1cc6ac5d6SJoseph Chen /* SPDX-License-Identifier: GPL-2.0+ */ 2cc6ac5d6SJoseph Chen /* 3cc6ac5d6SJoseph Chen * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4cc6ac5d6SJoseph Chen */ 5cc6ac5d6SJoseph Chen 6cc6ac5d6SJoseph Chen #ifndef _CORE_CRYPTO_H_ 7cc6ac5d6SJoseph Chen #define _CORE_CRYPTO_H_ 8cc6ac5d6SJoseph Chen 91d2a3f6cSJoseph Chen #include <common.h> 101d2a3f6cSJoseph Chen #include <dm.h> 11c14e46abSJoseph Chen #include <image.h> 121d2a3f6cSJoseph Chen #include <u-boot/sha1.h> 131d2a3f6cSJoseph Chen 14cc6ac5d6SJoseph Chen /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15cc6ac5d6SJoseph Chen #define CRYPTO_MD5 BIT(0) 16cc6ac5d6SJoseph Chen #define CRYPTO_SHA1 BIT(1) 17cc6ac5d6SJoseph Chen #define CRYPTO_SHA256 BIT(2) 18e7846385SLin Jinhan #define CRYPTO_SHA512 BIT(3) 1949a2135eSLin Jinhan #define CRYPTO_SM3 BIT(4) 20e7846385SLin Jinhan 21e7846385SLin Jinhan #define CRYPTO_RSA512 BIT(10) 22e7846385SLin Jinhan #define CRYPTO_RSA1024 BIT(11) 23e7846385SLin Jinhan #define CRYPTO_RSA2048 BIT(12) 24e7846385SLin Jinhan #define CRYPTO_RSA3072 BIT(13) 25e7846385SLin Jinhan #define CRYPTO_RSA4096 BIT(14) 2602b4cf42SLin Jinhan #define CRYPTO_SM2 BIT(15) 2702b4cf42SLin Jinhan #define CRYPTO_ECC_192R1 BIT(16) 2802b4cf42SLin Jinhan #define CRYPTO_ECC_224R1 BIT(17) 2902b4cf42SLin Jinhan #define CRYPTO_ECC_256R1 BIT(18) 30cc6ac5d6SJoseph Chen 3149a2135eSLin Jinhan #define CRYPTO_DES BIT(20) 3249a2135eSLin Jinhan #define CRYPTO_AES BIT(21) 3349a2135eSLin Jinhan #define CRYPTO_SM4 BIT(22) 3449a2135eSLin Jinhan 3549a2135eSLin Jinhan #define CRYPTO_HMAC_MD5 BIT(25) 3649a2135eSLin Jinhan #define CRYPTO_HMAC_SHA1 BIT(26) 3749a2135eSLin Jinhan #define CRYPTO_HMAC_SHA256 BIT(27) 3849a2135eSLin Jinhan #define CRYPTO_HMAC_SHA512 BIT(28) 3949a2135eSLin Jinhan #define CRYPTO_HMAC_SM3 BIT(29) 4049a2135eSLin Jinhan 41cc6ac5d6SJoseph Chen #define BYTE2WORD(bytes) ((bytes) / 4) 42cc6ac5d6SJoseph Chen #define BITS2BYTE(nbits) ((nbits) / 8) 43cc6ac5d6SJoseph Chen #define BITS2WORD(nbits) ((nbits) / 32) 4402b4cf42SLin Jinhan #define WORD2BYTE(words) ((words) * 4) 45cc6ac5d6SJoseph Chen 4649a2135eSLin Jinhan enum RK_CRYPTO_MODE { 4749a2135eSLin Jinhan RK_MODE_ECB = 0, 4849a2135eSLin Jinhan RK_MODE_CBC, 4949a2135eSLin Jinhan RK_MODE_CTS, 5049a2135eSLin Jinhan RK_MODE_CTR, 5149a2135eSLin Jinhan RK_MODE_CFB, 5249a2135eSLin Jinhan RK_MODE_OFB, 5349a2135eSLin Jinhan RK_MODE_XTS, 54c3ce9937SLin Jinhan RK_MODE_CCM, 55c3ce9937SLin Jinhan RK_MODE_GCM, 56d9332f1cSLin Jinhan RK_MODE_CMAC, 57d9332f1cSLin Jinhan RK_MODE_CBC_MAC, 5849a2135eSLin Jinhan RK_MODE_MAX 5949a2135eSLin Jinhan }; 6049a2135eSLin Jinhan 61cc6ac5d6SJoseph Chen typedef struct { 62cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63cc6ac5d6SJoseph Chen u32 length; /* Data total length */ 64cc6ac5d6SJoseph Chen 65cc6ac5d6SJoseph Chen } sha_context; 66cc6ac5d6SJoseph Chen 67cc6ac5d6SJoseph Chen typedef struct { 68cc6ac5d6SJoseph Chen u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69cc6ac5d6SJoseph Chen u32 *n; /* Public key factor N */ 70cc6ac5d6SJoseph Chen u32 *e; /* Public key factor E */ 71cc6ac5d6SJoseph Chen u32 *c; /* Optional, a accelerate factor for some crypto */ 72cc6ac5d6SJoseph Chen } rsa_key; 73cc6ac5d6SJoseph Chen 7449a2135eSLin Jinhan typedef struct { 7502b4cf42SLin Jinhan u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 7602b4cf42SLin Jinhan u32 *x; /* public key x */ 7702b4cf42SLin Jinhan u32 *y; /* public key y */ 7802b4cf42SLin Jinhan u32 *d; /* private key */ 7902b4cf42SLin Jinhan } ec_key; 8002b4cf42SLin Jinhan 8102b4cf42SLin Jinhan typedef struct { 8249a2135eSLin Jinhan u32 algo; 8349a2135eSLin Jinhan u32 mode; 8449a2135eSLin Jinhan const u8 *key; 8549a2135eSLin Jinhan const u8 *twk_key; 8649a2135eSLin Jinhan u32 key_len; 8749a2135eSLin Jinhan const u8 *iv; 8849a2135eSLin Jinhan u32 iv_len; 8949a2135eSLin Jinhan } cipher_context; 9049a2135eSLin Jinhan 91*f400b2a4SLin Jinhan typedef struct { 92*f400b2a4SLin Jinhan u32 algo; 93*f400b2a4SLin Jinhan u32 mode; 94*f400b2a4SLin Jinhan u32 key_len; 95*f400b2a4SLin Jinhan const u8 *iv; 96*f400b2a4SLin Jinhan u32 iv_len; 97*f400b2a4SLin Jinhan u32 fw_keyid; 98*f400b2a4SLin Jinhan } cipher_fw_context; 99*f400b2a4SLin Jinhan 100cc6ac5d6SJoseph Chen struct dm_crypto_ops { 101cc6ac5d6SJoseph Chen /* Hardware algorithm capability */ 102cc6ac5d6SJoseph Chen u32 (*capability)(struct udevice *dev); 103cc6ac5d6SJoseph Chen 104cc6ac5d6SJoseph Chen /* SHA init/update/final */ 105cc6ac5d6SJoseph Chen int (*sha_init)(struct udevice *dev, sha_context *ctx); 106cc6ac5d6SJoseph Chen int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 107cc6ac5d6SJoseph Chen int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 108cc6ac5d6SJoseph Chen 109cc6ac5d6SJoseph Chen /* RSA verify */ 110cc6ac5d6SJoseph Chen int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 111cc6ac5d6SJoseph Chen u8 *sign, u8 *output); 11202b4cf42SLin Jinhan 11302b4cf42SLin Jinhan /* EC verify */ 11402b4cf42SLin Jinhan int (*ec_verify)(struct udevice *dev, ec_key *ctx, 11502b4cf42SLin Jinhan u8 *hash, u32 hash_len, u8 *sign); 11602b4cf42SLin Jinhan 11749a2135eSLin Jinhan /* HMAC init/update/final */ 11849a2135eSLin Jinhan int (*hmac_init)(struct udevice *dev, sha_context *ctx, 11949a2135eSLin Jinhan u8 *key, u32 key_len); 12049a2135eSLin Jinhan int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 12149a2135eSLin Jinhan int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 12249a2135eSLin Jinhan 12349a2135eSLin Jinhan /* cipher encryption and decryption */ 12449a2135eSLin Jinhan int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 12549a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 126d9332f1cSLin Jinhan 127d9332f1cSLin Jinhan /* cipher mac cmac&cbc_mac */ 128d9332f1cSLin Jinhan int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 129d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 130c3ce9937SLin Jinhan 131c3ce9937SLin Jinhan /* cipher aes ccm&gcm */ 132c3ce9937SLin Jinhan int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 133c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 134c3ce9937SLin Jinhan u8 *out, u8 *tag); 135c3ce9937SLin Jinhan 136*f400b2a4SLin Jinhan /* cipher firmware encryption and decryption */ 137*f400b2a4SLin Jinhan int (*cipher_fw_crypt)(struct udevice *dev, cipher_fw_context *ctx, 138*f400b2a4SLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 139*f400b2a4SLin Jinhan 140*f400b2a4SLin Jinhan ulong (*keytable_addr)(struct udevice *dev); 141cc6ac5d6SJoseph Chen }; 142cc6ac5d6SJoseph Chen 143cc6ac5d6SJoseph Chen /** 144cc6ac5d6SJoseph Chen * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 145cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 146cc6ac5d6SJoseph Chen * 147cc6ac5d6SJoseph Chen * @return algorithm bits 148cc6ac5d6SJoseph Chen */ 149cc6ac5d6SJoseph Chen u32 crypto_algo_nbits(u32 algo); 150cc6ac5d6SJoseph Chen 151cc6ac5d6SJoseph Chen /** 152cc6ac5d6SJoseph Chen * crypto_get_device() - Get crypto device by capability 153cc6ac5d6SJoseph Chen * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 154cc6ac5d6SJoseph Chen * 155cc6ac5d6SJoseph Chen * @return dev on success, otherwise NULL 156cc6ac5d6SJoseph Chen */ 157cc6ac5d6SJoseph Chen struct udevice *crypto_get_device(u32 capability); 158cc6ac5d6SJoseph Chen 159cc6ac5d6SJoseph Chen /** 160cc6ac5d6SJoseph Chen * crypto_sha_init() - Crypto sha init 161cc6ac5d6SJoseph Chen * 162cc6ac5d6SJoseph Chen * @dev: crypto device 163cc6ac5d6SJoseph Chen * @ctx: sha context 164cc6ac5d6SJoseph Chen * 165cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 166cc6ac5d6SJoseph Chen */ 167cc6ac5d6SJoseph Chen int crypto_sha_init(struct udevice *dev, sha_context *ctx); 168cc6ac5d6SJoseph Chen 169cc6ac5d6SJoseph Chen /** 170cc6ac5d6SJoseph Chen * crypto_sha_update() - Crypto sha update 171cc6ac5d6SJoseph Chen * 172cc6ac5d6SJoseph Chen * @dev: crypto device 173cc6ac5d6SJoseph Chen * @input: input data buffer 174cc6ac5d6SJoseph Chen * @len: input data length 175cc6ac5d6SJoseph Chen * 176cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 177cc6ac5d6SJoseph Chen */ 178cc6ac5d6SJoseph Chen int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 179cc6ac5d6SJoseph Chen 180cc6ac5d6SJoseph Chen /** 181cc6ac5d6SJoseph Chen * crypto_sha_final() - Crypto sha finish and get result 182cc6ac5d6SJoseph Chen * 183cc6ac5d6SJoseph Chen * @dev: crypto device 184cc6ac5d6SJoseph Chen * @ctx: sha context 185cc6ac5d6SJoseph Chen * @output: output hash data 186cc6ac5d6SJoseph Chen * 187cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 188cc6ac5d6SJoseph Chen */ 189cc6ac5d6SJoseph Chen int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 190cc6ac5d6SJoseph Chen 191cc6ac5d6SJoseph Chen /** 192cc6ac5d6SJoseph Chen * crypto_sha_csum() - Crypto sha hash for one data block only 193cc6ac5d6SJoseph Chen * 194cc6ac5d6SJoseph Chen * @dev: crypto device 195cc6ac5d6SJoseph Chen * @ctx: sha context 196cc6ac5d6SJoseph Chen * @input: input data buffer 197cc6ac5d6SJoseph Chen * @input_len: input data length 198cc6ac5d6SJoseph Chen * @output: output hash data 199cc6ac5d6SJoseph Chen * 200cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 201cc6ac5d6SJoseph Chen */ 202cc6ac5d6SJoseph Chen int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 203cc6ac5d6SJoseph Chen char *input, u32 input_len, u8 *output); 204cc6ac5d6SJoseph Chen 205cc6ac5d6SJoseph Chen /** 206c14e46abSJoseph Chen * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 207c14e46abSJoseph Chen * 208c14e46abSJoseph Chen * @dev: crypto device 209c14e46abSJoseph Chen * @ctx: sha context 210c14e46abSJoseph Chen * @region: regions buffer 211c14e46abSJoseph Chen * @region_count: regions count 212c14e46abSJoseph Chen * @output: output hash data 213c14e46abSJoseph Chen * 214c14e46abSJoseph Chen * @return 0 on success, otherwise failed 215c14e46abSJoseph Chen */ 216c14e46abSJoseph Chen int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 217c14e46abSJoseph Chen const struct image_region region[], 218c14e46abSJoseph Chen int region_count, u8 *output); 219c14e46abSJoseph Chen 220c14e46abSJoseph Chen /** 221cc6ac5d6SJoseph Chen * crypto_rsa_verify() - Crypto rsa verify 222cc6ac5d6SJoseph Chen * 223cc6ac5d6SJoseph Chen * @dev: crypto device 224cc6ac5d6SJoseph Chen * @ctx: rsa key context 225cc6ac5d6SJoseph Chen * @sign: signature 226cc6ac5d6SJoseph Chen * @output: output hash data buffer 227cc6ac5d6SJoseph Chen * 228cc6ac5d6SJoseph Chen * @return 0 on success, otherwise failed 229cc6ac5d6SJoseph Chen */ 230cc6ac5d6SJoseph Chen int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 231cc6ac5d6SJoseph Chen 23249a2135eSLin Jinhan /** 23302b4cf42SLin Jinhan * crypto_ec_verify() - Crypto ec verify 23402b4cf42SLin Jinhan * 23502b4cf42SLin Jinhan * @dev: crypto device 23602b4cf42SLin Jinhan * @ctx: ec key context 23702b4cf42SLin Jinhan * @hash: hash data buffer 23802b4cf42SLin Jinhan * @hash_len: hash data length 23902b4cf42SLin Jinhan * @sign: signature 24002b4cf42SLin Jinhan * 24102b4cf42SLin Jinhan * @return 0 on success, otherwise failed 24202b4cf42SLin Jinhan */ 24302b4cf42SLin Jinhan int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 24402b4cf42SLin Jinhan 24502b4cf42SLin Jinhan /** 24649a2135eSLin Jinhan * crypto_hmac_init() - Crypto hmac init 24749a2135eSLin Jinhan * 24849a2135eSLin Jinhan * @dev: crypto device 24949a2135eSLin Jinhan * @ctx: sha context 25049a2135eSLin Jinhan * 25149a2135eSLin Jinhan * @return 0 on success, otherwise failed 25249a2135eSLin Jinhan */ 25349a2135eSLin Jinhan int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 25449a2135eSLin Jinhan u8 *key, u32 key_len); 25549a2135eSLin Jinhan 25649a2135eSLin Jinhan /** 25749a2135eSLin Jinhan * crypto_hmac_update() - Crypto hmac update 25849a2135eSLin Jinhan * 25949a2135eSLin Jinhan * @dev: crypto device 26049a2135eSLin Jinhan * @input: input data buffer 26149a2135eSLin Jinhan * @len: input data length 26249a2135eSLin Jinhan * 26349a2135eSLin Jinhan * @return 0 on success, otherwise failed 26449a2135eSLin Jinhan */ 26549a2135eSLin Jinhan int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 26649a2135eSLin Jinhan 26749a2135eSLin Jinhan /** 26849a2135eSLin Jinhan * crypto_sha_final() - Crypto hmac finish and get result 26949a2135eSLin Jinhan * 27049a2135eSLin Jinhan * @dev: crypto device 27149a2135eSLin Jinhan * @ctx: sha context 27249a2135eSLin Jinhan * @output: output hash data 27349a2135eSLin Jinhan * 27449a2135eSLin Jinhan * @return 0 on success, otherwise failed 27549a2135eSLin Jinhan */ 27649a2135eSLin Jinhan int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 27749a2135eSLin Jinhan 27849a2135eSLin Jinhan /** 27949a2135eSLin Jinhan * crypto_cipher() - Crypto cipher crypt 28049a2135eSLin Jinhan * 28149a2135eSLin Jinhan * @dev: crypto device 28249a2135eSLin Jinhan * @ctx: cipher context 28349a2135eSLin Jinhan * @in: input data buffer 28449a2135eSLin Jinhan * @out: output data buffer 28549a2135eSLin Jinhan * @len: input data length 28649a2135eSLin Jinhan * @enc: true for encrypt, false for decrypt 28749a2135eSLin Jinhan * @return 0 on success, otherwise failed 28849a2135eSLin Jinhan */ 28949a2135eSLin Jinhan int crypto_cipher(struct udevice *dev, cipher_context *ctx, 29049a2135eSLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 29149a2135eSLin Jinhan 292d9332f1cSLin Jinhan /** 293d9332f1cSLin Jinhan * crypto_mac() - Crypto cipher mac 294d9332f1cSLin Jinhan * 295d9332f1cSLin Jinhan * @dev: crypto device 296d9332f1cSLin Jinhan * @ctx: cipher context 297d9332f1cSLin Jinhan * @in: input data buffer 298d9332f1cSLin Jinhan * @len: input data length 299d9332f1cSLin Jinhan * @tag: output data buffer 300d9332f1cSLin Jinhan * @return 0 on success, otherwise failed 301d9332f1cSLin Jinhan */ 302d9332f1cSLin Jinhan int crypto_mac(struct udevice *dev, cipher_context *ctx, 303d9332f1cSLin Jinhan const u8 *in, u32 len, u8 *tag); 304d9332f1cSLin Jinhan 305c3ce9937SLin Jinhan /** 306c3ce9937SLin Jinhan * crypto_ae() - Crypto cipher authorization and encryption 307c3ce9937SLin Jinhan * 308c3ce9937SLin Jinhan * @dev: crypto device 309c3ce9937SLin Jinhan * @ctx: cipher context 310c3ce9937SLin Jinhan * @in: input data buffer 311c3ce9937SLin Jinhan * @len: input data length 312c3ce9937SLin Jinhan * @aad: associated data buffer 313c3ce9937SLin Jinhan * @aad_len: associated data length 314c3ce9937SLin Jinhan * @out: output data buffer 315c3ce9937SLin Jinhan * @tag: tag buffer 316c3ce9937SLin Jinhan * @return 0 on success, otherwise failed 317c3ce9937SLin Jinhan */ 318c3ce9937SLin Jinhan int crypto_ae(struct udevice *dev, cipher_context *ctx, 319c3ce9937SLin Jinhan const u8 *in, u32 len, const u8 *aad, u32 aad_len, 320c3ce9937SLin Jinhan u8 *out, u8 *tag); 321c3ce9937SLin Jinhan 322*f400b2a4SLin Jinhan /** 323*f400b2a4SLin Jinhan * crypto_fw_cipher() - Crypto cipher firmware crypt 324*f400b2a4SLin Jinhan * 325*f400b2a4SLin Jinhan * @dev: crypto device 326*f400b2a4SLin Jinhan * @ctx: cipher firmware context 327*f400b2a4SLin Jinhan * @in: input data buffer 328*f400b2a4SLin Jinhan * @out: output data buffer 329*f400b2a4SLin Jinhan * @len: input data length 330*f400b2a4SLin Jinhan * @enc: true for encrypt, false for decrypt 331*f400b2a4SLin Jinhan * @return 0 on success, otherwise failed 332*f400b2a4SLin Jinhan */ 333*f400b2a4SLin Jinhan int crypto_fw_cipher(struct udevice *dev, cipher_fw_context *ctx, 334*f400b2a4SLin Jinhan const u8 *in, u8 *out, u32 len, bool enc); 335*f400b2a4SLin Jinhan 336*f400b2a4SLin Jinhan /** 337*f400b2a4SLin Jinhan * crypto_keytable_addr() - Crypto keytable address 338*f400b2a4SLin Jinhan * 339*f400b2a4SLin Jinhan * @dev: crypto device 340*f400b2a4SLin Jinhan * @return crypto keytable address 341*f400b2a4SLin Jinhan */ 342*f400b2a4SLin Jinhan ulong crypto_keytable_addr(struct udevice *dev); 343*f400b2a4SLin Jinhan 344cc6ac5d6SJoseph Chen #endif 345