1cc6ac5d6SJoseph Chen /* SPDX-License-Identifier: GPL-2.0+ */ 2cc6ac5d6SJoseph Chen /* 3cc6ac5d6SJoseph Chen * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4cc6ac5d6SJoseph Chen */ 5cc6ac5d6SJoseph Chen 6cc6ac5d6SJoseph Chen #ifndef _CORE_CRYPTO_H_ 7cc6ac5d6SJoseph Chen #define _CORE_CRYPTO_H_ 8cc6ac5d6SJoseph Chen 91d2a3f6cSJoseph Chen #include <common.h> 101d2a3f6cSJoseph Chen #include <dm.h> 11c14e46abSJoseph Chen #include <image.h> 121d2a3f6cSJoseph Chen #include <u-boot/sha1.h> 131d2a3f6cSJoseph Chen 14cc6ac5d6SJoseph Chen /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15cc6ac5d6SJoseph Chen #define CRYPTO_MD5 BIT(0) 16cc6ac5d6SJoseph Chen #define CRYPTO_SHA1 BIT(1) 17cc6ac5d6SJoseph Chen #define CRYPTO_SHA256 BIT(2) 18e7846385SLin Jinhan #define CRYPTO_SHA512 BIT(3) 1949a2135eSLin Jinhan #define CRYPTO_SM3 BIT(4) 20e7846385SLin Jinhan 21e7846385SLin Jinhan #define CRYPTO_RSA512 BIT(10) 22e7846385SLin Jinhan #define CRYPTO_RSA1024 BIT(11) 23e7846385SLin Jinhan #define CRYPTO_RSA2048 BIT(12) 24e7846385SLin Jinhan #define CRYPTO_RSA3072 BIT(13) 25e7846385SLin Jinhan #define CRYPTO_RSA4096 BIT(14) 26*02b4cf42SLin Jinhan #define CRYPTO_SM2 BIT(15) 27*02b4cf42SLin Jinhan #define CRYPTO_ECC_192R1 BIT(16) 28*02b4cf42SLin Jinhan #define CRYPTO_ECC_224R1 BIT(17) 29*02b4cf42SLin Jinhan #define CRYPTO_ECC_256R1 BIT(18) 30cc6ac5d6SJoseph Chen 3149a2135eSLin Jinhan #define CRYPTO_DES BIT(20) 3249a2135eSLin Jinhan #define CRYPTO_AES BIT(21) 3349a2135eSLin Jinhan #define CRYPTO_SM4 BIT(22) 3449a2135eSLin Jinhan 3549a2135eSLin Jinhan #define CRYPTO_HMAC_MD5 BIT(25) 3649a2135eSLin Jinhan #define CRYPTO_HMAC_SHA1 BIT(26) 3749a2135eSLin Jinhan #define CRYPTO_HMAC_SHA256 BIT(27) 3849a2135eSLin Jinhan #define CRYPTO_HMAC_SHA512 BIT(28) 3949a2135eSLin Jinhan #define CRYPTO_HMAC_SM3 BIT(29) 4049a2135eSLin Jinhan 41cc6ac5d6SJoseph Chen #define BYTE2WORD(bytes) ((bytes) / 4) 42cc6ac5d6SJoseph Chen #define BITS2BYTE(nbits) ((nbits) / 8) 43cc6ac5d6SJoseph Chen #define BITS2WORD(nbits) ((nbits) / 32) 44*02b4cf42SLin Jinhan #define WORD2BYTE(words) ((words) * 4) 45cc6ac5d6SJoseph Chen 4649a2135eSLin Jinhan enum RK_CRYPTO_MODE { 4749a2135eSLin Jinhan RK_MODE_ECB = 0, 4849a2135eSLin Jinhan RK_MODE_CBC, 4949a2135eSLin Jinhan RK_MODE_CTS, 5049a2135eSLin Jinhan RK_MODE_CTR, 5149a2135eSLin Jinhan RK_MODE_CFB, 5249a2135eSLin Jinhan RK_MODE_OFB, 5349a2135eSLin Jinhan RK_MODE_XTS, 54c3ce9937SLin Jinhan RK_MODE_CCM, 55c3ce9937SLin Jinhan RK_MODE_GCM, 56d9332f1cSLin Jinhan RK_MODE_CMAC, 57d9332f1cSLin Jinhan RK_MODE_CBC_MAC, 5849a2135eSLin Jinhan RK_MODE_MAX 5949a2135eSLin Jinhan }; 6049a2135eSLin Jinhan 61cc6ac5d6SJoseph Chen typedef struct { 62cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63cc6ac5d6SJoseph Chen u32 length; /* Data total length */ 64cc6ac5d6SJoseph Chen 65cc6ac5d6SJoseph Chen } sha_context; 66cc6ac5d6SJoseph Chen 67cc6ac5d6SJoseph Chen typedef struct { 68cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69cc6ac5d6SJoseph Chen u32 *n; /* Public key factor N */ 70cc6ac5d6SJoseph Chen u32 *e; /* Public key factor E */ 71cc6ac5d6SJoseph Chen u32 *c; /* Optional, a accelerate factor for some crypto */ 72cc6ac5d6SJoseph Chen } rsa_key; 73cc6ac5d6SJoseph Chen 7449a2135eSLin Jinhan typedef struct { 75*02b4cf42SLin Jinhan u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 76*02b4cf42SLin Jinhan u32 *x; /* public key x */ 77*02b4cf42SLin Jinhan u32 *y; /* public key y */ 78*02b4cf42SLin Jinhan u32 *d; /* private key */ 79*02b4cf42SLin Jinhan } ec_key; 80*02b4cf42SLin Jinhan 81*02b4cf42SLin Jinhan typedef struct { 8249a2135eSLin Jinhan u32 algo; 8349a2135eSLin Jinhan u32 mode; 8449a2135eSLin Jinhan const u8 *key; 8549a2135eSLin Jinhan const u8 *twk_key; 8649a2135eSLin Jinhan u32 key_len; 8749a2135eSLin Jinhan const u8 *iv; 8849a2135eSLin Jinhan u32 iv_len; 8949a2135eSLin Jinhan } cipher_context; 9049a2135eSLin Jinhan 91cc6ac5d6SJoseph Chen struct dm_crypto_ops { 92cc6ac5d6SJoseph Chen /* Hardware algorithm capability */ 93cc6ac5d6SJoseph Chen u32 (*capability)(struct udevice *dev); 94cc6ac5d6SJoseph Chen 95cc6ac5d6SJoseph Chen /* SHA init/update/final */ 96cc6ac5d6SJoseph Chen int (*sha_init)(struct udevice *dev, sha_context *ctx); 97cc6ac5d6SJoseph Chen int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 98cc6ac5d6SJoseph Chen int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 99cc6ac5d6SJoseph Chen 100cc6ac5d6SJoseph Chen /* RSA verify */ 101cc6ac5d6SJoseph Chen int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 102cc6ac5d6SJoseph Chen u8 *sign, u8 *output); 103*02b4cf42SLin Jinhan 104*02b4cf42SLin Jinhan /* EC verify */ 105*02b4cf42SLin Jinhan int (*ec_verify)(struct udevice *dev, ec_key *ctx, 106*02b4cf42SLin Jinhan u8 *hash, u32 hash_len, u8 *sign); 107*02b4cf42SLin Jinhan 10849a2135eSLin Jinhan /* HMAC init/update/final */ 10949a2135eSLin Jinhan int (*hmac_init)(struct udevice *dev, sha_context *ctx, 11049a2135eSLin Jinhan u8 *key, u32 key_len); 11149a2135eSLin Jinhan int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 11249a2135eSLin Jinhan int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 11349a2135eSLin Jinhan 11449a2135eSLin Jinhan /* cipher encryption and decryption */ 11549a2135eSLin Jinhan int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 11649a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 117d9332f1cSLin Jinhan 118d9332f1cSLin Jinhan /* cipher mac cmac&cbc_mac */ 119d9332f1cSLin Jinhan int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 120d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 121c3ce9937SLin Jinhan 122c3ce9937SLin Jinhan /* cipher aes ccm&gcm */ 123c3ce9937SLin Jinhan int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 124c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 125c3ce9937SLin Jinhan u8 *out, u8 *tag); 126c3ce9937SLin Jinhan 127cc6ac5d6SJoseph Chen }; 128cc6ac5d6SJoseph Chen 129cc6ac5d6SJoseph Chen /** 130cc6ac5d6SJoseph Chen * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 131cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 132cc6ac5d6SJoseph Chen * 133cc6ac5d6SJoseph Chen * @return algorithm bits 134cc6ac5d6SJoseph Chen */ 135cc6ac5d6SJoseph Chen u32 crypto_algo_nbits(u32 algo); 136cc6ac5d6SJoseph Chen 137cc6ac5d6SJoseph Chen /** 138cc6ac5d6SJoseph Chen * crypto_get_device() - Get crypto device by capability 139cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 140cc6ac5d6SJoseph Chen * 141cc6ac5d6SJoseph Chen * @return dev on success, otherwise NULL 142cc6ac5d6SJoseph Chen */ 143cc6ac5d6SJoseph Chen struct udevice *crypto_get_device(u32 capability); 144cc6ac5d6SJoseph Chen 145cc6ac5d6SJoseph Chen /** 146cc6ac5d6SJoseph Chen * crypto_sha_init() - Crypto sha init 147cc6ac5d6SJoseph Chen * 148cc6ac5d6SJoseph Chen * @dev: crypto device 149cc6ac5d6SJoseph Chen * @ctx: sha context 150cc6ac5d6SJoseph Chen * 151cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 152cc6ac5d6SJoseph Chen */ 153cc6ac5d6SJoseph Chen int crypto_sha_init(struct udevice *dev, sha_context *ctx); 154cc6ac5d6SJoseph Chen 155cc6ac5d6SJoseph Chen /** 156cc6ac5d6SJoseph Chen * crypto_sha_update() - Crypto sha update 157cc6ac5d6SJoseph Chen * 158cc6ac5d6SJoseph Chen * @dev: crypto device 159cc6ac5d6SJoseph Chen * @input: input data buffer 160cc6ac5d6SJoseph Chen * @len: input data length 161cc6ac5d6SJoseph Chen * 162cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 163cc6ac5d6SJoseph Chen */ 164cc6ac5d6SJoseph Chen int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 165cc6ac5d6SJoseph Chen 166cc6ac5d6SJoseph Chen /** 167cc6ac5d6SJoseph Chen * crypto_sha_final() - Crypto sha finish and get result 168cc6ac5d6SJoseph Chen * 169cc6ac5d6SJoseph Chen * @dev: crypto device 170cc6ac5d6SJoseph Chen * @ctx: sha context 171cc6ac5d6SJoseph Chen * @output: output hash data 172cc6ac5d6SJoseph Chen * 173cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 174cc6ac5d6SJoseph Chen */ 175cc6ac5d6SJoseph Chen int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 176cc6ac5d6SJoseph Chen 177cc6ac5d6SJoseph Chen /** 178cc6ac5d6SJoseph Chen * crypto_sha_csum() - Crypto sha hash for one data block only 179cc6ac5d6SJoseph Chen * 180cc6ac5d6SJoseph Chen * @dev: crypto device 181cc6ac5d6SJoseph Chen * @ctx: sha context 182cc6ac5d6SJoseph Chen * @input: input data buffer 183cc6ac5d6SJoseph Chen * @input_len: input data length 184cc6ac5d6SJoseph Chen * @output: output hash data 185cc6ac5d6SJoseph Chen * 186cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 187cc6ac5d6SJoseph Chen */ 188cc6ac5d6SJoseph Chen int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 189cc6ac5d6SJoseph Chen char *input, u32 input_len, u8 *output); 190cc6ac5d6SJoseph Chen 191cc6ac5d6SJoseph Chen /** 192c14e46abSJoseph Chen * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 193c14e46abSJoseph Chen * 194c14e46abSJoseph Chen * @dev: crypto device 195c14e46abSJoseph Chen * @ctx: sha context 196c14e46abSJoseph Chen * @region: regions buffer 197c14e46abSJoseph Chen * @region_count: regions count 198c14e46abSJoseph Chen * @output: output hash data 199c14e46abSJoseph Chen * 200c14e46abSJoseph Chen * @return 0 on success, otherwise failed 201c14e46abSJoseph Chen */ 202c14e46abSJoseph Chen int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 203c14e46abSJoseph Chen const struct image_region region[], 204c14e46abSJoseph Chen int region_count, u8 *output); 205c14e46abSJoseph Chen 206c14e46abSJoseph Chen /** 207cc6ac5d6SJoseph Chen * crypto_rsa_verify() - Crypto rsa verify 208cc6ac5d6SJoseph Chen * 209cc6ac5d6SJoseph Chen * @dev: crypto device 210cc6ac5d6SJoseph Chen * @ctx: rsa key context 211cc6ac5d6SJoseph Chen * @sign: signature 212cc6ac5d6SJoseph Chen * @output: output hash data buffer 213cc6ac5d6SJoseph Chen * 214cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 215cc6ac5d6SJoseph Chen */ 216cc6ac5d6SJoseph Chen int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 217cc6ac5d6SJoseph Chen 21849a2135eSLin Jinhan /** 219*02b4cf42SLin Jinhan * crypto_ec_verify() - Crypto ec verify 220*02b4cf42SLin Jinhan * 221*02b4cf42SLin Jinhan * @dev: crypto device 222*02b4cf42SLin Jinhan * @ctx: ec key context 223*02b4cf42SLin Jinhan * @hash: hash data buffer 224*02b4cf42SLin Jinhan * @hash_len: hash data length 225*02b4cf42SLin Jinhan * @sign: signature 226*02b4cf42SLin Jinhan * 227*02b4cf42SLin Jinhan * @return 0 on success, otherwise failed 228*02b4cf42SLin Jinhan */ 229*02b4cf42SLin Jinhan int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 230*02b4cf42SLin Jinhan 231*02b4cf42SLin Jinhan /** 23249a2135eSLin Jinhan * crypto_hmac_init() - Crypto hmac init 23349a2135eSLin Jinhan * 23449a2135eSLin Jinhan * @dev: crypto device 23549a2135eSLin Jinhan * @ctx: sha context 23649a2135eSLin Jinhan * 23749a2135eSLin Jinhan * @return 0 on success, otherwise failed 23849a2135eSLin Jinhan */ 23949a2135eSLin Jinhan int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 24049a2135eSLin Jinhan u8 *key, u32 key_len); 24149a2135eSLin Jinhan 24249a2135eSLin Jinhan /** 24349a2135eSLin Jinhan * crypto_hmac_update() - Crypto hmac update 24449a2135eSLin Jinhan * 24549a2135eSLin Jinhan * @dev: crypto device 24649a2135eSLin Jinhan * @input: input data buffer 24749a2135eSLin Jinhan * @len: input data length 24849a2135eSLin Jinhan * 24949a2135eSLin Jinhan * @return 0 on success, otherwise failed 25049a2135eSLin Jinhan */ 25149a2135eSLin Jinhan int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 25249a2135eSLin Jinhan 25349a2135eSLin Jinhan /** 25449a2135eSLin Jinhan * crypto_sha_final() - Crypto hmac finish and get result 25549a2135eSLin Jinhan * 25649a2135eSLin Jinhan * @dev: crypto device 25749a2135eSLin Jinhan * @ctx: sha context 25849a2135eSLin Jinhan * @output: output hash data 25949a2135eSLin Jinhan * 26049a2135eSLin Jinhan * @return 0 on success, otherwise failed 26149a2135eSLin Jinhan */ 26249a2135eSLin Jinhan int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 26349a2135eSLin Jinhan 26449a2135eSLin Jinhan /** 26549a2135eSLin Jinhan * crypto_cipher() - Crypto cipher crypt 26649a2135eSLin Jinhan * 26749a2135eSLin Jinhan * @dev: crypto device 26849a2135eSLin Jinhan * @ctx: cipher context 26949a2135eSLin Jinhan * @in: input data buffer 27049a2135eSLin Jinhan * @out: output data buffer 27149a2135eSLin Jinhan * @len: input data length 27249a2135eSLin Jinhan * @enc: true for encrypt, false for decrypt 27349a2135eSLin Jinhan * @return 0 on success, otherwise failed 27449a2135eSLin Jinhan */ 27549a2135eSLin Jinhan int crypto_cipher(struct udevice *dev, cipher_context *ctx, 27649a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 27749a2135eSLin Jinhan 278d9332f1cSLin Jinhan /** 279d9332f1cSLin Jinhan * crypto_mac() - Crypto cipher mac 280d9332f1cSLin Jinhan * 281d9332f1cSLin Jinhan * @dev: crypto device 282d9332f1cSLin Jinhan * @ctx: cipher context 283d9332f1cSLin Jinhan * @in: input data buffer 284d9332f1cSLin Jinhan * @len: input data length 285d9332f1cSLin Jinhan * @tag: output data buffer 286d9332f1cSLin Jinhan * @return 0 on success, otherwise failed 287d9332f1cSLin Jinhan */ 288d9332f1cSLin Jinhan int crypto_mac(struct udevice *dev, cipher_context *ctx, 289d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 290d9332f1cSLin Jinhan 291c3ce9937SLin Jinhan /** 292c3ce9937SLin Jinhan * crypto_ae() - Crypto cipher authorization and encryption 293c3ce9937SLin Jinhan * 294c3ce9937SLin Jinhan * @dev: crypto device 295c3ce9937SLin Jinhan * @ctx: cipher context 296c3ce9937SLin Jinhan * @in: input data buffer 297c3ce9937SLin Jinhan * @len: input data length 298c3ce9937SLin Jinhan * @aad: associated data buffer 299c3ce9937SLin Jinhan * @aad_len: associated data length 300c3ce9937SLin Jinhan * @out: output data buffer 301c3ce9937SLin Jinhan * @tag: tag buffer 302c3ce9937SLin Jinhan * @return 0 on success, otherwise failed 303c3ce9937SLin Jinhan */ 304c3ce9937SLin Jinhan int crypto_ae(struct udevice *dev, cipher_context *ctx, 305c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 306c3ce9937SLin Jinhan u8 *out, u8 *tag); 307c3ce9937SLin Jinhan 308cc6ac5d6SJoseph Chen #endif 309