1cc6ac5d6SJoseph Chen /* SPDX-License-Identifier: GPL-2.0+ */ 2cc6ac5d6SJoseph Chen /* 3cc6ac5d6SJoseph Chen * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4cc6ac5d6SJoseph Chen */ 5cc6ac5d6SJoseph Chen 6cc6ac5d6SJoseph Chen #ifndef _CORE_CRYPTO_H_ 7cc6ac5d6SJoseph Chen #define _CORE_CRYPTO_H_ 8cc6ac5d6SJoseph Chen 91d2a3f6cSJoseph Chen #include <common.h> 101d2a3f6cSJoseph Chen #include <dm.h> 11c14e46abSJoseph Chen #include <image.h> 121d2a3f6cSJoseph Chen #include <u-boot/sha1.h> 131d2a3f6cSJoseph Chen 14cc6ac5d6SJoseph Chen /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15cc6ac5d6SJoseph Chen #define CRYPTO_MD5 BIT(0) 16cc6ac5d6SJoseph Chen #define CRYPTO_SHA1 BIT(1) 17cc6ac5d6SJoseph Chen #define CRYPTO_SHA256 BIT(2) 18e7846385SLin Jinhan #define CRYPTO_SHA512 BIT(3) 1949a2135eSLin Jinhan #define CRYPTO_SM3 BIT(4) 20e7846385SLin Jinhan 21e7846385SLin Jinhan #define CRYPTO_RSA512 BIT(10) 22e7846385SLin Jinhan #define CRYPTO_RSA1024 BIT(11) 23e7846385SLin Jinhan #define CRYPTO_RSA2048 BIT(12) 24e7846385SLin Jinhan #define CRYPTO_RSA3072 BIT(13) 25e7846385SLin Jinhan #define CRYPTO_RSA4096 BIT(14) 2602b4cf42SLin Jinhan #define CRYPTO_SM2 BIT(15) 2702b4cf42SLin Jinhan #define CRYPTO_ECC_192R1 BIT(16) 2802b4cf42SLin Jinhan #define CRYPTO_ECC_224R1 BIT(17) 2902b4cf42SLin Jinhan #define CRYPTO_ECC_256R1 BIT(18) 30cc6ac5d6SJoseph Chen 3149a2135eSLin Jinhan #define CRYPTO_DES BIT(20) 3249a2135eSLin Jinhan #define CRYPTO_AES BIT(21) 3349a2135eSLin Jinhan #define CRYPTO_SM4 BIT(22) 3449a2135eSLin Jinhan 3549a2135eSLin Jinhan #define CRYPTO_HMAC_MD5 BIT(25) 3649a2135eSLin Jinhan #define CRYPTO_HMAC_SHA1 BIT(26) 3749a2135eSLin Jinhan #define CRYPTO_HMAC_SHA256 BIT(27) 3849a2135eSLin Jinhan #define CRYPTO_HMAC_SHA512 BIT(28) 3949a2135eSLin Jinhan #define CRYPTO_HMAC_SM3 BIT(29) 4049a2135eSLin Jinhan 41cc6ac5d6SJoseph Chen #define BYTE2WORD(bytes) ((bytes) / 4) 42cc6ac5d6SJoseph Chen #define BITS2BYTE(nbits) ((nbits) / 8) 43cc6ac5d6SJoseph Chen #define BITS2WORD(nbits) ((nbits) / 32) 4402b4cf42SLin Jinhan #define WORD2BYTE(words) ((words) * 4) 45cc6ac5d6SJoseph Chen 4649a2135eSLin Jinhan enum RK_CRYPTO_MODE { 4749a2135eSLin Jinhan RK_MODE_ECB = 0, 4849a2135eSLin Jinhan RK_MODE_CBC, 4949a2135eSLin Jinhan RK_MODE_CTS, 5049a2135eSLin Jinhan RK_MODE_CTR, 5149a2135eSLin Jinhan RK_MODE_CFB, 5249a2135eSLin Jinhan RK_MODE_OFB, 5349a2135eSLin Jinhan RK_MODE_XTS, 54c3ce9937SLin Jinhan RK_MODE_CCM, 55c3ce9937SLin Jinhan RK_MODE_GCM, 56d9332f1cSLin Jinhan RK_MODE_CMAC, 57d9332f1cSLin Jinhan RK_MODE_CBC_MAC, 5849a2135eSLin Jinhan RK_MODE_MAX 5949a2135eSLin Jinhan }; 6049a2135eSLin Jinhan 61cc6ac5d6SJoseph Chen typedef struct { 62cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63cc6ac5d6SJoseph Chen u32 length; /* Data total length */ 64cc6ac5d6SJoseph Chen 65cc6ac5d6SJoseph Chen } sha_context; 66cc6ac5d6SJoseph Chen 67cc6ac5d6SJoseph Chen typedef struct { 68cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69cc6ac5d6SJoseph Chen u32 *n; /* Public key factor N */ 70cc6ac5d6SJoseph Chen u32 *e; /* Public key factor E */ 71cc6ac5d6SJoseph Chen u32 *c; /* Optional, a accelerate factor for some crypto */ 72cc6ac5d6SJoseph Chen } rsa_key; 73cc6ac5d6SJoseph Chen 7449a2135eSLin Jinhan typedef struct { 7502b4cf42SLin Jinhan u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 7602b4cf42SLin Jinhan u32 *x; /* public key x */ 7702b4cf42SLin Jinhan u32 *y; /* public key y */ 7802b4cf42SLin Jinhan u32 *d; /* private key */ 7902b4cf42SLin Jinhan } ec_key; 8002b4cf42SLin Jinhan 8102b4cf42SLin Jinhan typedef struct { 8249a2135eSLin Jinhan u32 algo; 8349a2135eSLin Jinhan u32 mode; 8449a2135eSLin Jinhan const u8 *key; 8549a2135eSLin Jinhan const u8 *twk_key; 8649a2135eSLin Jinhan u32 key_len; 8749a2135eSLin Jinhan const u8 *iv; 8849a2135eSLin Jinhan u32 iv_len; 8949a2135eSLin Jinhan } cipher_context; 9049a2135eSLin Jinhan 91f400b2a4SLin Jinhan typedef struct { 92f400b2a4SLin Jinhan u32 algo; 93f400b2a4SLin Jinhan u32 mode; 94f400b2a4SLin Jinhan u32 key_len; 95f400b2a4SLin Jinhan const u8 *iv; 96f400b2a4SLin Jinhan u32 iv_len; 97f400b2a4SLin Jinhan u32 fw_keyid; 98f400b2a4SLin Jinhan } cipher_fw_context; 99f400b2a4SLin Jinhan 100cc6ac5d6SJoseph Chen struct dm_crypto_ops { 101cc6ac5d6SJoseph Chen /* Hardware algorithm capability */ 102cc6ac5d6SJoseph Chen u32 (*capability)(struct udevice *dev); 103cc6ac5d6SJoseph Chen 104cc6ac5d6SJoseph Chen /* SHA init/update/final */ 105cc6ac5d6SJoseph Chen int (*sha_init)(struct udevice *dev, sha_context *ctx); 106cc6ac5d6SJoseph Chen int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 107cc6ac5d6SJoseph Chen int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 108cc6ac5d6SJoseph Chen 109cc6ac5d6SJoseph Chen /* RSA verify */ 110cc6ac5d6SJoseph Chen int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 111cc6ac5d6SJoseph Chen u8 *sign, u8 *output); 11202b4cf42SLin Jinhan 11302b4cf42SLin Jinhan /* EC verify */ 11402b4cf42SLin Jinhan int (*ec_verify)(struct udevice *dev, ec_key *ctx, 11502b4cf42SLin Jinhan u8 *hash, u32 hash_len, u8 *sign); 11602b4cf42SLin Jinhan 11749a2135eSLin Jinhan /* HMAC init/update/final */ 11849a2135eSLin Jinhan int (*hmac_init)(struct udevice *dev, sha_context *ctx, 11949a2135eSLin Jinhan u8 *key, u32 key_len); 12049a2135eSLin Jinhan int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 12149a2135eSLin Jinhan int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 12249a2135eSLin Jinhan 12349a2135eSLin Jinhan /* cipher encryption and decryption */ 12449a2135eSLin Jinhan int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 12549a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 126d9332f1cSLin Jinhan 127d9332f1cSLin Jinhan /* cipher mac cmac&cbc_mac */ 128d9332f1cSLin Jinhan int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 129d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 130c3ce9937SLin Jinhan 131c3ce9937SLin Jinhan /* cipher aes ccm&gcm */ 132c3ce9937SLin Jinhan int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 133c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 134c3ce9937SLin Jinhan u8 *out, u8 *tag); 135c3ce9937SLin Jinhan 136f400b2a4SLin Jinhan /* cipher firmware encryption and decryption */ 137f400b2a4SLin Jinhan int (*cipher_fw_crypt)(struct udevice *dev, cipher_fw_context *ctx, 138f400b2a4SLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 139f400b2a4SLin Jinhan 140f400b2a4SLin Jinhan ulong (*keytable_addr)(struct udevice *dev); 141*36e17db4Stroy.lin 142*36e17db4Stroy.lin bool (*is_secure)(struct udevice *dev); 143cc6ac5d6SJoseph Chen }; 144cc6ac5d6SJoseph Chen 145cc6ac5d6SJoseph Chen /** 146cc6ac5d6SJoseph Chen * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 147cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 148cc6ac5d6SJoseph Chen * 149cc6ac5d6SJoseph Chen * @return algorithm bits 150cc6ac5d6SJoseph Chen */ 151cc6ac5d6SJoseph Chen u32 crypto_algo_nbits(u32 algo); 152cc6ac5d6SJoseph Chen 153cc6ac5d6SJoseph Chen /** 154cc6ac5d6SJoseph Chen * crypto_get_device() - Get crypto device by capability 155cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 156cc6ac5d6SJoseph Chen * 157cc6ac5d6SJoseph Chen * @return dev on success, otherwise NULL 158cc6ac5d6SJoseph Chen */ 159cc6ac5d6SJoseph Chen struct udevice *crypto_get_device(u32 capability); 160cc6ac5d6SJoseph Chen 161cc6ac5d6SJoseph Chen /** 162cc6ac5d6SJoseph Chen * crypto_sha_init() - Crypto sha init 163cc6ac5d6SJoseph Chen * 164cc6ac5d6SJoseph Chen * @dev: crypto device 165cc6ac5d6SJoseph Chen * @ctx: sha context 166cc6ac5d6SJoseph Chen * 167cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 168cc6ac5d6SJoseph Chen */ 169cc6ac5d6SJoseph Chen int crypto_sha_init(struct udevice *dev, sha_context *ctx); 170cc6ac5d6SJoseph Chen 171cc6ac5d6SJoseph Chen /** 172cc6ac5d6SJoseph Chen * crypto_sha_update() - Crypto sha update 173cc6ac5d6SJoseph Chen * 174cc6ac5d6SJoseph Chen * @dev: crypto device 175cc6ac5d6SJoseph Chen * @input: input data buffer 176cc6ac5d6SJoseph Chen * @len: input data length 177cc6ac5d6SJoseph Chen * 178cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 179cc6ac5d6SJoseph Chen */ 180cc6ac5d6SJoseph Chen int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 181cc6ac5d6SJoseph Chen 182cc6ac5d6SJoseph Chen /** 183cc6ac5d6SJoseph Chen * crypto_sha_final() - Crypto sha finish and get result 184cc6ac5d6SJoseph Chen * 185cc6ac5d6SJoseph Chen * @dev: crypto device 186cc6ac5d6SJoseph Chen * @ctx: sha context 187cc6ac5d6SJoseph Chen * @output: output hash data 188cc6ac5d6SJoseph Chen * 189cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 190cc6ac5d6SJoseph Chen */ 191cc6ac5d6SJoseph Chen int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 192cc6ac5d6SJoseph Chen 193cc6ac5d6SJoseph Chen /** 194cc6ac5d6SJoseph Chen * crypto_sha_csum() - Crypto sha hash for one data block only 195cc6ac5d6SJoseph Chen * 196cc6ac5d6SJoseph Chen * @dev: crypto device 197cc6ac5d6SJoseph Chen * @ctx: sha context 198cc6ac5d6SJoseph Chen * @input: input data buffer 199cc6ac5d6SJoseph Chen * @input_len: input data length 200cc6ac5d6SJoseph Chen * @output: output hash data 201cc6ac5d6SJoseph Chen * 202cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 203cc6ac5d6SJoseph Chen */ 204cc6ac5d6SJoseph Chen int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 205cc6ac5d6SJoseph Chen char *input, u32 input_len, u8 *output); 206cc6ac5d6SJoseph Chen 207cc6ac5d6SJoseph Chen /** 208c14e46abSJoseph Chen * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 209c14e46abSJoseph Chen * 210c14e46abSJoseph Chen * @dev: crypto device 211c14e46abSJoseph Chen * @ctx: sha context 212c14e46abSJoseph Chen * @region: regions buffer 213c14e46abSJoseph Chen * @region_count: regions count 214c14e46abSJoseph Chen * @output: output hash data 215c14e46abSJoseph Chen * 216c14e46abSJoseph Chen * @return 0 on success, otherwise failed 217c14e46abSJoseph Chen */ 218c14e46abSJoseph Chen int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 219c14e46abSJoseph Chen const struct image_region region[], 220c14e46abSJoseph Chen int region_count, u8 *output); 221c14e46abSJoseph Chen 222c14e46abSJoseph Chen /** 223cc6ac5d6SJoseph Chen * crypto_rsa_verify() - Crypto rsa verify 224cc6ac5d6SJoseph Chen * 225cc6ac5d6SJoseph Chen * @dev: crypto device 226cc6ac5d6SJoseph Chen * @ctx: rsa key context 227cc6ac5d6SJoseph Chen * @sign: signature 228cc6ac5d6SJoseph Chen * @output: output hash data buffer 229cc6ac5d6SJoseph Chen * 230cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 231cc6ac5d6SJoseph Chen */ 232cc6ac5d6SJoseph Chen int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 233cc6ac5d6SJoseph Chen 23449a2135eSLin Jinhan /** 23502b4cf42SLin Jinhan * crypto_ec_verify() - Crypto ec verify 23602b4cf42SLin Jinhan * 23702b4cf42SLin Jinhan * @dev: crypto device 23802b4cf42SLin Jinhan * @ctx: ec key context 23902b4cf42SLin Jinhan * @hash: hash data buffer 24002b4cf42SLin Jinhan * @hash_len: hash data length 24102b4cf42SLin Jinhan * @sign: signature 24202b4cf42SLin Jinhan * 24302b4cf42SLin Jinhan * @return 0 on success, otherwise failed 24402b4cf42SLin Jinhan */ 24502b4cf42SLin Jinhan int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 24602b4cf42SLin Jinhan 24702b4cf42SLin Jinhan /** 24849a2135eSLin Jinhan * crypto_hmac_init() - Crypto hmac init 24949a2135eSLin Jinhan * 25049a2135eSLin Jinhan * @dev: crypto device 25149a2135eSLin Jinhan * @ctx: sha context 25249a2135eSLin Jinhan * 25349a2135eSLin Jinhan * @return 0 on success, otherwise failed 25449a2135eSLin Jinhan */ 25549a2135eSLin Jinhan int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 25649a2135eSLin Jinhan u8 *key, u32 key_len); 25749a2135eSLin Jinhan 25849a2135eSLin Jinhan /** 25949a2135eSLin Jinhan * crypto_hmac_update() - Crypto hmac update 26049a2135eSLin Jinhan * 26149a2135eSLin Jinhan * @dev: crypto device 26249a2135eSLin Jinhan * @input: input data buffer 26349a2135eSLin Jinhan * @len: input data length 26449a2135eSLin Jinhan * 26549a2135eSLin Jinhan * @return 0 on success, otherwise failed 26649a2135eSLin Jinhan */ 26749a2135eSLin Jinhan int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 26849a2135eSLin Jinhan 26949a2135eSLin Jinhan /** 27049a2135eSLin Jinhan * crypto_sha_final() - Crypto hmac finish and get result 27149a2135eSLin Jinhan * 27249a2135eSLin Jinhan * @dev: crypto device 27349a2135eSLin Jinhan * @ctx: sha context 27449a2135eSLin Jinhan * @output: output hash data 27549a2135eSLin Jinhan * 27649a2135eSLin Jinhan * @return 0 on success, otherwise failed 27749a2135eSLin Jinhan */ 27849a2135eSLin Jinhan int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 27949a2135eSLin Jinhan 28049a2135eSLin Jinhan /** 28149a2135eSLin Jinhan * crypto_cipher() - Crypto cipher crypt 28249a2135eSLin Jinhan * 28349a2135eSLin Jinhan * @dev: crypto device 28449a2135eSLin Jinhan * @ctx: cipher context 28549a2135eSLin Jinhan * @in: input data buffer 28649a2135eSLin Jinhan * @out: output data buffer 28749a2135eSLin Jinhan * @len: input data length 28849a2135eSLin Jinhan * @enc: true for encrypt, false for decrypt 28949a2135eSLin Jinhan * @return 0 on success, otherwise failed 29049a2135eSLin Jinhan */ 29149a2135eSLin Jinhan int crypto_cipher(struct udevice *dev, cipher_context *ctx, 29249a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 29349a2135eSLin Jinhan 294d9332f1cSLin Jinhan /** 295d9332f1cSLin Jinhan * crypto_mac() - Crypto cipher mac 296d9332f1cSLin Jinhan * 297d9332f1cSLin Jinhan * @dev: crypto device 298d9332f1cSLin Jinhan * @ctx: cipher context 299d9332f1cSLin Jinhan * @in: input data buffer 300d9332f1cSLin Jinhan * @len: input data length 301d9332f1cSLin Jinhan * @tag: output data buffer 302d9332f1cSLin Jinhan * @return 0 on success, otherwise failed 303d9332f1cSLin Jinhan */ 304d9332f1cSLin Jinhan int crypto_mac(struct udevice *dev, cipher_context *ctx, 305d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 306d9332f1cSLin Jinhan 307c3ce9937SLin Jinhan /** 308c3ce9937SLin Jinhan * crypto_ae() - Crypto cipher authorization and encryption 309c3ce9937SLin Jinhan * 310c3ce9937SLin Jinhan * @dev: crypto device 311c3ce9937SLin Jinhan * @ctx: cipher context 312c3ce9937SLin Jinhan * @in: input data buffer 313c3ce9937SLin Jinhan * @len: input data length 314c3ce9937SLin Jinhan * @aad: associated data buffer 315c3ce9937SLin Jinhan * @aad_len: associated data length 316c3ce9937SLin Jinhan * @out: output data buffer 317c3ce9937SLin Jinhan * @tag: tag buffer 318c3ce9937SLin Jinhan * @return 0 on success, otherwise failed 319c3ce9937SLin Jinhan */ 320c3ce9937SLin Jinhan int crypto_ae(struct udevice *dev, cipher_context *ctx, 321c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 322c3ce9937SLin Jinhan u8 *out, u8 *tag); 323c3ce9937SLin Jinhan 324f400b2a4SLin Jinhan /** 325f400b2a4SLin Jinhan * crypto_fw_cipher() - Crypto cipher firmware crypt 326f400b2a4SLin Jinhan * 327f400b2a4SLin Jinhan * @dev: crypto device 328f400b2a4SLin Jinhan * @ctx: cipher firmware context 329f400b2a4SLin Jinhan * @in: input data buffer 330f400b2a4SLin Jinhan * @out: output data buffer 331f400b2a4SLin Jinhan * @len: input data length 332f400b2a4SLin Jinhan * @enc: true for encrypt, false for decrypt 333f400b2a4SLin Jinhan * @return 0 on success, otherwise failed 334f400b2a4SLin Jinhan */ 335f400b2a4SLin Jinhan int crypto_fw_cipher(struct udevice *dev, cipher_fw_context *ctx, 336f400b2a4SLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 337f400b2a4SLin Jinhan 338f400b2a4SLin Jinhan /** 339f400b2a4SLin Jinhan * crypto_keytable_addr() - Crypto keytable address 340f400b2a4SLin Jinhan * 341f400b2a4SLin Jinhan * @dev: crypto device 342f400b2a4SLin Jinhan * @return crypto keytable address 343f400b2a4SLin Jinhan */ 344f400b2a4SLin Jinhan ulong crypto_keytable_addr(struct udevice *dev); 345f400b2a4SLin Jinhan 346*36e17db4Stroy.lin /** 347*36e17db4Stroy.lin * crypto_is_secure() - Crypto keytable address 348*36e17db4Stroy.lin * 349*36e17db4Stroy.lin * @dev: crypto device 350*36e17db4Stroy.lin * @return true: secure device, false: non-secure device 351*36e17db4Stroy.lin */ 352*36e17db4Stroy.lin bool crypto_is_secure(struct udevice *dev); 353*36e17db4Stroy.lin 354cc6ac5d6SJoseph Chen #endif 355