Git Browser for ODROID
Code Review Sign In
git.odroid.com / yocto / uboot / 3cde19c927035c8f5b94cd61841e8770f8fe2f98 / . / cmd / amlogic / partition_encryption.c
blob: b6154a79ef187a1af76f251d88854f8470669e5e [file] [log] [blame]
Mingyen Hung96effce2023-09-01 00:39:46 -0700[diff] [blame]1// SPDX-License-Identifier: (GPL-2.0+ OR MIT)
2/*
3 * Copyright (c) 2019 Amlogic, Inc. All rights reserved.
4 */
5
6#include <config.h>
7#include <common.h>
8#include <command.h>
9#include <fdt_support.h>
10#include <amlogic/aml_crypto.h>
11#include <amlogic/aml_mkl.h>
12#include <amlogic/store_wrapper.h>
13#include <malloc.h>
14#include <u-boot/md5.h>
15#include <uboot_aes.h>
16#include <amlogic/partition_encryption.h>
17#include <linux/libfdt.h>
18
19#define DEBUG (0)
20#define ERROR_REPORT (1)
21
22//Maximum number of enc partitions which kernel driver supported
23#define MAX_ENC_PARTS (4)
24
25typedef struct {
26 char part_name[32];
27 u8 wrapped[AES_KEY_SIZE_128];
28 u8 in_used;
29} ENC_PART_ENT_T;
30
31ENC_PART_ENT_T enc_parts[MAX_ENC_PARTS];
32
33int32_t find_free_enc_parts_ent(void)
34{
35 int32_t i = 0;
36 for (i = 0; i < MAX_ENC_PARTS; i++)
37 if (enc_parts[i].in_used == 0)
38 return i;
39 return -1;
40}
41
42#if DEBUG
43void dump_bufs(const char *name, const uint8_t *buf, int32_t len)
44{
45 char line_buf[128] = {0x0};
46 char *line_buf_ptr = line_buf;
47 uint32_t i = 0;
48 const uint8_t *ptr = buf;
49 const int32_t sz = len;
50
51 printf("\n========= Start dump %s(%d)\n", name, sz);
52 while (len - 16 >= 0) {
53 printf("%02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
54 ptr[0], ptr[i+1], ptr[i+2], ptr[i+3], ptr[4], ptr[i+5], ptr[i+6], ptr[i+7],
55 ptr[i+8], ptr[i+9], ptr[i+10], ptr[i+11], ptr[i+12], ptr[i+13], ptr[i+14], ptr[i+15]);
56 ptr += 16;
57 len -= 16;
58 }
59
60 if (len * 3 <= sizeof(line_buf)) {
61 while (len) {
62 snprintf(line_buf_ptr, sizeof(line_buf), "%02x ", *ptr);
63 line_buf_ptr += 3; /*"xx "*/
64 len--;
65 }
66 if (strlen(line_buf))
67 printf("%s\n", line_buf);
68 printf("========= End dump %s(%d)\n", name, sz);
69 } else {
70 printf("remaining length exceeds linebuf length\n");
71 }
72}
73#endif
74
75void dump_enc_parts(void)
76{
77 int32_t i, j;
78 for (i = 0; i < MAX_ENC_PARTS; i++) {
79 printf("%d: %s(%s)", i, enc_parts[i].part_name, enc_parts[i].in_used? "In used": "Unused");
80 printf("\n wrapped: ");
81 for (j = 0; j < sizeof(enc_parts[i].wrapped); j++)
82 printf("%02x", enc_parts[i].wrapped[j]);
83 printf("\n");
84 }
85}
86
87static int hex2bin(char *hex, void *bin, size_t binlen)
88{
89 int i, c, n1, n2, hexlen, k;
90
91 hexlen = strnlen(hex, 64);
92 k = 0;
93 n1 = -1;
94 n2 = -1;
95 for (i = 0; i < hexlen; i++) {
96 n2 = n1;
97 c = hex[i];
98 if (c >= '0' && c <= '9') {
99 n1 = c - '0';
100 } else if (c >= 'a' && c <= 'f') {
101 n1 = c - 'a' + 10;
102 } else if (c >= 'A' && c <= 'F') {
103 n1 = c - 'A' + 10;
104 } else if (c == ' ') {
105 n1 = -1;
106 continue;
107 } else {
108 return -1;
109 }
110
111 if (n1 >= 0 && n2 >= 0) {
112 if (k < binlen) {
113 // k is index and should be 0 <= k < binlen
114 ((u8 *)bin)[k] = (n2 << 4) | n1;
115 n1 = -1;
116 k++;
117 } else {
118#if ERROR_REPORT
119 printf("Output overflow(%d >= %lu)\n", k, binlen);
120#endif
121 goto out;
122 }
123 }
124 }
125out:
126 return k;
127}
128
129static int unwrap_key(u8 *in, u32 in_sz, u8 *out, u32 *out_sz)
130{
131 int ret = 0;
132 struct amlkl_params kl_param;
133 uint32_t dgpk_key_slot = 31; //only test slot
134 uint8_t dst[AES_KEY_SIZE_128] = {0};
135
136 /* dgpk_func_0_bs_0_tsep_0.test.vector.txt */
137 uint8_t dgpk_ek3[16] = {
138 0xa6, 0x20, 0x65, 0x7f, 0xa9, 0x6b, 0x19, 0x66,
139 0xa1, 0x03, 0x47, 0xb4, 0x23, 0xde, 0x20, 0x25
140 };
141
142 uint8_t dgpk_ek2[16] = {
143 0xa2, 0xe3, 0x7a, 0xe8, 0x6e, 0xce, 0x64, 0x78,
144 0x69, 0x18, 0x51, 0x0c, 0x57, 0xec, 0x68, 0xcf
145 };
146
147 uint8_t dgpk_ek1[16] = {
148 0xfa, 0x29, 0x3b, 0x43, 0x25, 0x7c, 0x96, 0xbd,
149 0x55, 0x2b, 0x60, 0xd5, 0x95, 0x60, 0xcf, 0xcc
150 };
151 if (!in || !out) {
152#if ERROR_REPORT
153 printf("Invalid arguments.\n");
154#endif
155 return -1;
156 }
157 if (!out_sz || *out_sz < AES_KEY_SIZE_128) {
158#if ERROR_REPORT
159 printf("output size too small\n");
160#endif
161 return -1;
162 }
163
164 memset(&kl_param, 0, sizeof(kl_param));
165 kl_param.kt_handle = dgpk_key_slot;
166 kl_param.levels = AML_KL_LEVEL_3;
167 kl_param.usage.crypto = AML_KT_FLAG_ENC_DEC;
168 kl_param.usage.algo = AML_KT_ALGO_AES;
169 kl_param.usage.uid = AML_KT_USER_M2M_0;
170 kl_param.kl_algo = AML_KL_ALGO_AES;
171 kl_param.kl_mode = AML_KL_MODE_AML;
172#if CONFIG_PARTITION_ENCRYPTION_LOCAL
173 /* use mrk ACRK */
174 kl_param.mrk_cfg_index = AML_KL_MRK_ACRK;
175#else
176 /* use mrk DGPK1 */
177 kl_param.mrk_cfg_index = AML_KL_MRK_DGPK1;
178#endif
179 /* function id 2 */
180 kl_param.func_id = AML_KL_FUNC_AES_2;
181
182 memcpy(kl_param.eks[0], dgpk_ek1, 16);
183 memcpy(kl_param.eks[1], dgpk_ek2, 16);
184 memcpy(kl_param.eks[2], dgpk_ek3, 16);
185 ret = aml_mkl_run(&kl_param);
186 if (ret != 0) {
187#if ERROR_REPORT
188 printf("aml_mkl_run error[ret:%d]\n", ret);
189#endif
190 return -1;
191 }
192 ret = aes_ecb_dec_keytbl(AES_KEY_SIZE_128, in, dst,
193 NULL, AES_KEY_SIZE_128, dgpk_key_slot);
194#if DEBUG
195 printf("in:\n");
196 printf("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
197 in[0], in[1], in[2], in[3], in[4], in[5], in[6], in[7],
198 in[8], in[9], in[10], in[11], in[12],in[13],in[14], in[15]);
199
200 printf("unwrap:");
201 printf("%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x\n",
202 dst[0], dst[1], dst[2], dst[3], dst[4], dst[5], dst[6], dst[7],
203 dst[8], dst[9], dst[10], dst[11], dst[12],dst[13],dst[14], dst[15]);
204#endif
205 memcpy(out, dst, AES_KEY_SIZE_128);
206 *out_sz = AES_KEY_SIZE_128;
207 return ret;
208}
209
210void apply_enc_parts(void)
211{
212 int32_t i = 0, rc;
213 u8 unwrap[AES_KEY_SIZE_128] = {0};
214 uint32_t unwrap_sz = sizeof(unwrap);
215 u64 fdt_addr;
216
217 fdt_addr = env_get_ulong("dtb_mem_addr", 16, 0);
218 for (i = 0; i < MAX_ENC_PARTS; i++) {
219 if (enc_parts[i].in_used != 0) {
220 rc = unwrap_key(enc_parts[i].wrapped, AES_KEY_SIZE_128,
221 unwrap, &unwrap_sz);
222 if (rc < 0) {
223#if ERROR_REPORT
224 printf("unwrap key for %s failed.(%d)\n", enc_parts[i].part_name, rc);
225#endif
226 continue;
227 }
228 rc = fdt_find_and_setprop((void*)fdt_addr, "/keys", enc_parts[i].part_name,
229 unwrap, unwrap_sz, 1 /* create */);
230 if (rc) {
231 if (rc == -FDT_ERR_NOSPACE) {
232 /* no space. Try to make extra space for it */
233 int prop_sz = 0x10;
234 rc = fdt_shrink_to_minimum((void*)fdt_addr, prop_sz);
235 if (rc < 0) {
236#if ERROR_REPORT
237 printf("Unable to add extra size(%d) for %s\n",
238 prop_sz, enc_parts[i].part_name);
239#endif
240 } else {
241 rc = fdt_find_and_setprop((void*)fdt_addr, "/keys", enc_parts[i].part_name,
242 unwrap, unwrap_sz, 1 /* create */);
243 if (rc) {
244#if ERROR_REPORT
245 printf("Failed to set partition enc for %s(%d)\n",
246 enc_parts[i].part_name, rc);
247#endif
248 }
249 }
250 }
251#if ERROR_REPORT
252 else {
253 printf("Failed to set partition enc for %s(%d)\n",
254 enc_parts[i].part_name, rc);
255 }
256#endif
257 }
258 }
259 }
260 return;
261}
262
263int32_t find_enc_parts(const char* part_name)
264{
265 int32_t i = 0;
266
267 if (part_name == NULL)
268 return -1;
269
270 for (i = 0; i < MAX_ENC_PARTS; i++) {
271 if (enc_parts[i].in_used != 0) {
272 if (!strcmp(part_name, enc_parts[i].part_name))
273 return i;
274 }
275 }
276 return -1;
277}
278
279int set_enc_parts(char *name, char *wrapped_hex, int wrapped_hex_sz)
280{
281 int32_t i = 0, rc;
282
283 i = find_enc_parts(name);
284 if (i < 0) {
285 i = find_free_enc_parts_ent();
286 if (i < 0) {
287#if ERROR_REPORT
288 printf("Unable to find free slot for %s\n", name);
289#endif
290 return CMD_RET_FAILURE;
291 }
292 }
293 rc = hex2bin(wrapped_hex, enc_parts[i].wrapped, sizeof(enc_parts[i].wrapped));
294 if (rc < 0) {
295#if ERROR_REPORT
296 printf("Unable to parse data hex2bin for %s\n", wrapped_hex);
297#endif
298 return CMD_RET_FAILURE;
299 }
300 strncpy(enc_parts[i].part_name, name, sizeof(enc_parts[i].part_name) -1);
301 enc_parts[i].in_used = 1;
302
303 return CMD_RET_SUCCESS;
304}
305
306int del_enc_parts(char *name)
307{
308 if (name) {
309 int i = find_enc_parts(name);
310 if (i >= 0)
311 memset(&enc_parts[i], 0x0, sizeof(ENC_PART_ENT_T));
312 return CMD_RET_SUCCESS;
313 } else
314 return CMD_RET_FAILURE;
315}
316
317int clear_enc_parts(void)
318{
319 memset(enc_parts, 0x0, sizeof(enc_parts));
320 return CMD_RET_SUCCESS;
321}
322
323int init_enc_parts(void)
324{
325 s32 rc = CMD_RET_SUCCESS;
326#ifdef PARTITION_ENC_ARGS
327 char *args = NULL;
328 const uint32_t args_len = strlen(PARTITION_ENC_ARGS);
329 char *pair[MAX_ENC_PARTS] = {NULL, NULL, NULL, NULL};
330 char *tmp;
331 uint32_t i = 0;
332 char *part_name;
333 char *part_key_hex;
334#if DEBUG
335 printf("%s:%d: args_len = %d\n", __func__, __LINE__, args_len);
336#endif
337 if (args_len) {
338 args = calloc(args_len + 1, sizeof(char));// include EOS
339 if (!args) {
340#if ERROR_REPORT
341 printf("failed to alloc buf for args.(%u)\n", args_len);
342#endif
343 return -1;
344 }
345 strncpy(args, PARTITION_ENC_ARGS, args_len);
346 tmp = args;
347
348 for (i = 0; i < MAX_ENC_PARTS; i++) {
349 pair[i] = strsep(&tmp, ";");
350
351 if (!pair[i]) {
352 break;
353 } else if (!strlen(pair[i])) {
354 // If delimiter appears at the end of string,
355 // drop it and continue the parsing
356 pair[i] = NULL;
357 i--;
358 continue;
359 }
360 }
361 if (i == MAX_ENC_PARTS && strsep(&tmp, ";")) {
362#if ERROR_REPORT
363 printf("Too many enc parts provided by PARTITION_ENC_ARGS.\n");
364#endif
365 rc = CMD_RET_FAILURE;
366 goto out;
367 }
368 /* Init enc_parts */
369 clear_enc_parts();
370 //memset(enc_parts, 0x0, sizeof(enc_parts));
371 i = 0;
372 while (i < MAX_ENC_PARTS && pair[i]) {
373#if DEBUG
374 printf("parsing pair[%s] %d ...\n", pair[i], i);
375#endif
376 tmp = pair[i];
377 part_name = strsep(&tmp, ":");
378 part_key_hex = tmp;
379 if (part_name && part_key_hex) {
380 rc = set_enc_parts(part_name, part_key_hex, strnlen(part_key_hex, 32));
381 } else {
382#if ERROR_REPORT
383 printf("parsing error.\n");
384#endif
385 rc = CMD_RET_FAILURE;
386 goto out;
387 }
388 i++;
389 }
390 rc = CMD_RET_SUCCESS;
391 }
392out:
393 if (args)
394 free(args);
395#else
396 printf("PARTITION_ENC_ARGS is not defied.\n");
397 rc = CMD_RET_FAILURE;
398#endif
399 return rc;
400}
401
402static char partition_enc_help_text[] =
403"\n"
404"[set] <partition> {<value-hexdump-string>}\n"
405"\t\t\tSet partition key to data. DATA is in continuous\n"
406"\t\t\t hexdump format, e.g. aabb1122\n"
407"[del] <partition>\tDelete <partition> in table of partition encryption.\n"
408"[init]\t\t\tInitialize table of partition encryption.\n"
409"[clear]\t\t\tClear table of partition encryption.\n"
410"[dump]\t\t\tDump table of partition encryption.\n"
411"[apply]\t\t\tApply table of partition encryption to DTS.\n"
412"\n";
413
414int do_partition_enc(cmd_tbl_t *cmdtp, int flag, int argc, char * const argv[])
415{
416 int rc = CMD_RET_SUCCESS;
417
418 if (argc < 2) {
419 return CMD_RET_USAGE;
420 }
421
422 if (argc == 2) {
423 if (!strcmp(argv[1], "init"))
424 rc = init_enc_parts();
425 else if (!strcmp(argv[1], "clear"))
426 rc = clear_enc_parts();
427 else if (!strcmp(argv[1], "apply"))
428 apply_enc_parts();
429 else if (!strcmp(argv[1], "dump"))
430 dump_enc_parts();
431 else
432 rc = CMD_RET_USAGE;
433 } else if (argc == 3) {
434 if (!strcmp(argv[1], "del"))
435 rc = del_enc_parts(argv[2]);
436 else
437 rc = CMD_RET_USAGE;
438 } else if (argc == 4) {
439 if (!strcmp(argv[1], "set"))
440 rc = set_enc_parts(argv[2], argv[3], strnlen(argv[3], 32));
441 else
442 rc = CMD_RET_USAGE;
443 } else
444 rc = CMD_RET_USAGE;
445
446#if ERROR_REPORT
447 if (rc != CMD_RET_SUCCESS)
448 printf("Invalid arguments: %s\n", argv[1]);
449#endif
450 return rc;
451}
452
453U_BOOT_CMD(partition_enc, 4, 0, do_partition_enc,
454 "partition encryption command", partition_enc_help_text);
455
456#if CONFIG_PARTITION_ENCRYPTION_LOCAL
457
458#define LBN_SIZE (512)
459#define AES_BLOCK_SIZE (16)
460#define LBN_SHIFT (9)
461#define IV_FACTOR_BASE_ADDR (0x800)
462
463/* Get logical block number for encryption.
464 * Size of each lbn is 512 bytes. */
465static inline uint64_t get_lbn(uint64_t offset)
466{
467 return (offset >> LBN_SHIFT) + IV_FACTOR_BASE_ADDR;
468}
469
470int32_t calc_aes_128_cbc(uint8_t *in, uint32_t in_sz,
471 uint8_t *key, uint32_t key_sz,
472 uint8_t *iv, uint32_t iv_sz,
473 uint8_t *out, int32_t *out_sz, int32_t mode)
474{
475 int32_t ret = 0;
476 u8 key_exp[AES256_EXPAND_KEY_LENGTH];
477
478 /* First we expand the key. */
479 aes_expand_key(key, key_sz, key_exp);
480
481 if (mode == DECRYPT)
482 aes_cbc_decrypt_blocks(AES128_KEY_LENGTH, key_exp, iv,
483 in, out, in_sz / AES_BLOCK_LENGTH);
484 else if (mode == ENCRYPT)
485 aes_cbc_encrypt_blocks(AES128_KEY_LENGTH, key_exp, iv,
486 in, out, in_sz / AES_BLOCK_LENGTH);
487#if ERROR_REPORT
488 else
489 printf("Unsupported mode\n");
490#endif
491 return ret;
492}
493
494static int32_t get_iv(uint64_t offset, uint8_t *md5, uint32_t md5_sz, uint8_t *out, int32_t *out_sz)
495{
496 uint64_t lbn = get_lbn(offset);
497 uint8_t iv[AES_BLOCK_SIZE] = {};
498 uint8_t iv_iv[AES_BLOCK_SIZE] = {0xff};
499 int32_t ret = 0;
500
501 if (!out || !out_sz || !*out_sz) {
502#if ERROR_REPORT
503 printf("Invalid input.\n");
504#endif
505 return -1;
506 }
507
508 iv[0] = lbn & 0xFF;
509 iv[1] = (lbn >> 8) & 0xFF;
510 iv[2] = (lbn >> 16) & 0xFF;
511 iv[3] = (lbn >> 24) & 0xFF;
512
513 ret = calc_aes_128_cbc(iv, sizeof(iv),
514 md5, md5_sz, /* key */
515 iv_iv, sizeof(iv_iv), /* iv */
516 out, out_sz, 0);
517
518 return ret;
519}
520
521uint32_t calc_md5(uint8_t *in, uint32_t in_sz, uint8_t *md5_hash, uint32_t *md5_hash_len)
522{
523 md5(in, in_sz, md5_hash);
524 return 0;
525}
526
527int part_crypt(u8 *in, u64 in_sz,
528 u8 *key, u32 key_sz,
529 u8 *out, u64 out_sz,
530 u64 offset, OP_MODE_T mode)
531{
532 int32_t ret = 0;
533 int32_t remaining, read_sz, retVal = 0;
534 u8 md5[16];
535 u32 md5_sz = sizeof(md5);
536 u64 buf_off = 0;
537 u8 page_iv[AES_BLOCK_SIZE] = {};
538 s32 page_iv_sz = AES_BLOCK_SIZE;
539 s32 wr_sz, wr_total = 0;
540 u32 padding = 0;
541 u8 *temp = NULL;
542 u32 temp_sz = 0;
543 u32 remain_of_blk = 0;
544
545 if (!in_sz || !key || !key_sz || !out) {
546#if ERROR_REPORT
547 printf("Invalid input.\n");
548#endif
549 return -1;
550 }
551 if (offset & 0x1ff) {
552#if ERROR_REPORT
553 printf("off should be multiple of 512\n");
554#endif
555 return -1;
556 }
557 if (out_sz < in_sz) {
558#if ERROR_REPORT
559 printf("Output size should >= input size(%#llx)\n", in_sz);
560#endif
561 return -1;
562 }
563
564 if (mode != ENCRYPT && mode != DECRYPT) {
565#if ERROR_REPORT
566 printf("Invalid mode.\n");
567#endif
568 return -1;
569 }
570
571 remaining = in_sz;
572 /* partition key hash */
573 calc_md5(key, key_sz, md5, &md5_sz);
574 while (remaining > 0) {
575 /* Read in a lbn if it is possible */
576 read_sz = (remaining >= LBN_SIZE)? LBN_SIZE: remaining;
577 remain_of_blk = read_sz & (AES_BLOCK_LENGTH - 1);
578 if (remain_of_blk) {
579 /* Since LBN_SIZE is multiple of AES_BLOCK_LENGTH, entering
580 * this case means it is the last read */
581 padding = AES_BLOCK_LENGTH - remain_of_blk;
582#if DEBUG
583 printf("remain_of_blk = %d, padding = %u\n", remain_of_blk, padding);
584#endif
585 temp_sz = read_sz + padding;
586 temp = (u8*)malloc(temp_sz);
587 if (temp == NULL) {
588#if ERROR_REPORT
589 printf("failed to alloc temp buffer.(%d)\n", temp_sz);
590#endif
591 ret = -1;
592 goto out;
593 }
594 /* copy input to temp buffer */
595 memcpy(temp, &in[buf_off], read_sz);
596 }
597 /* update iv */
598 page_iv_sz = AES_BLOCK_SIZE;
599 ret = get_iv(offset, md5, md5_sz, page_iv, &page_iv_sz);
600 if (ret < 0) {
601#if ERROR_REPORT
602 printf("Error to get enc iv\n");
603#endif
604 retVal = -1;
605 goto out;
606 }
607 if (remain_of_blk) {
608 wr_sz = temp_sz;
609 ret = calc_aes_128_cbc(temp, temp_sz, /* input */
610 key, key_sz, /* key */
611 page_iv, page_iv_sz, /* iv */
612 temp, &wr_sz, mode); /* output */
613 } else {
614 wr_sz = read_sz;
615 ret = calc_aes_128_cbc(&in[buf_off], read_sz, /* input */
616 key, key_sz, /* key */
617 page_iv, page_iv_sz, /* iv */
618 &out[buf_off], &wr_sz, mode); /* output */
619 }
620 if (ret < 0) {
621#if ERROR_REPORT
622 printf("Error to calc aes 128 cbc\n");
623#endif
624 retVal = -1;
625 goto out;
626 }
627 if (remain_of_blk) {
628 /* copy result from temp to out buffer */
629 memcpy(&out[buf_off], temp, read_sz);
630 }
631
632 offset += read_sz;
633 buf_off += read_sz;
634 wr_total += wr_sz;
635 remaining -= read_sz;
636 }
637
638out:
639 if (temp) free(temp);
640
641 return ret;
642}
643
644int part_dec(const char *name, u8 *in, u64 in_sz, u8 *out, u64 out_sz, u64 off)
645{
646 s32 rc = env_get_yesno("local_dec");
647
648 if (rc == 1) {
649 int i = find_enc_parts(name);
650 u8 unwrap[AES_KEY_SIZE_128] = {0x0};
651 u32 unwrap_sz = AES_KEY_SIZE_128;
652
653 if (i < 0)
654 return -1;
655
656 printf("%s is an enc part\n", name);
657 rc = unwrap_key(enc_parts[i].wrapped, sizeof(enc_parts[i].wrapped),
658 unwrap, &unwrap_sz);
659 if (rc) {
660#if ERROR_REPORT
661 printf("unwrap key failed.(%d)\n", rc);
662#endif
663 return rc;
664 }
665
666 return part_crypt(in, in_sz, unwrap, unwrap_sz, out, out_sz, off, DECRYPT);
667 } else
668 return -1;
669}
670
671#endif //CONFIG_PARTITION_ENCRYPTION_LOCAL