1 // SPDX-License-Identifier: BSD-2-Clause
2 /*
3  * Copyright (C) Foundries Ltd. 2020 - All Rights Reserved
4  * Author: Jorge Ramirez <jorge@foundries.io>
5  */
6 #include <assert.h>
7 #include <bitstring.h>
8 #include <config.h>
9 #include <crypto/crypto.h>
10 #include <kernel/huk_subkey.h>
11 #include <kernel/mutex.h>
12 #include <kernel/panic.h>
13 #include <kernel/refcount.h>
14 #include <kernel/tee_common_otp.h>
15 #include <kernel/thread.h>
16 #include <mm/mobj.h>
17 #include <optee_rpc_cmd.h>
18 #include <se050.h>
19 #include <se050_utils.h>
20 #include <scp.h>
21 #include <stdint.h>
22 #include <stdio.h>
23 #include <string.h>
24 #include <tee_api_defines_extensions.h>
25 #include <tee/tee_cryp_utl.h>
26 #include <utee_defines.h>
27 
28 static enum se050_scp03_ksrc scp03_ksrc;
29 static bool scp03_enabled;
30 
31 #define SE050A1 0
32 #define SE050A2 1
33 #define SE050B1 2
34 #define SE050B2 3
35 #define SE050C1 4
36 #define SE050C2 5
37 #define SE050DV 6
38 #define SE051A2 7
39 #define SE051C2 8
40 #define SE050F2 9
41 #define SE050E 10
42 #define SE051A 11
43 #define SE051C 12
44 #define SE051W 13
45 #define SE050F 14
46 
47 static const struct se050_scp_key se050_default_keys[] = {
48 	[SE050A1] = {
49 		.enc = { 0x34, 0xae, 0x09, 0x67, 0xe3, 0x29, 0xe9, 0x51,
50 			0x8e, 0x72, 0x65, 0xd5, 0xad, 0xcc, 0x01, 0xc2 },
51 		.mac = { 0x52, 0xb2, 0x53, 0xca, 0xdf, 0x47, 0x2b, 0xdb,
52 			0x3d, 0x0f, 0xb3, 0x8e, 0x09, 0x77, 0x00, 0x99 },
53 		.dek = { 0xac, 0xc9, 0x14, 0x31, 0xfe, 0x26, 0x81, 0x1b,
54 			0x5e, 0xcb, 0xc8, 0x45, 0x62, 0x0d, 0x83, 0x44 },
55 	},
56 	[SE050A2] = {
57 		.enc = { 0x46, 0xa9, 0xc4, 0x8c, 0x34, 0xef, 0xe3, 0x44,
58 			0xa5, 0x22, 0xe6, 0x67, 0x44, 0xf8, 0x99, 0x6a },
59 		.mac = { 0x12, 0x03, 0xff, 0x61, 0xdf, 0xbc, 0x9c, 0x86,
60 			0x19, 0x6a, 0x22, 0x74, 0xae, 0xf4, 0xed, 0x28 },
61 		.dek = { 0xf7, 0x56, 0x1c, 0x6f, 0x48, 0x33, 0x61, 0x19,
62 			0xee, 0x39, 0x43, 0x9a, 0xab, 0x34, 0x09, 0x8e },
63 	},
64 	[SE050B1] = {
65 		.enc = { 0xd4, 0x99, 0xbc, 0x90, 0xde, 0xa5, 0x42, 0xcf,
66 			0x78, 0xd2, 0x5e, 0x13, 0xd6, 0x4c, 0xbb, 0x1f },
67 		.mac = { 0x08, 0x15, 0x55, 0x96, 0x43, 0xfb, 0x79, 0xeb,
68 			0x85, 0x01, 0xa0, 0xdc, 0x83, 0x3d, 0x90, 0x1f },
69 		.dek = { 0xbe, 0x7d, 0xdf, 0xb4, 0x06, 0xe8, 0x1a, 0xe4,
70 			0xe9, 0x66, 0x5a, 0x9f, 0xed, 0x64, 0x26, 0x7c },
71 	},
72 	[SE050B2] = {
73 		.enc = { 0x5f, 0xa4, 0x3d, 0x82, 0x02, 0xd2, 0x5e, 0x9a,
74 			0x85, 0xb1, 0xfe, 0x7e, 0x2d, 0x26, 0x47, 0x8d },
75 		.mac = { 0x10, 0x5c, 0xea, 0x22, 0x19, 0xf5, 0x2b, 0xd1,
76 			0x67, 0xa0, 0x74, 0x63, 0xc6, 0x93, 0x79, 0xc3 },
77 		.dek = { 0xd7, 0x02, 0x81, 0x57, 0xf2, 0xad, 0x37, 0x2c,
78 			0x74, 0xbe, 0x96, 0x9b, 0xcc, 0x39, 0x06, 0x27 },
79 	},
80 	[SE050C1] = {
81 		.enc = { 0x85, 0x2b, 0x59, 0x62, 0xe9, 0xcc, 0xe5, 0xd0,
82 			0xbe, 0x74, 0x6b, 0x83, 0x3b, 0xcc, 0x62, 0x87 },
83 		.mac = { 0xdb, 0x0a, 0xa3, 0x19, 0xa4, 0x08, 0x69, 0x6c,
84 			0x8e, 0x10, 0x7a, 0xb4, 0xe3, 0xc2, 0x6b, 0x47 },
85 		.dek = { 0x4c, 0x2f, 0x75, 0xc6, 0xa2, 0x78, 0xa4, 0xae,
86 			0xe5, 0xc9, 0xaf, 0x7c, 0x50, 0xee, 0xa8, 0x0c },
87 	},
88 	[SE050C2] = {
89 		.enc = { 0xbd, 0x1d, 0xe2, 0x0a, 0x81, 0xea, 0xb2, 0xbf,
90 			0x3b, 0x70, 0x9a, 0x9d, 0x69, 0xa3, 0x12, 0x54 },
91 		.mac = { 0x9a, 0x76, 0x1b, 0x8d, 0xba, 0x6b, 0xed, 0xf2,
92 			0x27, 0x41, 0xe4, 0x5d, 0x8d, 0x42, 0x36, 0xf5 },
93 		.dek = { 0x9b, 0x99, 0x3b, 0x60, 0x0f, 0x1c, 0x64, 0xf5,
94 			0xad, 0xc0, 0x63, 0x19, 0x2a, 0x96, 0xc9, 0x47 },
95 	},
96 	[SE050DV] = {
97 		.enc = { 0x35, 0xc2, 0x56, 0x45, 0x89, 0x58, 0xa3, 0x4f,
98 			0x61, 0x36, 0x15, 0x5f, 0x82, 0x09, 0xd6, 0xcd },
99 		.mac = { 0xaf, 0x17, 0x7d, 0x5d, 0xbd, 0xf7, 0xc0, 0xd5,
100 			0xc1, 0x0a, 0x05, 0xb9, 0xf1, 0x60, 0x7f, 0x78 },
101 		.dek = { 0xa1, 0xbc, 0x84, 0x38, 0xbf, 0x77, 0x93, 0x5b,
102 			0x36, 0x1a, 0x44, 0x25, 0xfe, 0x79, 0xfa, 0x29 },
103 	},
104 	[SE051A2] = {
105 		.enc = { 0x84, 0x0a, 0x5d, 0x51, 0x79, 0x55, 0x11, 0xc9,
106 			0xce, 0xf0, 0xc9, 0x6f, 0xd2, 0xcb, 0xf0, 0x41 },
107 		.mac = { 0x64, 0x6b, 0xc2, 0xb8, 0xc3, 0xa4, 0xd9, 0xc1,
108 			0xfa, 0x8d, 0x71, 0x16, 0xbe, 0x04, 0xfd, 0xfe },
109 		.dek = { 0x03, 0xe6, 0x69, 0x9a, 0xca, 0x94, 0x26, 0xd9,
110 			0xc3, 0x89, 0x22, 0xf8, 0x91, 0x4c, 0xe5, 0xf7 },
111 	},
112 	[SE051C2] = {
113 		.enc = { 0x88, 0xdb, 0xcd, 0x65, 0x82, 0x0d, 0x2a, 0xa0,
114 			0x6f, 0xfa, 0xb9, 0x2a, 0xa8, 0xe7, 0x93, 0x64 },
115 		.mac = { 0xa8, 0x64, 0x4e, 0x2a, 0x04, 0xd9, 0xe9, 0xc8,
116 			0xc0, 0xea, 0x60, 0x86, 0x68, 0x29, 0x99, 0xe5 },
117 		.dek = { 0x8a, 0x38, 0x72, 0x38, 0x99, 0x88, 0x18, 0x44,
118 			0xe2, 0xc1, 0x51, 0x3d, 0xac, 0xd9, 0xf8, 0x0d },
119 	},
120 	[SE050F2] = {
121 		.enc = { 0x91, 0x88, 0xda, 0x8c, 0xf3, 0x69, 0xcf, 0xa9,
122 			0xa0, 0x08, 0x91, 0x62, 0x7b, 0x65, 0x34, 0x5a },
123 		.mac = { 0xcb, 0x20, 0xf8, 0x09, 0xc7, 0xa0, 0x39, 0x32,
124 			0xbc, 0x20, 0x3b, 0x0a, 0x01, 0x81, 0x6c, 0x81 },
125 		.dek = { 0x27, 0x8e, 0x61, 0x9d, 0x83, 0x51, 0x8e, 0x14,
126 			0xc6, 0xf1, 0xe4, 0xfa, 0x96, 0x8b, 0xe5, 0x1c },
127 	},
128 	[SE050E] = {
129 		.enc = { 0xd2, 0xdb, 0x63, 0xe7, 0xa0, 0xa5, 0xae, 0xd7,
130 			0x2a, 0x64, 0x60, 0xc4, 0xdf, 0xdc, 0xaf, 0x64 },
131 		.mac = { 0x73, 0x8d, 0x5b, 0x79, 0x8e, 0xd2, 0x41, 0xb0,
132 			0xb2, 0x47, 0x68, 0x51, 0x4b, 0xfb, 0xa9, 0x5b },
133 		.dek = { 0x67, 0x02, 0xda, 0xc3, 0x09, 0x42, 0xb2, 0xc8,
134 			0x5e, 0x7f, 0x47, 0xb4, 0x2c, 0xed, 0x4e, 0x7f },
135 	},
136 	[SE051A] = {
137 		.enc = { 0x88, 0xea, 0x9f, 0xa6, 0x86, 0xf3, 0xcf, 0x2f,
138 			0xfc, 0xaf, 0x4b, 0x1c, 0xba, 0x93, 0xe4, 0x42 },
139 		.mac = { 0x4f, 0x16, 0x3f, 0x59, 0xf0, 0x74, 0x31, 0xf4,
140 			0x3e, 0xe2, 0xee, 0x18, 0x34, 0xa5, 0x23, 0x34 },
141 		.dek = { 0xd4, 0x76, 0xcf, 0x47, 0xaa, 0x27, 0xb5, 0x4a,
142 			0xb3, 0xdb, 0xeb, 0xe7, 0x65, 0x6d, 0x67, 0x70 },
143 	},
144 	[SE051C] = {
145 		.enc = { 0xbf, 0xc2, 0xdb, 0xe1, 0x82, 0x8e, 0x03, 0x5d,
146 			0x3e, 0x7f, 0xa3, 0x6b, 0x90, 0x2a, 0x05, 0xc6 },
147 		.mac = { 0xbe, 0xf8, 0x5b, 0xd7, 0xba, 0x04, 0x97, 0xd6,
148 			0x28, 0x78, 0x1c, 0xe4, 0x7b, 0x18, 0x8c, 0x96 },
149 		.dek = { 0xd8, 0x73, 0xf3, 0x16, 0xbe, 0x29, 0x7f, 0x2f,
150 			0xc9, 0xc0, 0xe4, 0x5f, 0x54, 0x71, 0x06, 0x99 }
151 	},
152 	[SE051W] = {
153 		.enc = { 0x18, 0xb3, 0xb4, 0xe3, 0x40, 0xc0, 0x80, 0xd9,
154 			0x9b, 0xeb, 0xb8, 0xb8, 0x64, 0x4b, 0x8c, 0x52 },
155 		.mac = { 0x3d, 0x0c, 0xfa, 0xc8, 0x7b, 0x96, 0x7c, 0x00,
156 			0xe3, 0x3b, 0xa4, 0x96, 0x61, 0x38, 0x38, 0xa2 },
157 		.dek = { 0x68, 0x06, 0x83, 0xf9, 0x4e, 0x6b, 0xcb, 0x94,
158 			0x73, 0xec, 0xc1, 0x56, 0x7a, 0x1b, 0xd1, 0x09 },
159 	},
160 	[SE050F] = {
161 		.enc = { 0xB5, 0x0E, 0x1F, 0x12, 0xB8, 0x1F, 0xE5, 0x3B,
162 			0x6C, 0x3B, 0x53, 0x87, 0x91, 0x2A, 0x1A, 0x5A, },
163 		.mac = { 0x71, 0x93, 0x69, 0x59, 0xD3, 0x7F, 0x2B, 0x22,
164 			0xC5, 0xA0, 0xC3, 0x49, 0x19, 0xA2, 0xBC, 0x1F, },
165 		.dek = { 0x86, 0x95, 0x93, 0x23, 0x98, 0x54, 0xDC, 0x0D,
166 			0x86, 0x99, 0x00, 0x50, 0x0C, 0xA7, 0x9C, 0x15, },
167 	},
168 };
169 
get_id_from_ofid(uint32_t ofid,uint32_t * id)170 static sss_status_t get_id_from_ofid(uint32_t ofid, uint32_t *id)
171 {
172 	switch (ofid) {
173 	case SE050A1_ID:
174 		*id = SE050A1;
175 		break;
176 	case SE050A2_ID:
177 		*id = SE050A2;
178 		break;
179 	case SE050B1_ID:
180 		*id = SE050B1;
181 		break;
182 	case SE050B2_ID:
183 		*id = SE050B2;
184 		break;
185 	case SE050C1_ID:
186 		*id = SE050C1;
187 		break;
188 	case SE050C2_ID:
189 		*id = SE050C2;
190 		break;
191 	case SE050DV_ID:
192 		*id = SE050DV;
193 		break;
194 	case SE051A2_ID:
195 		*id = SE051A2;
196 		break;
197 	case SE051C2_ID:
198 		*id = SE051C2;
199 		break;
200 	case SE050F2_ID:
201 		*id = SE050F2;
202 		break;
203 	case SE050E_ID:
204 		*id = SE050E;
205 		break;
206 	case SE051A_ID:
207 		*id = SE051A;
208 		break;
209 	case SE051C_ID:
210 		*id = SE051C;
211 		break;
212 	case SE051W_ID:
213 		*id = SE051W;
214 		break;
215 	case SE050F_ID:
216 		*id = SE050F;
217 		break;
218 	default:
219 		return kStatus_SSS_Fail;
220 	}
221 
222 	return kStatus_SSS_Success;
223 }
224 
encrypt_key_and_get_kcv(uint8_t * enc,uint8_t * kc,uint8_t * key,struct sss_se05x_ctx * ctx,uint32_t id)225 static sss_status_t encrypt_key_and_get_kcv(uint8_t *enc, uint8_t *kc,
226 					    uint8_t *key,
227 					    struct sss_se05x_ctx *ctx,
228 					    uint32_t id)
229 {
230 	static const uint8_t ones[] = { [0 ... AES_KEY_LEN_nBYTE - 1] = 1 };
231 	uint8_t enc_len = AES_KEY_LEN_nBYTE;
232 	uint8_t kc_len = AES_KEY_LEN_nBYTE;
233 	sss_status_t st = kStatus_SSS_Fail;
234 	sss_object_t *dek_object = NULL;
235 	sss_se05x_symmetric_t symm = { };
236 	sss_se05x_object_t ko = { };
237 	uint8_t dek[AES_KEY_LEN_nBYTE] = { 0 };
238 	size_t dek_len = sizeof(dek);
239 	size_t dek_bit_len = dek_len * 8;
240 
241 	st = sss_se05x_key_object_init(&ko, &ctx->ks);
242 	if (st != kStatus_SSS_Success)
243 		return kStatus_SSS_Fail;
244 
245 	st = sss_se05x_key_object_allocate_handle(&ko, id,
246 						  kSSS_KeyPart_Default,
247 						  kSSS_CipherType_AES,
248 						  AES_KEY_LEN_nBYTE,
249 						  kKeyObject_Mode_Transient);
250 	if (st != kStatus_SSS_Success)
251 		return kStatus_SSS_Fail;
252 
253 	st = sss_se05x_key_store_set_key(&ctx->ks, &ko, key, AES_KEY_LEN_nBYTE,
254 					 AES_KEY_LEN_nBYTE * 8, NULL, 0);
255 	if (st != kStatus_SSS_Success)
256 		goto out;
257 
258 	st = sss_se05x_symmetric_context_init(&symm, &ctx->session, &ko,
259 					      kAlgorithm_SSS_AES_ECB,
260 					      kMode_SSS_Encrypt);
261 	if (st != kStatus_SSS_Success)
262 		goto out;
263 
264 	st = sss_se05x_cipher_one_go(&symm, NULL, 0, ones, kc, kc_len);
265 	if (st != kStatus_SSS_Success)
266 		goto out;
267 
268 	dek_object = &ctx->open_ctx.auth.ctx.scp03.pStatic_ctx->Dek;
269 	if (se050_host_key_store_get_key(&ctx->host_ks, dek_object,
270 					 dek, &dek_len, &dek_bit_len))
271 		goto out;
272 
273 	st = sss_se05x_key_store_set_key(&ctx->ks, &ko, dek, AES_KEY_LEN_nBYTE,
274 					 AES_KEY_LEN_nBYTE * 8, NULL, 0);
275 	if (st != kStatus_SSS_Success)
276 		goto out;
277 
278 	st = sss_se05x_cipher_one_go(&symm, NULL, 0, key, enc, enc_len);
279 out:
280 	if (symm.keyObject)
281 		sss_se05x_symmetric_context_free(&symm);
282 
283 	sss_se05x_key_object_free(&ko);
284 
285 	Se05x_API_DeleteSecureObject(&ctx->session.s_ctx, id);
286 
287 	return st;
288 }
289 
prepare_key_data(uint8_t * key,uint8_t * cmd,struct sss_se05x_ctx * ctx,uint32_t id)290 static sss_status_t prepare_key_data(uint8_t *key, uint8_t *cmd,
291 				     struct sss_se05x_ctx *ctx, uint32_t id)
292 {
293 	uint8_t kc[AES_KEY_LEN_nBYTE] = { 0 };
294 	sss_status_t status = kStatus_SSS_Fail;
295 
296 	cmd[0] = PUT_KEYS_KEY_TYPE_CODING_AES;
297 	cmd[1] = AES_KEY_LEN_nBYTE + 1;
298 	cmd[2] = AES_KEY_LEN_nBYTE;
299 	cmd[3 + AES_KEY_LEN_nBYTE] = CRYPTO_KEY_CHECK_LEN;
300 
301 	status = encrypt_key_and_get_kcv(&cmd[3], kc, key, ctx, id);
302 	if (status != kStatus_SSS_Success)
303 		return status;
304 
305 	memcpy(&cmd[3 + AES_KEY_LEN_nBYTE + 1], kc, CRYPTO_KEY_CHECK_LEN);
306 
307 	return kStatus_SSS_Success;
308 }
309 
se050_scp03_prepare_rotate_cmd(struct sss_se05x_ctx * ctx,struct s050_scp_rotate_cmd * cmd,struct se050_scp_key * keys)310 sss_status_t se050_scp03_prepare_rotate_cmd(struct sss_se05x_ctx *ctx,
311 					    struct s050_scp_rotate_cmd *cmd,
312 					    struct se050_scp_key *keys)
313 
314 {
315 	sss_status_t status = kStatus_SSS_Fail;
316 	size_t kcv_len = 0;
317 	size_t cmd_len = 0;
318 	uint8_t key_version = 0;
319 	uint8_t *key[] = {
320 		[0] = keys->enc,
321 		[1] = keys->mac,
322 		[2] = keys->dek,
323 	};
324 	uint32_t oid = 0;
325 	size_t i = 0;
326 
327 	key_version = ctx->open_ctx.auth.ctx.scp03.pStatic_ctx->keyVerNo;
328 	cmd->cmd[cmd_len] = key_version;
329 	cmd_len += 1;
330 
331 	cmd->kcv[kcv_len] = key_version;
332 	kcv_len += 1;
333 
334 	for (i = 0; i < ARRAY_SIZE(key); i++) {
335 		status = se050_get_oid(&oid);
336 		if (status != kStatus_SSS_Success)
337 			return kStatus_SSS_Fail;
338 
339 		status = prepare_key_data(key[i], &cmd->cmd[cmd_len], ctx, oid);
340 		if (status != kStatus_SSS_Success)
341 			return kStatus_SSS_Fail;
342 
343 		memcpy(&cmd->kcv[kcv_len],
344 		       &cmd->cmd[cmd_len + 3 + AES_KEY_LEN_nBYTE + 1],
345 		       CRYPTO_KEY_CHECK_LEN);
346 
347 		cmd_len += 3 + AES_KEY_LEN_nBYTE + 1 + CRYPTO_KEY_CHECK_LEN;
348 		kcv_len += CRYPTO_KEY_CHECK_LEN;
349 	}
350 
351 	cmd->cmd_len = cmd_len;
352 	cmd->kcv_len = kcv_len;
353 
354 	return kStatus_SSS_Success;
355 }
356 
get_ofid_key(struct se050_scp_key * keys)357 static sss_status_t get_ofid_key(struct se050_scp_key *keys)
358 {
359 	uint32_t oefid = SHIFT_U32(se050_ctx.se_info.oefid[0], 8) |
360 			 SHIFT_U32(se050_ctx.se_info.oefid[1], 0);
361 	sss_status_t status = kStatus_SSS_Success;
362 	uint32_t id = 0;
363 
364 	status = get_id_from_ofid(oefid, &id);
365 	if (status != kStatus_SSS_Success)
366 		return status;
367 
368 	memcpy(keys, &se050_default_keys[id], sizeof(*keys));
369 	return kStatus_SSS_Success;
370 }
371 
get_config_key(struct se050_scp_key * keys __maybe_unused)372 static sss_status_t get_config_key(struct se050_scp_key *keys __maybe_unused)
373 {
374 #ifdef CFG_CORE_SE05X_SCP03_CURRENT_DEK
375 	struct se050_scp_key current_keys = {
376 		.dek = { CFG_CORE_SE05X_SCP03_CURRENT_DEK },
377 		.mac = { CFG_CORE_SE05X_SCP03_CURRENT_MAC },
378 		.enc = { CFG_CORE_SE05X_SCP03_CURRENT_ENC },
379 	};
380 
381 	memcpy(keys, &current_keys, sizeof(*keys));
382 	return kStatus_SSS_Success;
383 #else
384 	return kStatus_SSS_Fail;
385 #endif
386 }
387 
get_scp03_ksrc_name(enum se050_scp03_ksrc k)388 static const char * __maybe_unused get_scp03_ksrc_name(enum se050_scp03_ksrc k)
389 {
390 	switch (k) {
391 	case SCP03_DERIVED:
392 		return "derived";
393 	case SCP03_CFG:
394 		return "built-in";
395 	case SCP03_OFID:
396 		return "factory";
397 	default:
398 		panic();
399 	}
400 
401 	return NULL;
402 }
403 
se050_scp03_subkey_derive(struct se050_scp_key * keys)404 sss_status_t se050_scp03_subkey_derive(struct se050_scp_key *keys)
405 {
406 	struct {
407 		const char *name;
408 		uint8_t *data;
409 	} key[3] = {
410 		[0] = { .name = "dek", .data = keys->dek },
411 		[1] = { .name = "mac", .data = keys->mac },
412 		[2] = { .name = "enc", .data = keys->enc },
413 	};
414 	uint8_t msg[SE050_SCP03_KEY_SZ + 3] = { 0 };
415 	size_t i = 0;
416 
417 	if (IS_ENABLED(CFG_CORE_SCP03_ONLY)) {
418 		memset(msg, 0x55, sizeof(msg));
419 	} else {
420 		/* add some randomness */
421 		if (tee_otp_get_die_id(msg + 3, SE050_SCP03_KEY_SZ))
422 			return kStatus_SSS_Fail;
423 	}
424 
425 	for (i = 0; i < ARRAY_SIZE(key); i++) {
426 		memcpy(msg, key[i].name, 3);
427 		if (huk_subkey_derive(HUK_SUBKEY_SE050, msg, sizeof(msg),
428 				      key[i].data, SE050_SCP03_KEY_SZ))
429 			return kStatus_SSS_Fail;
430 	}
431 
432 	return kStatus_SSS_Success;
433 }
434 
se050_scp03_enabled(void)435 bool se050_scp03_enabled(void)
436 {
437 	return scp03_enabled;
438 }
439 
se050_scp03_set_enable(enum se050_scp03_ksrc ksrc)440 void se050_scp03_set_enable(enum se050_scp03_ksrc ksrc)
441 {
442 	scp03_enabled = true;
443 	scp03_ksrc = ksrc;
444 
445 	IMSG("SE05X SCP03 using %s keys", get_scp03_ksrc_name(ksrc));
446 }
447 
se050_scp03_set_disable(void)448 void se050_scp03_set_disable(void)
449 {
450 	scp03_enabled = false;
451 }
452 
se050_scp03_get_keys(struct se050_scp_key * keys,enum se050_scp03_ksrc ksrc)453 sss_status_t se050_scp03_get_keys(struct se050_scp_key *keys,
454 				  enum se050_scp03_ksrc ksrc)
455 {
456 	switch (ksrc) {
457 	case SCP03_CFG:
458 		return get_config_key(keys);
459 	case SCP03_DERIVED:
460 		return se050_scp03_subkey_derive(keys);
461 	case SCP03_OFID:
462 		return get_ofid_key(keys);
463 	default:
464 		return kStatus_SSS_Fail;
465 	}
466 }
467 
se050_scp03_get_current_keys(struct se050_scp_key * keys)468 sss_status_t se050_scp03_get_current_keys(struct se050_scp_key *keys)
469 {
470 	if (se050_scp03_enabled())
471 		return se050_scp03_get_keys(keys, scp03_ksrc);
472 
473 	return kStatus_SSS_Fail;
474 }
475