1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4 */ 5 6 #ifndef _CORE_CRYPTO_H_ 7 #define _CORE_CRYPTO_H_ 8 9 #include <common.h> 10 #include <dm.h> 11 #include <image.h> 12 #include <u-boot/sha1.h> 13 14 /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15 #define CRYPTO_MD5 BIT(0) 16 #define CRYPTO_SHA1 BIT(1) 17 #define CRYPTO_SHA256 BIT(2) 18 #define CRYPTO_SHA512 BIT(3) 19 #define CRYPTO_SM3 BIT(4) 20 21 #define CRYPTO_RSA512 BIT(10) 22 #define CRYPTO_RSA1024 BIT(11) 23 #define CRYPTO_RSA2048 BIT(12) 24 #define CRYPTO_RSA3072 BIT(13) 25 #define CRYPTO_RSA4096 BIT(14) 26 27 #define CRYPTO_DES BIT(20) 28 #define CRYPTO_AES BIT(21) 29 #define CRYPTO_SM4 BIT(22) 30 31 #define CRYPTO_HMAC_MD5 BIT(25) 32 #define CRYPTO_HMAC_SHA1 BIT(26) 33 #define CRYPTO_HMAC_SHA256 BIT(27) 34 #define CRYPTO_HMAC_SHA512 BIT(28) 35 #define CRYPTO_HMAC_SM3 BIT(29) 36 37 #define BYTE2WORD(bytes) ((bytes) / 4) 38 #define BITS2BYTE(nbits) ((nbits) / 8) 39 #define BITS2WORD(nbits) ((nbits) / 32) 40 41 enum RK_CRYPTO_MODE { 42 RK_MODE_ECB = 0, 43 RK_MODE_CBC, 44 RK_MODE_CTS, 45 RK_MODE_CTR, 46 RK_MODE_CFB, 47 RK_MODE_OFB, 48 RK_MODE_XTS, 49 RK_MODE_CCM, 50 RK_MODE_GCM, 51 RK_MODE_CMAC, 52 RK_MODE_CBC_MAC, 53 RK_MODE_MAX 54 }; 55 56 typedef struct { 57 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 58 u32 length; /* Data total length */ 59 60 } sha_context; 61 62 typedef struct { 63 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 64 u32 *n; /* Public key factor N */ 65 u32 *e; /* Public key factor E */ 66 u32 *c; /* Optional, a accelerate factor for some crypto */ 67 } rsa_key; 68 69 typedef struct { 70 u32 algo; 71 u32 mode; 72 const u8 *key; 73 const u8 *twk_key; 74 u32 key_len; 75 const u8 *iv; 76 u32 iv_len; 77 } cipher_context; 78 79 struct dm_crypto_ops { 80 /* Hardware algorithm capability */ 81 u32 (*capability)(struct udevice *dev); 82 83 /* SHA init/update/final */ 84 int (*sha_init)(struct udevice *dev, sha_context *ctx); 85 int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 86 int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 87 88 /* RSA verify */ 89 int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 90 u8 *sign, u8 *output); 91 /* HMAC init/update/final */ 92 int (*hmac_init)(struct udevice *dev, sha_context *ctx, 93 u8 *key, u32 key_len); 94 int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 95 int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 96 97 /* cipher encryption and decryption */ 98 int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 99 const u8 *in, u8 *out, u32 len, bool enc); 100 101 /* cipher mac cmac&cbc_mac */ 102 int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 103 const u8 *in, u32 len, u8 *tag); 104 105 /* cipher aes ccm&gcm */ 106 int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 107 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 108 u8 *out, u8 *tag); 109 110 }; 111 112 /** 113 * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 114 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 115 * 116 * @return algorithm bits 117 */ 118 u32 crypto_algo_nbits(u32 algo); 119 120 /** 121 * crypto_get_device() - Get crypto device by capability 122 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 123 * 124 * @return dev on success, otherwise NULL 125 */ 126 struct udevice *crypto_get_device(u32 capability); 127 128 /** 129 * crypto_sha_init() - Crypto sha init 130 * 131 * @dev: crypto device 132 * @ctx: sha context 133 * 134 * @return 0 on success, otherwise failed 135 */ 136 int crypto_sha_init(struct udevice *dev, sha_context *ctx); 137 138 /** 139 * crypto_sha_update() - Crypto sha update 140 * 141 * @dev: crypto device 142 * @input: input data buffer 143 * @len: input data length 144 * 145 * @return 0 on success, otherwise failed 146 */ 147 int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 148 149 /** 150 * crypto_sha_final() - Crypto sha finish and get result 151 * 152 * @dev: crypto device 153 * @ctx: sha context 154 * @output: output hash data 155 * 156 * @return 0 on success, otherwise failed 157 */ 158 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 159 160 /** 161 * crypto_sha_csum() - Crypto sha hash for one data block only 162 * 163 * @dev: crypto device 164 * @ctx: sha context 165 * @input: input data buffer 166 * @input_len: input data length 167 * @output: output hash data 168 * 169 * @return 0 on success, otherwise failed 170 */ 171 int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 172 char *input, u32 input_len, u8 *output); 173 174 /** 175 * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 176 * 177 * @dev: crypto device 178 * @ctx: sha context 179 * @region: regions buffer 180 * @region_count: regions count 181 * @output: output hash data 182 * 183 * @return 0 on success, otherwise failed 184 */ 185 int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 186 const struct image_region region[], 187 int region_count, u8 *output); 188 189 /** 190 * crypto_rsa_verify() - Crypto rsa verify 191 * 192 * @dev: crypto device 193 * @ctx: rsa key context 194 * @sign: signature 195 * @output: output hash data buffer 196 * 197 * @return 0 on success, otherwise failed 198 */ 199 int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 200 201 /** 202 * crypto_hmac_init() - Crypto hmac init 203 * 204 * @dev: crypto device 205 * @ctx: sha context 206 * 207 * @return 0 on success, otherwise failed 208 */ 209 int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 210 u8 *key, u32 key_len); 211 212 /** 213 * crypto_hmac_update() - Crypto hmac update 214 * 215 * @dev: crypto device 216 * @input: input data buffer 217 * @len: input data length 218 * 219 * @return 0 on success, otherwise failed 220 */ 221 int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 222 223 /** 224 * crypto_sha_final() - Crypto hmac finish and get result 225 * 226 * @dev: crypto device 227 * @ctx: sha context 228 * @output: output hash data 229 * 230 * @return 0 on success, otherwise failed 231 */ 232 int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 233 234 /** 235 * crypto_cipher() - Crypto cipher crypt 236 * 237 * @dev: crypto device 238 * @ctx: cipher context 239 * @in: input data buffer 240 * @out: output data buffer 241 * @len: input data length 242 * @enc: true for encrypt, false for decrypt 243 * @return 0 on success, otherwise failed 244 */ 245 int crypto_cipher(struct udevice *dev, cipher_context *ctx, 246 const u8 *in, u8 *out, u32 len, bool enc); 247 248 /** 249 * crypto_mac() - Crypto cipher mac 250 * 251 * @dev: crypto device 252 * @ctx: cipher context 253 * @in: input data buffer 254 * @len: input data length 255 * @tag: output data buffer 256 * @return 0 on success, otherwise failed 257 */ 258 int crypto_mac(struct udevice *dev, cipher_context *ctx, 259 const u8 *in, u32 len, u8 *tag); 260 261 /** 262 * crypto_ae() - Crypto cipher authorization and encryption 263 * 264 * @dev: crypto device 265 * @ctx: cipher context 266 * @in: input data buffer 267 * @len: input data length 268 * @aad: associated data buffer 269 * @aad_len: associated data length 270 * @out: output data buffer 271 * @tag: tag buffer 272 * @return 0 on success, otherwise failed 273 */ 274 int crypto_ae(struct udevice *dev, cipher_context *ctx, 275 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 276 u8 *out, u8 *tag); 277 278 #endif 279