Root_key Key ladder and Cpu BCM
{
#if NEXUS_HAS_SECURITY
NEXUS_Error rc;
NEXUS_KeySlotHandle pKeySlot = NULL;
NEXUS_SecurityKeySlotSettings keySettings;
NEXUS_SecurityAlgorithmSettings algSettings;
NEXUS_SecurityClearKey key;
NEXUS_Security_GetDefaultAlgorithmSettings(&algSettings);
switch (encryption->type) {
case bencryption_type_aes:
BDBG_MSG(("b_keyslot_m2m_allocate: Creating AES keyslot"));
algSettings.algorithm = NEXUS_SecurityAlgorithm_eAes;
break;
case bencryption_type_des:
BDBG_MSG(("b_keyslot_m2m_allocate: Creating DES keyslot"));
algSettings.algorithm = NEXUS_SecurityAlgorithm_eDes;
break;
case bencryption_type_3des:
BDBG_MSG(("b_keyslot_m2m_allocate: Creating 3DES keyslot"));
algSettings.algorithm = NEXUS_SecurityAlgorithm_e3DesAba;
break;
default:
BDBG_MSG(("b_keyslot_m2m_allocate: Unsupported encryption type: %d",encryption->type));
goto error;
}
NEXUS_Security_GetDefaultKeySlotSettings(&keySettings);
#if NEXUS_NUM_DMA_CHANNELS
keySettings.keySlotEngine = NEXUS_SecurityEngine_eM2m;
#else
keySettings.keySlotEngine = NEXUS_SecurityEngine_eCp;
#endif
pKeySlot = NEXUS_Security_AllocateKeySlot(&keySettings);
if (!pKeySlot) {
BDBG_ERR(("b_keyslot_m2m_allocate: Unable to allocate m2m keyslot"));
goto error;
}
algSettings.algorithmVar = encryption->blockmode == bcrypto_blockmode_cbc ? NEXUS_SecurityAlgorithmVariant_eCbc : NEXUS_SecurityAlgorithmVariant_eEcb;
algSettings.terminationMode = NEXUS_SecurityTerminationMode_eClear;
#if NEXUS_NUM_DMA_CHANNELS
algSettings.operation = encrypt ? NEXUS_SecurityOperation_eEncrypt : NEXUS_SecurityOperation_eDecrypt;
#else
algSettings.dest = encrypt ? NEXUS_SecurityAlgorithmConfigDestination_eCps : NEXUS_SecurityAlgorithmConfigDestination_eCpd;
#endif
algSettings.enableTimestamps = timestamp;
rc = NEXUS_Security_ConfigAlgorithm(pKeySlot, &algSettings);
if (rc != 0) {
BDBG_ERR(("b_keyslot_m2m_allocate: Unable to configure m2m algorithm"));
goto error_keyslot;
}
if (encryption->key_ladder) {
#if NEXUS_HAS_KEYLADDER_SUPPORT
bcrypto_keyladder_data *keyladder_data = (bcrypto_keyladder_data *)encryption->long_key;
NEXUS_SecurityEncryptedSessionKey key3;
NEXUS_SecurityEncryptedControlWord key4;
if (encryption->key_length != 8*sizeof(bcrypto_keyladder_data)) {
BDBG_ERR(("b_keyslot_m2m_allocate: Invalid keyladder_data size"));
goto error_keyslot;
}
if (!keyladder_data) {
BDBG_ERR(("b_keyslot_m2m_allocate: No keyladder data provided!"));
goto error_keyslot;
}
if (keyladder_data->keyladder_key != bcrypto_keyladder_key_4 && keyladder_data->keyladder_key != bcrypto_keyladder_key_5) {
BDBG_ERR(("b_keyslot_m2m_allocate: Unsupported keyladder key"));
goto error_keyslot;
}
key3.keyladderID = NEXUS_SecurityKeyladderID_eA;
key3.keyladderType = NEXUS_SecurityKeyladderType_e3Des;
switch (keyladder_data->rootkey_src) {
case bcrypto_rootkey_cust_key:
key3.rootKeySrc = NEXUS_SecurityRootKeySrc_eCuskey;
break;
case bcrypto_rootkey_otp_a:
key3.rootKeySrc = NEXUS_SecurityRootKeySrc_eOtpKeyA;
break;
case bcrypto_rootkey_otp_b:
key3.rootKeySrc = NEXUS_SecurityRootKeySrc_eOtpKeyB;
break;
case bcrypto_rootkey_otp_c:
key3.rootKeySrc = NEXUS_SecurityRootKeySrc_eOtpKeyC;
break;
default:
BDBG_ERR(("b_keyslot_m2m_allocate: Unsupported keyladder root key source"));
goto error_keyslot;
}
switch (keyladder_data->swizzle) {
case bcrypto_swizzle_none:
key3.swizzleType = NEXUS_SecuritySwizzleType_eNone;
break;
case bcrypto_swizzle_0:
key3.swizzleType = NEXUS_SecuritySwizzleType_eSwizzle0;
break;
case bcrypto_swizzle_1:
default:
BDBG_ERR(("b_keyslot_m2m_allocate: Unsupported swizzle"));
goto error_keyslot;
}
key3.keyEntryType = NEXUS_SecurityKeyType_eOdd;
key3.operation = keyladder_data->gen_key_decrypt ? NEXUS_SecurityOperation_eDecrypt : NEXUS_SecurityOperation_eEncrypt;
key3.cusKeyL = keyladder_data->key_cust_low;
key3.cusKeyH = keyladder_data->key_cust_high;
key3.cusKeyVarL = keyladder_data->key_var_low;
key3.cusKeyVarH = keyladder_data->key_var_high;
BKNI_Memcpy((void *)(key3.keyData),
(void *)(keyladder_data->odd_in_3),
24);
key3.bRouteKey = false;