 0x7a, 0x1b, 0xd1, 0x09 },
160 },
161 [SE050F] = {
162 .enc = { 0xB5, 0x0E, 0x1F, 0x12, 0xB8, 0x1F, 0xE5, 0x3B,
163 0x6C, 0x3B, 0x53, 0x87, 0x91, 0x2A, 0x1A, 0x5A, },
164 .mac = { 0x71, 0x93, 0x69, 0x59, 0xD3, 0x7F, 0x2B, 0x22,
165 0xC5, 0xA0, 0xC3, 0x49, 0x19, 0xA2, 0xBC, 0x1F, },
166 .dek = { 0x86, 0x95, 0x93, 0x23, 0x98, 0x54, 0xDC, 0x0D,
167 0x86, 0x99, 0x00, 0x50, 0x0C, 0xA7, 0x9C, 0x15, },
168 },
169 [SE052F2] = {
170 .enc = { 0x3a, 0xe4, 0x41, 0xc7, 0x47, 0xe3, 0x2e, 0xbc,
171 0x16, 0xb3, 0xbb, 0x2d, 0x84, 0x3c, 0x6d, 0xd8 },
172 .mac = { 0x6c, 0x18, 0xf3, 0xd0, 0x8f, 0xee, 0x1c, 0xb9,
173 0x6a, 0x3c, 0x8d, 0xe5, 0xd3, 0x53, 0x8a, 0xaa },
174 .dek = { 0xb0, 0xe6, 0xa5, 0x69, 0x7d, 0xbd, 0x92, 0x92,
175 0x43, 0xa4, 0x82, 0xcf, 0x9e, 0x4d, 0x65, 0x22 },
176 },
177 };
178
get_id_from_ofid(uint32_t ofid,uint32_t * id)179 static sss_status_t get_id_from_ofid(uint32_t ofid, uint32_t *id)
180 {
181 switch (ofid) {
182 case SE050A1_ID:
183 *id = SE050A1;
184 break;
185 case SE050A2_ID:
186 *id = SE050A2;
187 break;
188 case SE050B1_ID:
189 *id = SE050B1;
190 break;
191 case SE050B2_ID:
192 *id = SE050B2;
193 break;
194 case SE050C1_ID:
195 *id = SE050C1;
196 break;
197 case SE050C2_ID:
198 *id = SE050C2;
199 break;
200 case SE050DV_ID:
201 *id = SE050DV;
202 break;
203 case SE051A2_ID:
204 *id = SE051A2;
205 break;
206 case SE051C2_ID:
207 *id = SE051C2;
208 break;
209 case SE050F2_ID:
210 *id = SE050F2;
211 break;
212 case SE050E_ID:
213 *id = SE050E;
214 break;
215 case SE051A_ID:
216 *id = SE051A;
217 break;
218 case SE051C_ID:
219 *id = SE051C;
220 break;
221 case SE051W_ID:
222 *id = SE051W;
223 break;
224 case SE050F_ID:
225 *id = SE050F;
226 break;
227 case SE052F2_ID:
228 *id = SE052F2;
229 break;
230 default:
231 return kStatus_SSS_Fail;
232 }
233
234 return kStatus_SSS_Success;
235 }
236
encrypt_key_and_get_kcv(uint8_t * enc,uint8_t * kc,uint8_t * key,struct sss_se05x_ctx * ctx,uint32_t id)237 static sss_status_t encrypt_key_and_get_kcv(uint8_t *enc, uint8_t *kc,
238 uint8_t *key,
239 struct sss_se05x_ctx *ctx,
240 uint32_t id)
241 {
242 static const uint8_t ones[] = { [0 ... AES_KEY_LEN_nBYTE - 1] = 1 };
243 uint8_t enc_len = AES_KEY_LEN_nBYTE;
244 uint8_t kc_len = AES_KEY_LEN_nBYTE;
245 sss_status_t st = kStatus_SSS_Fail;
246 sss_object_t *dek_object = NULL;
247 sss_se05x_symmetric_t symm = { };
248 sss_se05x_object_t ko = { };
249 uint8_t dek[AES_KEY_LEN_nBYTE] = { 0 };
250 size_t dek_len = sizeof(dek);
251 size_t dek_bit_len = dek_len * 8;
252
253 st = sss_se05x_key_object_init(&ko, &ctx->ks);
254 if (st != kStatus_SSS_Success)
255 return kStatus_SSS_Fail;
256
257 st = sss_se05x_key_object_allocate_handle(&ko, id,
258 kSSS_KeyPart_Default,
259 kSSS_CipherType_AES,
260 AES_KEY_LEN_nBYTE,
261 kKeyObject_Mode_Transient);
262 if (st != kStatus_SSS_Success)
263 return kStatus_SSS_Fail;
264
265 st = sss_se05x_key_store_set_key(&ctx->ks, &ko, key, AES_KEY_LEN_nBYTE,
266 AES_KEY_LEN_nBYTE * 8, NULL, 0);
267 if (st != kStatus_SSS_Success)
268 goto out;
269
270 st = sss_se05x_symmetric_context_init(&symm, &ctx->session, &ko,
271 kAlgorithm_SSS_AES_ECB,
272 kMode_SSS_Encrypt);
273 if (st != kStatus_SSS_Success)
274 goto out;
275
276 st = sss_se05x_cipher_one_go(&symm, NULL, 0, ones, kc, kc_len);
277 if (st != kStatus_SSS_Success)
278 goto out;
279
280 dek_object = &ctx->open_ctx.auth.ctx.scp03.pStatic_ctx->Dek;
281 if (se050_host_key_store_get_key(&ctx->host_ks, dek_object,
282 dek, &dek_len, &dek_bit_len))
283 goto out;
284
285 st = sss_se05x_key_store_set_key(&ctx->ks, &ko, dek, AES_KEY_LEN_nBYTE,
286 AES_KEY_LEN_nBYTE * 8, NULL, 0);
287 if (st != kStatus_SSS_Success)
288 goto out;
289
290 st = sss_se05x_cipher_one_go(&symm, NULL, 0, key, enc, enc_len);
291 out:
292 if (symm.keyObject)
293 sss_se05x_symmetric_context_free(&symm);
294
295 sss_se05x_key_object_free(&ko);
296
297 Se05x_API_DeleteSecureObject(&ctx->session.s_ctx, id);
298
299 return st;
300 }
301
prepare_key_data(uint8_t * key,uint8_t * cmd,struct sss_se05x_ctx * ctx,uint32_t id)302 static sss_status_t prepare_key_data(uint8_t *key, uint8_t *cmd,
303 struct sss_se05x_ctx *ctx, uint32_t id)
304 {
305 uint8_t kc[AES_KEY_LEN_nBYTE] = { 0 };
306 sss_status_t status = kStatus_SSS_Fail;
307
308 cmd[0] = PUT_KEYS_KEY_TYPE_CODING_AES;
309 cmd[1] = AES_KEY_LEN_nBYTE + 1;
310 cmd[2] = AES_KEY_LEN_nBYTE;
311 cmd[3 + AES_KEY_LEN_nBYTE] = CRYPTO_KEY_CHECK_LEN;
312
313 status = encrypt_key_and_get_kcv(&cmd[3], kc, key, ctx, id);
314 if (status != kStatus_SSS_Success)
315 return status;
316
317 memcpy(&cmd[3 + AES_KEY_LEN_nBYTE + 1], kc, CRYPTO_KEY_CHECK_LEN);
318
319 return kStatus_SSS_Success;
320 }
321
se050_scp03_prepare_rotate_cmd(struct sss_se05x_ctx * ctx,struct s050_scp_rotate_cmd * cmd,struct se050_scp_key * keys)322 sss_status_t se050_scp03_prepare_rotate_cmd(struct sss_se05x_ctx *ctx,
323 struct s050_scp_rotate_cmd *cmd,
324 struct se050_scp_key *keys)
325
326 {
327 sss_status_t status = kStatus_SSS_Fail;
328 size_t kcv_len = 0;
329 size_t cmd_len = 0;
330 uint8_t key_version = 0;
331 uint8_t *key[] = {
332 [0] = keys->enc,
333 [1] = keys->mac,
334 [2] = keys->dek,
335 };
336 uint32_t oid = 0;
337 size_t i = 0;
338
339 key_version = ctx->open_ctx.auth.ctx.scp03.pStatic_ctx->keyVerNo;
340 cmd->cmd[cmd_len] = key_version;
341 cmd_len += 1;
342
343 cmd->kcv[kcv_len] = key_version;
344 kcv_len += 1;
345
346 for (i = 0; i < ARRAY_SIZE(key); i++) {
347 status = se050_get_oid(&oid);
348 if (status != kStatus_SSS_Success)
349 return kStatus_SSS_Fail;
350
351 status = prepare_key_data(key[i], &cmd->cmd[cmd_len], ctx, oid);
352 if (status != kStatus_SSS_Success)
353 return kStatus_SSS_Fail;
354
355 memcpy(&cmd->kcv[kcv_len],
356 &cmd->cmd[cmd_len + 3 + AES_KEY_LEN_nBYTE + 1],
357 CRYPTO_KEY_CHECK_LEN);
358
359 cmd_len += 3 + AES_KEY_LEN_nBYTE + 1 + CRYPTO_KEY_CHECK_LEN;
360 kcv_len += CRYPTO_KEY_CHECK_LEN;
361 }
362
363 cmd->cmd_len = cmd_len;
364 cmd->kcv_len = kcv_len;
365
366 return kStatus_SSS_Success;
367 }
368
get_ofid_key(struct se050_scp_key * keys)369 static sss_status_t get_ofid_key(struct se050_scp_key *keys)
370 {
371 uint32_t oefid = SHIFT_U32(se050_ctx.se_info.oefid[0], 8) |
372 SHIFT_U32(se050_ctx.se_info.oefid[1], 0);
373 sss_status_t status = kStatus_SSS_Success;
374 uint32_t id = 0;
375
376 status = get_id_from_ofid(oefid, &id);
377 if (status != kStatus_SSS_Success)
378 return status;
379
380 memcpy(keys, &se050_default_keys[id], sizeof(*keys));
381 return kStatus_SSS_Success;
382 }
383
get_config_key(struct se050_scp_key * keys __maybe_unused)384 static sss_status_t get_config_key(struct se050_scp_key *keys __maybe_unused)
385 {
386 #ifdef CFG_CORE_SE05X_SCP03_CURRENT_DEK
387 struct se050_scp_key current_keys = {
388 .dek = { CFG_CORE_SE05X_SCP03_CURRENT_DEK },
389 .mac = { CFG_CORE_SE05X_SCP03_CURRENT_MAC },
390 .enc = { CFG_CORE_SE05X_SCP03_CURRENT_ENC },
391 };
392
393 memcpy(keys, ¤t_keys, sizeof(*keys));
394 return kStatus_SSS_Success;
395 #else
396 return kStatus_SSS_Fail;
397 #endif
398 }
399
get_scp03_ksrc_name(enum se050_scp03_ksrc k)400 static const char * __maybe_unused get_scp03_ksrc_name(enum se050_scp03_ksrc k)
401 {
402 switch (k) {
403 case SCP03_DERIVED:
404 return "derived";
405 case SCP03_CFG:
406 return "built-in";
407 case SCP03_OFID:
408 return "factory";
409 default:
410 panic();
411 }
412
413 return NULL;
414 }
415
se050_scp03_subkey_derive(struct se050_scp_key * keys)416 sss_status_t se050_scp03_subkey_derive(struct se050_scp_key *keys)
417 {
418 struct {
419 const char *name;
420 uint8_t *data;
421 } key[3] = {
422 [0] = { .name = "dek", .data = keys->dek },
423 [1] = { .name = "mac", .data = keys->mac },
424 [2] = { .name = "enc", .data = keys->enc },
425 };
426 uint8_t msg[SE050_SCP03_KEY_SZ + 3] = { 0 };
427 size_t i = 0;
428
429 if (IS_ENABLED(CFG_CORE_SCP03_ONLY)) {
430 memset(msg, 0x55, sizeof(msg));
431 } else {
432 /* add some randomness */
433 if (tee_otp_get_die_id(msg + 3, SE050_SCP03_KEY_SZ))
434 return kStatus_SSS_Fail;
435 }
436
437 for (i = 0; i < ARRAY_SIZE(key); i++) {
438 memcpy(msg, key[i].name, 3);
439 if (huk_subkey_derive(HUK_SUBKEY_SE050, msg, sizeof(msg),
440 key[i].data, SE050_SCP03_KEY_SZ))
441 return kStatus_SSS_Fail;
442 }
443
444 return kStatus_SSS_Success;
445 }
446
se050_scp03_enabled(void)447 bool se050_scp03_enabled(void)
448 {
449 return scp03_enabled;
450 }
451
se050_scp03_set_enable(enum se050_scp03_ksrc ksrc)452 void se050_scp03_set_enable(enum se050_scp03_ksrc ksrc)
453 {
454 scp03_enabled = true;
455 scp03_ksrc = ksrc;
456
457 IMSG("SE05X SCP03 using %s keys", get_scp03_ksrc_name(ksrc));
458 }
459
se050_scp03_set_disable(void)460 void se050_scp03_set_disable(void)
461 {
462 scp03_enabled = false;
463 }
464
se050_scp03_get_keys(struct se050_scp_key * keys,enum se050_scp03_ksrc ksrc)465 sss_status_t se050_scp03_get_keys(struct se050_scp_key *keys,
466 enum se050_scp03_ksrc ksrc)
467 {
468 switch (ksrc) {
469 case SCP03_CFG:
470 return get_config_key(keys);
471 case SCP03_DERIVED:
472 return se050_scp03_subkey_derive(keys);
473 case SCP03_OFID:
474 return get_ofid_key(keys);
475 default:
476 return kStatus_SSS_Fail;
477 }
478 }
479
se050_scp03_get_current_keys(struct se050_scp_key * keys)480 sss_status_t se050_scp03_get_current_keys(struct se050_scp_key *keys)
481 {
482 if (se050_scp03_enabled())
483 return se050_scp03_get_keys(keys, scp03_ksrc);
484
485 return kStatus_SSS_Fail;
486 }
487