1*4882a593Smuzhiyun /* SPDX-License-Identifier: GPL-2.0+ */ 2*4882a593Smuzhiyun /* 3*4882a593Smuzhiyun * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4*4882a593Smuzhiyun */ 5*4882a593Smuzhiyun 6*4882a593Smuzhiyun #ifndef _CORE_CRYPTO_H_ 7*4882a593Smuzhiyun #define _CORE_CRYPTO_H_ 8*4882a593Smuzhiyun 9*4882a593Smuzhiyun #include <common.h> 10*4882a593Smuzhiyun #include <dm.h> 11*4882a593Smuzhiyun #include <image.h> 12*4882a593Smuzhiyun #include <u-boot/sha1.h> 13*4882a593Smuzhiyun 14*4882a593Smuzhiyun /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15*4882a593Smuzhiyun #define CRYPTO_MD5 BIT(0) 16*4882a593Smuzhiyun #define CRYPTO_SHA1 BIT(1) 17*4882a593Smuzhiyun #define CRYPTO_SHA256 BIT(2) 18*4882a593Smuzhiyun #define CRYPTO_SHA512 BIT(3) 19*4882a593Smuzhiyun #define CRYPTO_SM3 BIT(4) 20*4882a593Smuzhiyun 21*4882a593Smuzhiyun #define CRYPTO_RSA512 BIT(10) 22*4882a593Smuzhiyun #define CRYPTO_RSA1024 BIT(11) 23*4882a593Smuzhiyun #define CRYPTO_RSA2048 BIT(12) 24*4882a593Smuzhiyun #define CRYPTO_RSA3072 BIT(13) 25*4882a593Smuzhiyun #define CRYPTO_RSA4096 BIT(14) 26*4882a593Smuzhiyun 27*4882a593Smuzhiyun #define CRYPTO_DES BIT(20) 28*4882a593Smuzhiyun #define CRYPTO_AES BIT(21) 29*4882a593Smuzhiyun #define CRYPTO_SM4 BIT(22) 30*4882a593Smuzhiyun 31*4882a593Smuzhiyun #define CRYPTO_HMAC_MD5 BIT(25) 32*4882a593Smuzhiyun #define CRYPTO_HMAC_SHA1 BIT(26) 33*4882a593Smuzhiyun #define CRYPTO_HMAC_SHA256 BIT(27) 34*4882a593Smuzhiyun #define CRYPTO_HMAC_SHA512 BIT(28) 35*4882a593Smuzhiyun #define CRYPTO_HMAC_SM3 BIT(29) 36*4882a593Smuzhiyun 37*4882a593Smuzhiyun #define BYTE2WORD(bytes) ((bytes) / 4) 38*4882a593Smuzhiyun #define BITS2BYTE(nbits) ((nbits) / 8) 39*4882a593Smuzhiyun #define BITS2WORD(nbits) ((nbits) / 32) 40*4882a593Smuzhiyun 41*4882a593Smuzhiyun enum RK_CRYPTO_MODE { 42*4882a593Smuzhiyun RK_MODE_ECB = 0, 43*4882a593Smuzhiyun RK_MODE_CBC, 44*4882a593Smuzhiyun RK_MODE_CTS, 45*4882a593Smuzhiyun RK_MODE_CTR, 46*4882a593Smuzhiyun RK_MODE_CFB, 47*4882a593Smuzhiyun RK_MODE_OFB, 48*4882a593Smuzhiyun RK_MODE_XTS, 49*4882a593Smuzhiyun RK_MODE_CCM, 50*4882a593Smuzhiyun RK_MODE_GCM, 51*4882a593Smuzhiyun RK_MODE_CMAC, 52*4882a593Smuzhiyun RK_MODE_CBC_MAC, 53*4882a593Smuzhiyun RK_MODE_MAX 54*4882a593Smuzhiyun }; 55*4882a593Smuzhiyun 56*4882a593Smuzhiyun typedef struct { 57*4882a593Smuzhiyun u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 58*4882a593Smuzhiyun u32 length; /* Data total length */ 59*4882a593Smuzhiyun 60*4882a593Smuzhiyun } sha_context; 61*4882a593Smuzhiyun 62*4882a593Smuzhiyun typedef struct { 63*4882a593Smuzhiyun u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 64*4882a593Smuzhiyun u32 *n; /* Public key factor N */ 65*4882a593Smuzhiyun u32 *e; /* Public key factor E */ 66*4882a593Smuzhiyun u32 *c; /* Optional, a accelerate factor for some crypto */ 67*4882a593Smuzhiyun } rsa_key; 68*4882a593Smuzhiyun 69*4882a593Smuzhiyun typedef struct { 70*4882a593Smuzhiyun u32 algo; 71*4882a593Smuzhiyun u32 mode; 72*4882a593Smuzhiyun const u8 *key; 73*4882a593Smuzhiyun const u8 *twk_key; 74*4882a593Smuzhiyun u32 key_len; 75*4882a593Smuzhiyun const u8 *iv; 76*4882a593Smuzhiyun u32 iv_len; 77*4882a593Smuzhiyun } cipher_context; 78*4882a593Smuzhiyun 79*4882a593Smuzhiyun struct dm_crypto_ops { 80*4882a593Smuzhiyun /* Hardware algorithm capability */ 81*4882a593Smuzhiyun u32 (*capability)(struct udevice *dev); 82*4882a593Smuzhiyun 83*4882a593Smuzhiyun /* SHA init/update/final */ 84*4882a593Smuzhiyun int (*sha_init)(struct udevice *dev, sha_context *ctx); 85*4882a593Smuzhiyun int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 86*4882a593Smuzhiyun int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 87*4882a593Smuzhiyun 88*4882a593Smuzhiyun /* RSA verify */ 89*4882a593Smuzhiyun int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 90*4882a593Smuzhiyun u8 *sign, u8 *output); 91*4882a593Smuzhiyun /* HMAC init/update/final */ 92*4882a593Smuzhiyun int (*hmac_init)(struct udevice *dev, sha_context *ctx, 93*4882a593Smuzhiyun u8 *key, u32 key_len); 94*4882a593Smuzhiyun int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 95*4882a593Smuzhiyun int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 96*4882a593Smuzhiyun 97*4882a593Smuzhiyun /* cipher encryption and decryption */ 98*4882a593Smuzhiyun int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 99*4882a593Smuzhiyun const u8 *in, u8 *out, u32 len, bool enc); 100*4882a593Smuzhiyun 101*4882a593Smuzhiyun /* cipher mac cmac&cbc_mac */ 102*4882a593Smuzhiyun int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 103*4882a593Smuzhiyun const u8 *in, u32 len, u8 *tag); 104*4882a593Smuzhiyun 105*4882a593Smuzhiyun /* cipher aes ccm&gcm */ 106*4882a593Smuzhiyun int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 107*4882a593Smuzhiyun const u8 *in, u32 len, const u8 *aad, u32 aad_len, 108*4882a593Smuzhiyun u8 *out, u8 *tag); 109*4882a593Smuzhiyun 110*4882a593Smuzhiyun }; 111*4882a593Smuzhiyun 112*4882a593Smuzhiyun /** 113*4882a593Smuzhiyun * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 114*4882a593Smuzhiyun * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 115*4882a593Smuzhiyun * 116*4882a593Smuzhiyun * @return algorithm bits 117*4882a593Smuzhiyun */ 118*4882a593Smuzhiyun u32 crypto_algo_nbits(u32 algo); 119*4882a593Smuzhiyun 120*4882a593Smuzhiyun /** 121*4882a593Smuzhiyun * crypto_get_device() - Get crypto device by capability 122*4882a593Smuzhiyun * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 123*4882a593Smuzhiyun * 124*4882a593Smuzhiyun * @return dev on success, otherwise NULL 125*4882a593Smuzhiyun */ 126*4882a593Smuzhiyun struct udevice *crypto_get_device(u32 capability); 127*4882a593Smuzhiyun 128*4882a593Smuzhiyun /** 129*4882a593Smuzhiyun * crypto_sha_init() - Crypto sha init 130*4882a593Smuzhiyun * 131*4882a593Smuzhiyun * @dev: crypto device 132*4882a593Smuzhiyun * @ctx: sha context 133*4882a593Smuzhiyun * 134*4882a593Smuzhiyun * @return 0 on success, otherwise failed 135*4882a593Smuzhiyun */ 136*4882a593Smuzhiyun int crypto_sha_init(struct udevice *dev, sha_context *ctx); 137*4882a593Smuzhiyun 138*4882a593Smuzhiyun /** 139*4882a593Smuzhiyun * crypto_sha_update() - Crypto sha update 140*4882a593Smuzhiyun * 141*4882a593Smuzhiyun * @dev: crypto device 142*4882a593Smuzhiyun * @input: input data buffer 143*4882a593Smuzhiyun * @len: input data length 144*4882a593Smuzhiyun * 145*4882a593Smuzhiyun * @return 0 on success, otherwise failed 146*4882a593Smuzhiyun */ 147*4882a593Smuzhiyun int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 148*4882a593Smuzhiyun 149*4882a593Smuzhiyun /** 150*4882a593Smuzhiyun * crypto_sha_final() - Crypto sha finish and get result 151*4882a593Smuzhiyun * 152*4882a593Smuzhiyun * @dev: crypto device 153*4882a593Smuzhiyun * @ctx: sha context 154*4882a593Smuzhiyun * @output: output hash data 155*4882a593Smuzhiyun * 156*4882a593Smuzhiyun * @return 0 on success, otherwise failed 157*4882a593Smuzhiyun */ 158*4882a593Smuzhiyun int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 159*4882a593Smuzhiyun 160*4882a593Smuzhiyun /** 161*4882a593Smuzhiyun * crypto_sha_csum() - Crypto sha hash for one data block only 162*4882a593Smuzhiyun * 163*4882a593Smuzhiyun * @dev: crypto device 164*4882a593Smuzhiyun * @ctx: sha context 165*4882a593Smuzhiyun * @input: input data buffer 166*4882a593Smuzhiyun * @input_len: input data length 167*4882a593Smuzhiyun * @output: output hash data 168*4882a593Smuzhiyun * 169*4882a593Smuzhiyun * @return 0 on success, otherwise failed 170*4882a593Smuzhiyun */ 171*4882a593Smuzhiyun int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 172*4882a593Smuzhiyun char *input, u32 input_len, u8 *output); 173*4882a593Smuzhiyun 174*4882a593Smuzhiyun /** 175*4882a593Smuzhiyun * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 176*4882a593Smuzhiyun * 177*4882a593Smuzhiyun * @dev: crypto device 178*4882a593Smuzhiyun * @ctx: sha context 179*4882a593Smuzhiyun * @region: regions buffer 180*4882a593Smuzhiyun * @region_count: regions count 181*4882a593Smuzhiyun * @output: output hash data 182*4882a593Smuzhiyun * 183*4882a593Smuzhiyun * @return 0 on success, otherwise failed 184*4882a593Smuzhiyun */ 185*4882a593Smuzhiyun int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 186*4882a593Smuzhiyun const struct image_region region[], 187*4882a593Smuzhiyun int region_count, u8 *output); 188*4882a593Smuzhiyun 189*4882a593Smuzhiyun /** 190*4882a593Smuzhiyun * crypto_rsa_verify() - Crypto rsa verify 191*4882a593Smuzhiyun * 192*4882a593Smuzhiyun * @dev: crypto device 193*4882a593Smuzhiyun * @ctx: rsa key context 194*4882a593Smuzhiyun * @sign: signature 195*4882a593Smuzhiyun * @output: output hash data buffer 196*4882a593Smuzhiyun * 197*4882a593Smuzhiyun * @return 0 on success, otherwise failed 198*4882a593Smuzhiyun */ 199*4882a593Smuzhiyun int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 200*4882a593Smuzhiyun 201*4882a593Smuzhiyun /** 202*4882a593Smuzhiyun * crypto_hmac_init() - Crypto hmac init 203*4882a593Smuzhiyun * 204*4882a593Smuzhiyun * @dev: crypto device 205*4882a593Smuzhiyun * @ctx: sha context 206*4882a593Smuzhiyun * 207*4882a593Smuzhiyun * @return 0 on success, otherwise failed 208*4882a593Smuzhiyun */ 209*4882a593Smuzhiyun int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 210*4882a593Smuzhiyun u8 *key, u32 key_len); 211*4882a593Smuzhiyun 212*4882a593Smuzhiyun /** 213*4882a593Smuzhiyun * crypto_hmac_update() - Crypto hmac update 214*4882a593Smuzhiyun * 215*4882a593Smuzhiyun * @dev: crypto device 216*4882a593Smuzhiyun * @input: input data buffer 217*4882a593Smuzhiyun * @len: input data length 218*4882a593Smuzhiyun * 219*4882a593Smuzhiyun * @return 0 on success, otherwise failed 220*4882a593Smuzhiyun */ 221*4882a593Smuzhiyun int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 222*4882a593Smuzhiyun 223*4882a593Smuzhiyun /** 224*4882a593Smuzhiyun * crypto_sha_final() - Crypto hmac finish and get result 225*4882a593Smuzhiyun * 226*4882a593Smuzhiyun * @dev: crypto device 227*4882a593Smuzhiyun * @ctx: sha context 228*4882a593Smuzhiyun * @output: output hash data 229*4882a593Smuzhiyun * 230*4882a593Smuzhiyun * @return 0 on success, otherwise failed 231*4882a593Smuzhiyun */ 232*4882a593Smuzhiyun int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 233*4882a593Smuzhiyun 234*4882a593Smuzhiyun /** 235*4882a593Smuzhiyun * crypto_cipher() - Crypto cipher crypt 236*4882a593Smuzhiyun * 237*4882a593Smuzhiyun * @dev: crypto device 238*4882a593Smuzhiyun * @ctx: cipher context 239*4882a593Smuzhiyun * @in: input data buffer 240*4882a593Smuzhiyun * @out: output data buffer 241*4882a593Smuzhiyun * @len: input data length 242*4882a593Smuzhiyun * @enc: true for encrypt, false for decrypt 243*4882a593Smuzhiyun * @return 0 on success, otherwise failed 244*4882a593Smuzhiyun */ 245*4882a593Smuzhiyun int crypto_cipher(struct udevice *dev, cipher_context *ctx, 246*4882a593Smuzhiyun const u8 *in, u8 *out, u32 len, bool enc); 247*4882a593Smuzhiyun 248*4882a593Smuzhiyun /** 249*4882a593Smuzhiyun * crypto_mac() - Crypto cipher mac 250*4882a593Smuzhiyun * 251*4882a593Smuzhiyun * @dev: crypto device 252*4882a593Smuzhiyun * @ctx: cipher context 253*4882a593Smuzhiyun * @in: input data buffer 254*4882a593Smuzhiyun * @len: input data length 255*4882a593Smuzhiyun * @tag: output data buffer 256*4882a593Smuzhiyun * @return 0 on success, otherwise failed 257*4882a593Smuzhiyun */ 258*4882a593Smuzhiyun int crypto_mac(struct udevice *dev, cipher_context *ctx, 259*4882a593Smuzhiyun const u8 *in, u32 len, u8 *tag); 260*4882a593Smuzhiyun 261*4882a593Smuzhiyun /** 262*4882a593Smuzhiyun * crypto_ae() - Crypto cipher authorization and encryption 263*4882a593Smuzhiyun * 264*4882a593Smuzhiyun * @dev: crypto device 265*4882a593Smuzhiyun * @ctx: cipher context 266*4882a593Smuzhiyun * @in: input data buffer 267*4882a593Smuzhiyun * @len: input data length 268*4882a593Smuzhiyun * @aad: associated data buffer 269*4882a593Smuzhiyun * @aad_len: associated data length 270*4882a593Smuzhiyun * @out: output data buffer 271*4882a593Smuzhiyun * @tag: tag buffer 272*4882a593Smuzhiyun * @return 0 on success, otherwise failed 273*4882a593Smuzhiyun */ 274*4882a593Smuzhiyun int crypto_ae(struct udevice *dev, cipher_context *ctx, 275*4882a593Smuzhiyun const u8 *in, u32 len, const u8 *aad, u32 aad_len, 276*4882a593Smuzhiyun u8 *out, u8 *tag); 277*4882a593Smuzhiyun 278*4882a593Smuzhiyun #endif 279