1cc6ac5d6SJoseph Chen /* SPDX-License-Identifier: GPL-2.0+ */ 2cc6ac5d6SJoseph Chen /* 3cc6ac5d6SJoseph Chen * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4cc6ac5d6SJoseph Chen */ 5cc6ac5d6SJoseph Chen 6cc6ac5d6SJoseph Chen #ifndef _CORE_CRYPTO_H_ 7cc6ac5d6SJoseph Chen #define _CORE_CRYPTO_H_ 8cc6ac5d6SJoseph Chen 91d2a3f6cSJoseph Chen #include <common.h> 101d2a3f6cSJoseph Chen #include <dm.h> 11c14e46abSJoseph Chen #include <image.h> 121d2a3f6cSJoseph Chen #include <u-boot/sha1.h> 131d2a3f6cSJoseph Chen 14cc6ac5d6SJoseph Chen /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15cc6ac5d6SJoseph Chen #define CRYPTO_MD5 BIT(0) 16cc6ac5d6SJoseph Chen #define CRYPTO_SHA1 BIT(1) 17cc6ac5d6SJoseph Chen #define CRYPTO_SHA256 BIT(2) 18e7846385SLin Jinhan #define CRYPTO_SHA512 BIT(3) 1949a2135eSLin Jinhan #define CRYPTO_SM3 BIT(4) 20e7846385SLin Jinhan 21e7846385SLin Jinhan #define CRYPTO_RSA512 BIT(10) 22e7846385SLin Jinhan #define CRYPTO_RSA1024 BIT(11) 23e7846385SLin Jinhan #define CRYPTO_RSA2048 BIT(12) 24e7846385SLin Jinhan #define CRYPTO_RSA3072 BIT(13) 25e7846385SLin Jinhan #define CRYPTO_RSA4096 BIT(14) 26cc6ac5d6SJoseph Chen 2749a2135eSLin Jinhan #define CRYPTO_DES BIT(20) 2849a2135eSLin Jinhan #define CRYPTO_AES BIT(21) 2949a2135eSLin Jinhan #define CRYPTO_SM4 BIT(22) 3049a2135eSLin Jinhan 3149a2135eSLin Jinhan #define CRYPTO_HMAC_MD5 BIT(25) 3249a2135eSLin Jinhan #define CRYPTO_HMAC_SHA1 BIT(26) 3349a2135eSLin Jinhan #define CRYPTO_HMAC_SHA256 BIT(27) 3449a2135eSLin Jinhan #define CRYPTO_HMAC_SHA512 BIT(28) 3549a2135eSLin Jinhan #define CRYPTO_HMAC_SM3 BIT(29) 3649a2135eSLin Jinhan 37cc6ac5d6SJoseph Chen #define BYTE2WORD(bytes) ((bytes) / 4) 38cc6ac5d6SJoseph Chen #define BITS2BYTE(nbits) ((nbits) / 8) 39cc6ac5d6SJoseph Chen #define BITS2WORD(nbits) ((nbits) / 32) 40cc6ac5d6SJoseph Chen 4149a2135eSLin Jinhan enum RK_CRYPTO_MODE { 4249a2135eSLin Jinhan RK_MODE_ECB = 0, 4349a2135eSLin Jinhan RK_MODE_CBC, 4449a2135eSLin Jinhan RK_MODE_CTS, 4549a2135eSLin Jinhan RK_MODE_CTR, 4649a2135eSLin Jinhan RK_MODE_CFB, 4749a2135eSLin Jinhan RK_MODE_OFB, 4849a2135eSLin Jinhan RK_MODE_XTS, 49*d9332f1cSLin Jinhan RK_MODE_CMAC, 50*d9332f1cSLin Jinhan RK_MODE_CBC_MAC, 5149a2135eSLin Jinhan RK_MODE_MAX 5249a2135eSLin Jinhan }; 5349a2135eSLin Jinhan 54cc6ac5d6SJoseph Chen typedef struct { 55cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 56cc6ac5d6SJoseph Chen u32 length; /* Data total length */ 57cc6ac5d6SJoseph Chen 58cc6ac5d6SJoseph Chen } sha_context; 59cc6ac5d6SJoseph Chen 60cc6ac5d6SJoseph Chen typedef struct { 61cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 62cc6ac5d6SJoseph Chen u32 *n; /* Public key factor N */ 63cc6ac5d6SJoseph Chen u32 *e; /* Public key factor E */ 64cc6ac5d6SJoseph Chen u32 *c; /* Optional, a accelerate factor for some crypto */ 65cc6ac5d6SJoseph Chen } rsa_key; 66cc6ac5d6SJoseph Chen 6749a2135eSLin Jinhan typedef struct { 6849a2135eSLin Jinhan u32 algo; 6949a2135eSLin Jinhan u32 mode; 7049a2135eSLin Jinhan const u8 *key; 7149a2135eSLin Jinhan const u8 *twk_key; 7249a2135eSLin Jinhan u32 key_len; 7349a2135eSLin Jinhan const u8 *iv; 7449a2135eSLin Jinhan u32 iv_len; 7549a2135eSLin Jinhan } cipher_context; 7649a2135eSLin Jinhan 77cc6ac5d6SJoseph Chen struct dm_crypto_ops { 78cc6ac5d6SJoseph Chen /* Hardware algorithm capability */ 79cc6ac5d6SJoseph Chen u32 (*capability)(struct udevice *dev); 80cc6ac5d6SJoseph Chen 81cc6ac5d6SJoseph Chen /* SHA init/update/final */ 82cc6ac5d6SJoseph Chen int (*sha_init)(struct udevice *dev, sha_context *ctx); 83cc6ac5d6SJoseph Chen int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 84cc6ac5d6SJoseph Chen int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 85cc6ac5d6SJoseph Chen 86cc6ac5d6SJoseph Chen /* RSA verify */ 87cc6ac5d6SJoseph Chen int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 88cc6ac5d6SJoseph Chen u8 *sign, u8 *output); 8949a2135eSLin Jinhan /* HMAC init/update/final */ 9049a2135eSLin Jinhan int (*hmac_init)(struct udevice *dev, sha_context *ctx, 9149a2135eSLin Jinhan u8 *key, u32 key_len); 9249a2135eSLin Jinhan int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 9349a2135eSLin Jinhan int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 9449a2135eSLin Jinhan 9549a2135eSLin Jinhan /* cipher encryption and decryption */ 9649a2135eSLin Jinhan int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 9749a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 98*d9332f1cSLin Jinhan 99*d9332f1cSLin Jinhan /* cipher mac cmac&cbc_mac */ 100*d9332f1cSLin Jinhan int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 101*d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 102cc6ac5d6SJoseph Chen }; 103cc6ac5d6SJoseph Chen 104cc6ac5d6SJoseph Chen /** 105cc6ac5d6SJoseph Chen * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 106cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 107cc6ac5d6SJoseph Chen * 108cc6ac5d6SJoseph Chen * @return algorithm bits 109cc6ac5d6SJoseph Chen */ 110cc6ac5d6SJoseph Chen u32 crypto_algo_nbits(u32 algo); 111cc6ac5d6SJoseph Chen 112cc6ac5d6SJoseph Chen /** 113cc6ac5d6SJoseph Chen * crypto_get_device() - Get crypto device by capability 114cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 115cc6ac5d6SJoseph Chen * 116cc6ac5d6SJoseph Chen * @return dev on success, otherwise NULL 117cc6ac5d6SJoseph Chen */ 118cc6ac5d6SJoseph Chen struct udevice *crypto_get_device(u32 capability); 119cc6ac5d6SJoseph Chen 120cc6ac5d6SJoseph Chen /** 121cc6ac5d6SJoseph Chen * crypto_sha_init() - Crypto sha init 122cc6ac5d6SJoseph Chen * 123cc6ac5d6SJoseph Chen * @dev: crypto device 124cc6ac5d6SJoseph Chen * @ctx: sha context 125cc6ac5d6SJoseph Chen * 126cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 127cc6ac5d6SJoseph Chen */ 128cc6ac5d6SJoseph Chen int crypto_sha_init(struct udevice *dev, sha_context *ctx); 129cc6ac5d6SJoseph Chen 130cc6ac5d6SJoseph Chen /** 131cc6ac5d6SJoseph Chen * crypto_sha_update() - Crypto sha update 132cc6ac5d6SJoseph Chen * 133cc6ac5d6SJoseph Chen * @dev: crypto device 134cc6ac5d6SJoseph Chen * @input: input data buffer 135cc6ac5d6SJoseph Chen * @len: input data length 136cc6ac5d6SJoseph Chen * 137cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 138cc6ac5d6SJoseph Chen */ 139cc6ac5d6SJoseph Chen int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 140cc6ac5d6SJoseph Chen 141cc6ac5d6SJoseph Chen /** 142cc6ac5d6SJoseph Chen * crypto_sha_final() - Crypto sha finish and get result 143cc6ac5d6SJoseph Chen * 144cc6ac5d6SJoseph Chen * @dev: crypto device 145cc6ac5d6SJoseph Chen * @ctx: sha context 146cc6ac5d6SJoseph Chen * @output: output hash data 147cc6ac5d6SJoseph Chen * 148cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 149cc6ac5d6SJoseph Chen */ 150cc6ac5d6SJoseph Chen int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 151cc6ac5d6SJoseph Chen 152cc6ac5d6SJoseph Chen /** 153cc6ac5d6SJoseph Chen * crypto_sha_csum() - Crypto sha hash for one data block only 154cc6ac5d6SJoseph Chen * 155cc6ac5d6SJoseph Chen * @dev: crypto device 156cc6ac5d6SJoseph Chen * @ctx: sha context 157cc6ac5d6SJoseph Chen * @input: input data buffer 158cc6ac5d6SJoseph Chen * @input_len: input data length 159cc6ac5d6SJoseph Chen * @output: output hash data 160cc6ac5d6SJoseph Chen * 161cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 162cc6ac5d6SJoseph Chen */ 163cc6ac5d6SJoseph Chen int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 164cc6ac5d6SJoseph Chen char *input, u32 input_len, u8 *output); 165cc6ac5d6SJoseph Chen 166cc6ac5d6SJoseph Chen /** 167c14e46abSJoseph Chen * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 168c14e46abSJoseph Chen * 169c14e46abSJoseph Chen * @dev: crypto device 170c14e46abSJoseph Chen * @ctx: sha context 171c14e46abSJoseph Chen * @region: regions buffer 172c14e46abSJoseph Chen * @region_count: regions count 173c14e46abSJoseph Chen * @output: output hash data 174c14e46abSJoseph Chen * 175c14e46abSJoseph Chen * @return 0 on success, otherwise failed 176c14e46abSJoseph Chen */ 177c14e46abSJoseph Chen int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 178c14e46abSJoseph Chen const struct image_region region[], 179c14e46abSJoseph Chen int region_count, u8 *output); 180c14e46abSJoseph Chen 181c14e46abSJoseph Chen /** 182cc6ac5d6SJoseph Chen * crypto_rsa_verify() - Crypto rsa verify 183cc6ac5d6SJoseph Chen * 184cc6ac5d6SJoseph Chen * @dev: crypto device 185cc6ac5d6SJoseph Chen * @ctx: rsa key context 186cc6ac5d6SJoseph Chen * @sign: signature 187cc6ac5d6SJoseph Chen * @output: output hash data buffer 188cc6ac5d6SJoseph Chen * 189cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 190cc6ac5d6SJoseph Chen */ 191cc6ac5d6SJoseph Chen int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 192cc6ac5d6SJoseph Chen 19349a2135eSLin Jinhan /** 19449a2135eSLin Jinhan * crypto_hmac_init() - Crypto hmac init 19549a2135eSLin Jinhan * 19649a2135eSLin Jinhan * @dev: crypto device 19749a2135eSLin Jinhan * @ctx: sha context 19849a2135eSLin Jinhan * 19949a2135eSLin Jinhan * @return 0 on success, otherwise failed 20049a2135eSLin Jinhan */ 20149a2135eSLin Jinhan int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 20249a2135eSLin Jinhan u8 *key, u32 key_len); 20349a2135eSLin Jinhan 20449a2135eSLin Jinhan /** 20549a2135eSLin Jinhan * crypto_hmac_update() - Crypto hmac update 20649a2135eSLin Jinhan * 20749a2135eSLin Jinhan * @dev: crypto device 20849a2135eSLin Jinhan * @input: input data buffer 20949a2135eSLin Jinhan * @len: input data length 21049a2135eSLin Jinhan * 21149a2135eSLin Jinhan * @return 0 on success, otherwise failed 21249a2135eSLin Jinhan */ 21349a2135eSLin Jinhan int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 21449a2135eSLin Jinhan 21549a2135eSLin Jinhan /** 21649a2135eSLin Jinhan * crypto_sha_final() - Crypto hmac finish and get result 21749a2135eSLin Jinhan * 21849a2135eSLin Jinhan * @dev: crypto device 21949a2135eSLin Jinhan * @ctx: sha context 22049a2135eSLin Jinhan * @output: output hash data 22149a2135eSLin Jinhan * 22249a2135eSLin Jinhan * @return 0 on success, otherwise failed 22349a2135eSLin Jinhan */ 22449a2135eSLin Jinhan int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 22549a2135eSLin Jinhan 22649a2135eSLin Jinhan /** 22749a2135eSLin Jinhan * crypto_cipher() - Crypto cipher crypt 22849a2135eSLin Jinhan * 22949a2135eSLin Jinhan * @dev: crypto device 23049a2135eSLin Jinhan * @ctx: cipher context 23149a2135eSLin Jinhan * @in: input data buffer 23249a2135eSLin Jinhan * @out: output data buffer 23349a2135eSLin Jinhan * @len: input data length 23449a2135eSLin Jinhan * @enc: true for encrypt, false for decrypt 23549a2135eSLin Jinhan * @return 0 on success, otherwise failed 23649a2135eSLin Jinhan */ 23749a2135eSLin Jinhan int crypto_cipher(struct udevice *dev, cipher_context *ctx, 23849a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 23949a2135eSLin Jinhan 240*d9332f1cSLin Jinhan /** 241*d9332f1cSLin Jinhan * crypto_mac() - Crypto cipher mac 242*d9332f1cSLin Jinhan * 243*d9332f1cSLin Jinhan * @dev: crypto device 244*d9332f1cSLin Jinhan * @ctx: cipher context 245*d9332f1cSLin Jinhan * @in: input data buffer 246*d9332f1cSLin Jinhan * @len: input data length 247*d9332f1cSLin Jinhan * @tag: output data buffer 248*d9332f1cSLin Jinhan * @return 0 on success, otherwise failed 249*d9332f1cSLin Jinhan */ 250*d9332f1cSLin Jinhan int crypto_mac(struct udevice *dev, cipher_context *ctx, 251*d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 252*d9332f1cSLin Jinhan 253cc6ac5d6SJoseph Chen #endif 254