1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4 */ 5 6 #ifndef _CORE_CRYPTO_H_ 7 #define _CORE_CRYPTO_H_ 8 9 #include <common.h> 10 #include <dm.h> 11 #include <image.h> 12 #include <u-boot/sha1.h> 13 14 /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15 #define CRYPTO_MD5 BIT(0) 16 #define CRYPTO_SHA1 BIT(1) 17 #define CRYPTO_SHA256 BIT(2) 18 #define CRYPTO_SHA512 BIT(3) 19 #define CRYPTO_SM3 BIT(4) 20 21 #define CRYPTO_RSA512 BIT(10) 22 #define CRYPTO_RSA1024 BIT(11) 23 #define CRYPTO_RSA2048 BIT(12) 24 #define CRYPTO_RSA3072 BIT(13) 25 #define CRYPTO_RSA4096 BIT(14) 26 #define CRYPTO_SM2 BIT(15) 27 #define CRYPTO_ECC_192R1 BIT(16) 28 #define CRYPTO_ECC_224R1 BIT(17) 29 #define CRYPTO_ECC_256R1 BIT(18) 30 31 #define CRYPTO_DES BIT(20) 32 #define CRYPTO_AES BIT(21) 33 #define CRYPTO_SM4 BIT(22) 34 35 #define CRYPTO_HMAC_MD5 BIT(25) 36 #define CRYPTO_HMAC_SHA1 BIT(26) 37 #define CRYPTO_HMAC_SHA256 BIT(27) 38 #define CRYPTO_HMAC_SHA512 BIT(28) 39 #define CRYPTO_HMAC_SM3 BIT(29) 40 41 #define BYTE2WORD(bytes) ((bytes) / 4) 42 #define BITS2BYTE(nbits) ((nbits) / 8) 43 #define BITS2WORD(nbits) ((nbits) / 32) 44 #define WORD2BYTE(words) ((words) * 4) 45 46 enum RK_CRYPTO_MODE { 47 RK_MODE_ECB = 0, 48 RK_MODE_CBC, 49 RK_MODE_CTS, 50 RK_MODE_CTR, 51 RK_MODE_CFB, 52 RK_MODE_OFB, 53 RK_MODE_XTS, 54 RK_MODE_CCM, 55 RK_MODE_GCM, 56 RK_MODE_CMAC, 57 RK_MODE_CBC_MAC, 58 RK_MODE_MAX 59 }; 60 61 typedef struct { 62 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63 u32 length; /* Data total length */ 64 65 } sha_context; 66 67 typedef struct { 68 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69 u32 *n; /* Public key factor N */ 70 u32 *e; /* Public key factor E */ 71 u32 *c; /* Optional, a accelerate factor for some crypto */ 72 } rsa_key; 73 74 typedef struct { 75 u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 76 u32 *x; /* public key x */ 77 u32 *y; /* public key y */ 78 u32 *d; /* private key */ 79 } ec_key; 80 81 typedef struct { 82 u32 algo; 83 u32 mode; 84 const u8 *key; 85 const u8 *twk_key; 86 u32 key_len; 87 const u8 *iv; 88 u32 iv_len; 89 } cipher_context; 90 91 typedef struct { 92 u32 algo; 93 u32 mode; 94 u32 key_len; 95 const u8 *iv; 96 u32 iv_len; 97 u32 fw_keyid; 98 } cipher_fw_context; 99 100 struct dm_crypto_ops { 101 /* Hardware algorithm capability */ 102 u32 (*capability)(struct udevice *dev); 103 104 /* SHA init/update/final */ 105 int (*sha_init)(struct udevice *dev, sha_context *ctx); 106 int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 107 int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 108 109 /* RSA verify */ 110 int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 111 u8 *sign, u8 *output); 112 113 /* EC verify */ 114 int (*ec_verify)(struct udevice *dev, ec_key *ctx, 115 u8 *hash, u32 hash_len, u8 *sign); 116 117 /* HMAC init/update/final */ 118 int (*hmac_init)(struct udevice *dev, sha_context *ctx, 119 u8 *key, u32 key_len); 120 int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 121 int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 122 123 /* cipher encryption and decryption */ 124 int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 125 const u8 *in, u8 *out, u32 len, bool enc); 126 127 /* cipher mac cmac&cbc_mac */ 128 int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 129 const u8 *in, u32 len, u8 *tag); 130 131 /* cipher aes ccm&gcm */ 132 int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 133 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 134 u8 *out, u8 *tag); 135 136 /* cipher firmware encryption and decryption */ 137 int (*cipher_fw_crypt)(struct udevice *dev, cipher_fw_context *ctx, 138 const u8 *in, u8 *out, u32 len, bool enc); 139 140 ulong (*keytable_addr)(struct udevice *dev); 141 142 bool (*is_secure)(struct udevice *dev); 143 }; 144 145 /** 146 * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 147 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 148 * 149 * @return algorithm bits 150 */ 151 u32 crypto_algo_nbits(u32 algo); 152 153 /** 154 * crypto_get_device() - Get crypto device by capability 155 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 156 * 157 * @return dev on success, otherwise NULL 158 */ 159 struct udevice *crypto_get_device(u32 capability); 160 161 /** 162 * crypto_sha_init() - Crypto sha init 163 * 164 * @dev: crypto device 165 * @ctx: sha context 166 * 167 * @return 0 on success, otherwise failed 168 */ 169 int crypto_sha_init(struct udevice *dev, sha_context *ctx); 170 171 /** 172 * crypto_sha_update() - Crypto sha update 173 * 174 * @dev: crypto device 175 * @input: input data buffer 176 * @len: input data length 177 * 178 * @return 0 on success, otherwise failed 179 */ 180 int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 181 182 /** 183 * crypto_sha_final() - Crypto sha finish and get result 184 * 185 * @dev: crypto device 186 * @ctx: sha context 187 * @output: output hash data 188 * 189 * @return 0 on success, otherwise failed 190 */ 191 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 192 193 /** 194 * crypto_sha_csum() - Crypto sha hash for one data block only 195 * 196 * @dev: crypto device 197 * @ctx: sha context 198 * @input: input data buffer 199 * @input_len: input data length 200 * @output: output hash data 201 * 202 * @return 0 on success, otherwise failed 203 */ 204 int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 205 char *input, u32 input_len, u8 *output); 206 207 /** 208 * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 209 * 210 * @dev: crypto device 211 * @ctx: sha context 212 * @region: regions buffer 213 * @region_count: regions count 214 * @output: output hash data 215 * 216 * @return 0 on success, otherwise failed 217 */ 218 int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 219 const struct image_region region[], 220 int region_count, u8 *output); 221 222 /** 223 * crypto_rsa_verify() - Crypto rsa verify 224 * 225 * @dev: crypto device 226 * @ctx: rsa key context 227 * @sign: signature 228 * @output: output hash data buffer 229 * 230 * @return 0 on success, otherwise failed 231 */ 232 int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 233 234 /** 235 * crypto_ec_verify() - Crypto ec verify 236 * 237 * @dev: crypto device 238 * @ctx: ec key context 239 * @hash: hash data buffer 240 * @hash_len: hash data length 241 * @sign: signature 242 * 243 * @return 0 on success, otherwise failed 244 */ 245 int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 246 247 /** 248 * crypto_hmac_init() - Crypto hmac init 249 * 250 * @dev: crypto device 251 * @ctx: sha context 252 * 253 * @return 0 on success, otherwise failed 254 */ 255 int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 256 u8 *key, u32 key_len); 257 258 /** 259 * crypto_hmac_update() - Crypto hmac update 260 * 261 * @dev: crypto device 262 * @input: input data buffer 263 * @len: input data length 264 * 265 * @return 0 on success, otherwise failed 266 */ 267 int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 268 269 /** 270 * crypto_sha_final() - Crypto hmac finish and get result 271 * 272 * @dev: crypto device 273 * @ctx: sha context 274 * @output: output hash data 275 * 276 * @return 0 on success, otherwise failed 277 */ 278 int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 279 280 /** 281 * crypto_cipher() - Crypto cipher crypt 282 * 283 * @dev: crypto device 284 * @ctx: cipher context 285 * @in: input data buffer 286 * @out: output data buffer 287 * @len: input data length 288 * @enc: true for encrypt, false for decrypt 289 * @return 0 on success, otherwise failed 290 */ 291 int crypto_cipher(struct udevice *dev, cipher_context *ctx, 292 const u8 *in, u8 *out, u32 len, bool enc); 293 294 /** 295 * crypto_mac() - Crypto cipher mac 296 * 297 * @dev: crypto device 298 * @ctx: cipher context 299 * @in: input data buffer 300 * @len: input data length 301 * @tag: output data buffer 302 * @return 0 on success, otherwise failed 303 */ 304 int crypto_mac(struct udevice *dev, cipher_context *ctx, 305 const u8 *in, u32 len, u8 *tag); 306 307 /** 308 * crypto_ae() - Crypto cipher authorization and encryption 309 * 310 * @dev: crypto device 311 * @ctx: cipher context 312 * @in: input data buffer 313 * @len: input data length 314 * @aad: associated data buffer 315 * @aad_len: associated data length 316 * @out: output data buffer 317 * @tag: tag buffer 318 * @return 0 on success, otherwise failed 319 */ 320 int crypto_ae(struct udevice *dev, cipher_context *ctx, 321 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 322 u8 *out, u8 *tag); 323 324 /** 325 * crypto_fw_cipher() - Crypto cipher firmware crypt 326 * 327 * @dev: crypto device 328 * @ctx: cipher firmware context 329 * @in: input data buffer 330 * @out: output data buffer 331 * @len: input data length 332 * @enc: true for encrypt, false for decrypt 333 * @return 0 on success, otherwise failed 334 */ 335 int crypto_fw_cipher(struct udevice *dev, cipher_fw_context *ctx, 336 const u8 *in, u8 *out, u32 len, bool enc); 337 338 /** 339 * crypto_keytable_addr() - Crypto keytable address 340 * 341 * @dev: crypto device 342 * @return crypto keytable address 343 */ 344 ulong crypto_keytable_addr(struct udevice *dev); 345 346 /** 347 * crypto_is_secure() - Crypto keytable address 348 * 349 * @dev: crypto device 350 * @return true: secure device, false: non-secure device 351 */ 352 bool crypto_is_secure(struct udevice *dev); 353 354 #endif 355