1cc6ac5d6SJoseph Chen /* SPDX-License-Identifier: GPL-2.0+ */ 2cc6ac5d6SJoseph Chen /* 3cc6ac5d6SJoseph Chen * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4cc6ac5d6SJoseph Chen */ 5cc6ac5d6SJoseph Chen 6cc6ac5d6SJoseph Chen #ifndef _CORE_CRYPTO_H_ 7cc6ac5d6SJoseph Chen #define _CORE_CRYPTO_H_ 8cc6ac5d6SJoseph Chen 91d2a3f6cSJoseph Chen #include <common.h> 101d2a3f6cSJoseph Chen #include <dm.h> 11c14e46abSJoseph Chen #include <image.h> 121d2a3f6cSJoseph Chen #include <u-boot/sha1.h> 131d2a3f6cSJoseph Chen 14cc6ac5d6SJoseph Chen /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15cc6ac5d6SJoseph Chen #define CRYPTO_MD5 BIT(0) 16cc6ac5d6SJoseph Chen #define CRYPTO_SHA1 BIT(1) 17cc6ac5d6SJoseph Chen #define CRYPTO_SHA256 BIT(2) 18e7846385SLin Jinhan #define CRYPTO_SHA512 BIT(3) 19*49a2135eSLin Jinhan #define CRYPTO_SM3 BIT(4) 20e7846385SLin Jinhan 21e7846385SLin Jinhan #define CRYPTO_RSA512 BIT(10) 22e7846385SLin Jinhan #define CRYPTO_RSA1024 BIT(11) 23e7846385SLin Jinhan #define CRYPTO_RSA2048 BIT(12) 24e7846385SLin Jinhan #define CRYPTO_RSA3072 BIT(13) 25e7846385SLin Jinhan #define CRYPTO_RSA4096 BIT(14) 26cc6ac5d6SJoseph Chen 27*49a2135eSLin Jinhan #define CRYPTO_DES BIT(20) 28*49a2135eSLin Jinhan #define CRYPTO_AES BIT(21) 29*49a2135eSLin Jinhan #define CRYPTO_SM4 BIT(22) 30*49a2135eSLin Jinhan 31*49a2135eSLin Jinhan #define CRYPTO_HMAC_MD5 BIT(25) 32*49a2135eSLin Jinhan #define CRYPTO_HMAC_SHA1 BIT(26) 33*49a2135eSLin Jinhan #define CRYPTO_HMAC_SHA256 BIT(27) 34*49a2135eSLin Jinhan #define CRYPTO_HMAC_SHA512 BIT(28) 35*49a2135eSLin Jinhan #define CRYPTO_HMAC_SM3 BIT(29) 36*49a2135eSLin Jinhan 37cc6ac5d6SJoseph Chen #define BYTE2WORD(bytes) ((bytes) / 4) 38cc6ac5d6SJoseph Chen #define BITS2BYTE(nbits) ((nbits) / 8) 39cc6ac5d6SJoseph Chen #define BITS2WORD(nbits) ((nbits) / 32) 40cc6ac5d6SJoseph Chen 41*49a2135eSLin Jinhan enum RK_CRYPTO_MODE { 42*49a2135eSLin Jinhan RK_MODE_ECB = 0, 43*49a2135eSLin Jinhan RK_MODE_CBC, 44*49a2135eSLin Jinhan RK_MODE_CTS, 45*49a2135eSLin Jinhan RK_MODE_CTR, 46*49a2135eSLin Jinhan RK_MODE_CFB, 47*49a2135eSLin Jinhan RK_MODE_OFB, 48*49a2135eSLin Jinhan RK_MODE_XTS, 49*49a2135eSLin Jinhan RK_MODE_MAX 50*49a2135eSLin Jinhan }; 51*49a2135eSLin Jinhan 52cc6ac5d6SJoseph Chen typedef struct { 53cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 54cc6ac5d6SJoseph Chen u32 length; /* Data total length */ 55cc6ac5d6SJoseph Chen 56cc6ac5d6SJoseph Chen } sha_context; 57cc6ac5d6SJoseph Chen 58cc6ac5d6SJoseph Chen typedef struct { 59cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 60cc6ac5d6SJoseph Chen u32 *n; /* Public key factor N */ 61cc6ac5d6SJoseph Chen u32 *e; /* Public key factor E */ 62cc6ac5d6SJoseph Chen u32 *c; /* Optional, a accelerate factor for some crypto */ 63cc6ac5d6SJoseph Chen } rsa_key; 64cc6ac5d6SJoseph Chen 65*49a2135eSLin Jinhan typedef struct { 66*49a2135eSLin Jinhan u32 algo; 67*49a2135eSLin Jinhan u32 mode; 68*49a2135eSLin Jinhan const u8 *key; 69*49a2135eSLin Jinhan const u8 *twk_key; 70*49a2135eSLin Jinhan u32 key_len; 71*49a2135eSLin Jinhan const u8 *iv; 72*49a2135eSLin Jinhan u32 iv_len; 73*49a2135eSLin Jinhan } cipher_context; 74*49a2135eSLin Jinhan 75cc6ac5d6SJoseph Chen struct dm_crypto_ops { 76cc6ac5d6SJoseph Chen /* Hardware algorithm capability */ 77cc6ac5d6SJoseph Chen u32 (*capability)(struct udevice *dev); 78cc6ac5d6SJoseph Chen 79cc6ac5d6SJoseph Chen /* SHA init/update/final */ 80cc6ac5d6SJoseph Chen int (*sha_init)(struct udevice *dev, sha_context *ctx); 81cc6ac5d6SJoseph Chen int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 82cc6ac5d6SJoseph Chen int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 83cc6ac5d6SJoseph Chen 84cc6ac5d6SJoseph Chen /* RSA verify */ 85cc6ac5d6SJoseph Chen int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 86cc6ac5d6SJoseph Chen u8 *sign, u8 *output); 87*49a2135eSLin Jinhan /* HMAC init/update/final */ 88*49a2135eSLin Jinhan int (*hmac_init)(struct udevice *dev, sha_context *ctx, 89*49a2135eSLin Jinhan u8 *key, u32 key_len); 90*49a2135eSLin Jinhan int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 91*49a2135eSLin Jinhan int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 92*49a2135eSLin Jinhan 93*49a2135eSLin Jinhan /* cipher encryption and decryption */ 94*49a2135eSLin Jinhan int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 95*49a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 96cc6ac5d6SJoseph Chen }; 97cc6ac5d6SJoseph Chen 98cc6ac5d6SJoseph Chen /** 99cc6ac5d6SJoseph Chen * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 100cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 101cc6ac5d6SJoseph Chen * 102cc6ac5d6SJoseph Chen * @return algorithm bits 103cc6ac5d6SJoseph Chen */ 104cc6ac5d6SJoseph Chen u32 crypto_algo_nbits(u32 algo); 105cc6ac5d6SJoseph Chen 106cc6ac5d6SJoseph Chen /** 107cc6ac5d6SJoseph Chen * crypto_get_device() - Get crypto device by capability 108cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 109cc6ac5d6SJoseph Chen * 110cc6ac5d6SJoseph Chen * @return dev on success, otherwise NULL 111cc6ac5d6SJoseph Chen */ 112cc6ac5d6SJoseph Chen struct udevice *crypto_get_device(u32 capability); 113cc6ac5d6SJoseph Chen 114cc6ac5d6SJoseph Chen /** 115cc6ac5d6SJoseph Chen * crypto_sha_init() - Crypto sha init 116cc6ac5d6SJoseph Chen * 117cc6ac5d6SJoseph Chen * @dev: crypto device 118cc6ac5d6SJoseph Chen * @ctx: sha context 119cc6ac5d6SJoseph Chen * 120cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 121cc6ac5d6SJoseph Chen */ 122cc6ac5d6SJoseph Chen int crypto_sha_init(struct udevice *dev, sha_context *ctx); 123cc6ac5d6SJoseph Chen 124cc6ac5d6SJoseph Chen /** 125cc6ac5d6SJoseph Chen * crypto_sha_update() - Crypto sha update 126cc6ac5d6SJoseph Chen * 127cc6ac5d6SJoseph Chen * @dev: crypto device 128cc6ac5d6SJoseph Chen * @input: input data buffer 129cc6ac5d6SJoseph Chen * @len: input data length 130cc6ac5d6SJoseph Chen * 131cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 132cc6ac5d6SJoseph Chen */ 133cc6ac5d6SJoseph Chen int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 134cc6ac5d6SJoseph Chen 135cc6ac5d6SJoseph Chen /** 136cc6ac5d6SJoseph Chen * crypto_sha_final() - Crypto sha finish and get result 137cc6ac5d6SJoseph Chen * 138cc6ac5d6SJoseph Chen * @dev: crypto device 139cc6ac5d6SJoseph Chen * @ctx: sha context 140cc6ac5d6SJoseph Chen * @output: output hash data 141cc6ac5d6SJoseph Chen * 142cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 143cc6ac5d6SJoseph Chen */ 144cc6ac5d6SJoseph Chen int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 145cc6ac5d6SJoseph Chen 146cc6ac5d6SJoseph Chen /** 147cc6ac5d6SJoseph Chen * crypto_sha_csum() - Crypto sha hash for one data block only 148cc6ac5d6SJoseph Chen * 149cc6ac5d6SJoseph Chen * @dev: crypto device 150cc6ac5d6SJoseph Chen * @ctx: sha context 151cc6ac5d6SJoseph Chen * @input: input data buffer 152cc6ac5d6SJoseph Chen * @input_len: input data length 153cc6ac5d6SJoseph Chen * @output: output hash data 154cc6ac5d6SJoseph Chen * 155cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 156cc6ac5d6SJoseph Chen */ 157cc6ac5d6SJoseph Chen int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 158cc6ac5d6SJoseph Chen char *input, u32 input_len, u8 *output); 159cc6ac5d6SJoseph Chen 160cc6ac5d6SJoseph Chen /** 161c14e46abSJoseph Chen * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 162c14e46abSJoseph Chen * 163c14e46abSJoseph Chen * @dev: crypto device 164c14e46abSJoseph Chen * @ctx: sha context 165c14e46abSJoseph Chen * @region: regions buffer 166c14e46abSJoseph Chen * @region_count: regions count 167c14e46abSJoseph Chen * @output: output hash data 168c14e46abSJoseph Chen * 169c14e46abSJoseph Chen * @return 0 on success, otherwise failed 170c14e46abSJoseph Chen */ 171c14e46abSJoseph Chen int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 172c14e46abSJoseph Chen const struct image_region region[], 173c14e46abSJoseph Chen int region_count, u8 *output); 174c14e46abSJoseph Chen 175c14e46abSJoseph Chen /** 176cc6ac5d6SJoseph Chen * crypto_rsa_verify() - Crypto rsa verify 177cc6ac5d6SJoseph Chen * 178cc6ac5d6SJoseph Chen * @dev: crypto device 179cc6ac5d6SJoseph Chen * @ctx: rsa key context 180cc6ac5d6SJoseph Chen * @sign: signature 181cc6ac5d6SJoseph Chen * @output: output hash data buffer 182cc6ac5d6SJoseph Chen * 183cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 184cc6ac5d6SJoseph Chen */ 185cc6ac5d6SJoseph Chen int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 186cc6ac5d6SJoseph Chen 187*49a2135eSLin Jinhan /** 188*49a2135eSLin Jinhan * crypto_hmac_init() - Crypto hmac init 189*49a2135eSLin Jinhan * 190*49a2135eSLin Jinhan * @dev: crypto device 191*49a2135eSLin Jinhan * @ctx: sha context 192*49a2135eSLin Jinhan * 193*49a2135eSLin Jinhan * @return 0 on success, otherwise failed 194*49a2135eSLin Jinhan */ 195*49a2135eSLin Jinhan int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 196*49a2135eSLin Jinhan u8 *key, u32 key_len); 197*49a2135eSLin Jinhan 198*49a2135eSLin Jinhan /** 199*49a2135eSLin Jinhan * crypto_hmac_update() - Crypto hmac update 200*49a2135eSLin Jinhan * 201*49a2135eSLin Jinhan * @dev: crypto device 202*49a2135eSLin Jinhan * @input: input data buffer 203*49a2135eSLin Jinhan * @len: input data length 204*49a2135eSLin Jinhan * 205*49a2135eSLin Jinhan * @return 0 on success, otherwise failed 206*49a2135eSLin Jinhan */ 207*49a2135eSLin Jinhan int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 208*49a2135eSLin Jinhan 209*49a2135eSLin Jinhan /** 210*49a2135eSLin Jinhan * crypto_sha_final() - Crypto hmac finish and get result 211*49a2135eSLin Jinhan * 212*49a2135eSLin Jinhan * @dev: crypto device 213*49a2135eSLin Jinhan * @ctx: sha context 214*49a2135eSLin Jinhan * @output: output hash data 215*49a2135eSLin Jinhan * 216*49a2135eSLin Jinhan * @return 0 on success, otherwise failed 217*49a2135eSLin Jinhan */ 218*49a2135eSLin Jinhan int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 219*49a2135eSLin Jinhan 220*49a2135eSLin Jinhan /** 221*49a2135eSLin Jinhan * crypto_cipher() - Crypto cipher crypt 222*49a2135eSLin Jinhan * 223*49a2135eSLin Jinhan * @dev: crypto device 224*49a2135eSLin Jinhan * @ctx: cipher context 225*49a2135eSLin Jinhan * @in: input data buffer 226*49a2135eSLin Jinhan * @out: output data buffer 227*49a2135eSLin Jinhan * @len: input data length 228*49a2135eSLin Jinhan * @enc: true for encrypt, false for decrypt 229*49a2135eSLin Jinhan * @return 0 on success, otherwise failed 230*49a2135eSLin Jinhan */ 231*49a2135eSLin Jinhan int crypto_cipher(struct udevice *dev, cipher_context *ctx, 232*49a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 233*49a2135eSLin Jinhan 234cc6ac5d6SJoseph Chen #endif 235