1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4 */ 5 6 #ifndef _CORE_CRYPTO_H_ 7 #define _CORE_CRYPTO_H_ 8 9 #include <common.h> 10 #include <dm.h> 11 #include <image.h> 12 #include <u-boot/sha1.h> 13 14 /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15 #define CRYPTO_MD5 BIT(0) 16 #define CRYPTO_SHA1 BIT(1) 17 #define CRYPTO_SHA256 BIT(2) 18 #define CRYPTO_SHA512 BIT(3) 19 #define CRYPTO_SM3 BIT(4) 20 21 #define CRYPTO_RSA512 BIT(10) 22 #define CRYPTO_RSA1024 BIT(11) 23 #define CRYPTO_RSA2048 BIT(12) 24 #define CRYPTO_RSA3072 BIT(13) 25 #define CRYPTO_RSA4096 BIT(14) 26 #define CRYPTO_SM2 BIT(15) 27 #define CRYPTO_ECC_192R1 BIT(16) 28 #define CRYPTO_ECC_224R1 BIT(17) 29 #define CRYPTO_ECC_256R1 BIT(18) 30 31 #define CRYPTO_DES BIT(20) 32 #define CRYPTO_AES BIT(21) 33 #define CRYPTO_SM4 BIT(22) 34 35 #define CRYPTO_HMAC_MD5 BIT(25) 36 #define CRYPTO_HMAC_SHA1 BIT(26) 37 #define CRYPTO_HMAC_SHA256 BIT(27) 38 #define CRYPTO_HMAC_SHA512 BIT(28) 39 #define CRYPTO_HMAC_SM3 BIT(29) 40 41 #define BYTE2WORD(bytes) ((bytes) / 4) 42 #define BITS2BYTE(nbits) ((nbits) / 8) 43 #define BITS2WORD(nbits) ((nbits) / 32) 44 #define WORD2BYTE(words) ((words) * 4) 45 46 enum RK_CRYPTO_MODE { 47 RK_MODE_ECB = 0, 48 RK_MODE_CBC, 49 RK_MODE_CTS, 50 RK_MODE_CTR, 51 RK_MODE_CFB, 52 RK_MODE_OFB, 53 RK_MODE_XTS, 54 RK_MODE_CCM, 55 RK_MODE_GCM, 56 RK_MODE_CMAC, 57 RK_MODE_CBC_MAC, 58 RK_MODE_MAX 59 }; 60 61 typedef struct { 62 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63 u32 length; /* Data total length */ 64 65 } sha_context; 66 67 typedef struct { 68 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69 u32 *n; /* Public key factor N */ 70 u32 *e; /* Public key factor E */ 71 u32 *c; /* Optional, a accelerate factor for some crypto */ 72 } rsa_key; 73 74 typedef struct { 75 u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 76 u32 *x; /* public key x */ 77 u32 *y; /* public key y */ 78 u32 *d; /* private key */ 79 } ec_key; 80 81 typedef struct { 82 u32 algo; 83 u32 mode; 84 const u8 *key; 85 const u8 *twk_key; 86 u32 key_len; 87 const u8 *iv; 88 u32 iv_len; 89 } cipher_context; 90 91 struct dm_crypto_ops { 92 /* Hardware algorithm capability */ 93 u32 (*capability)(struct udevice *dev); 94 95 /* SHA init/update/final */ 96 int (*sha_init)(struct udevice *dev, sha_context *ctx); 97 int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 98 int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 99 100 /* RSA verify */ 101 int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 102 u8 *sign, u8 *output); 103 104 /* EC verify */ 105 int (*ec_verify)(struct udevice *dev, ec_key *ctx, 106 u8 *hash, u32 hash_len, u8 *sign); 107 108 /* HMAC init/update/final */ 109 int (*hmac_init)(struct udevice *dev, sha_context *ctx, 110 u8 *key, u32 key_len); 111 int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 112 int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 113 114 /* cipher encryption and decryption */ 115 int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 116 const u8 *in, u8 *out, u32 len, bool enc); 117 118 /* cipher mac cmac&cbc_mac */ 119 int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 120 const u8 *in, u32 len, u8 *tag); 121 122 /* cipher aes ccm&gcm */ 123 int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 124 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 125 u8 *out, u8 *tag); 126 127 }; 128 129 /** 130 * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 131 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 132 * 133 * @return algorithm bits 134 */ 135 u32 crypto_algo_nbits(u32 algo); 136 137 /** 138 * crypto_get_device() - Get crypto device by capability 139 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 140 * 141 * @return dev on success, otherwise NULL 142 */ 143 struct udevice *crypto_get_device(u32 capability); 144 145 /** 146 * crypto_sha_init() - Crypto sha init 147 * 148 * @dev: crypto device 149 * @ctx: sha context 150 * 151 * @return 0 on success, otherwise failed 152 */ 153 int crypto_sha_init(struct udevice *dev, sha_context *ctx); 154 155 /** 156 * crypto_sha_update() - Crypto sha update 157 * 158 * @dev: crypto device 159 * @input: input data buffer 160 * @len: input data length 161 * 162 * @return 0 on success, otherwise failed 163 */ 164 int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 165 166 /** 167 * crypto_sha_final() - Crypto sha finish and get result 168 * 169 * @dev: crypto device 170 * @ctx: sha context 171 * @output: output hash data 172 * 173 * @return 0 on success, otherwise failed 174 */ 175 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 176 177 /** 178 * crypto_sha_csum() - Crypto sha hash for one data block only 179 * 180 * @dev: crypto device 181 * @ctx: sha context 182 * @input: input data buffer 183 * @input_len: input data length 184 * @output: output hash data 185 * 186 * @return 0 on success, otherwise failed 187 */ 188 int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 189 char *input, u32 input_len, u8 *output); 190 191 /** 192 * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 193 * 194 * @dev: crypto device 195 * @ctx: sha context 196 * @region: regions buffer 197 * @region_count: regions count 198 * @output: output hash data 199 * 200 * @return 0 on success, otherwise failed 201 */ 202 int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 203 const struct image_region region[], 204 int region_count, u8 *output); 205 206 /** 207 * crypto_rsa_verify() - Crypto rsa verify 208 * 209 * @dev: crypto device 210 * @ctx: rsa key context 211 * @sign: signature 212 * @output: output hash data buffer 213 * 214 * @return 0 on success, otherwise failed 215 */ 216 int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 217 218 /** 219 * crypto_ec_verify() - Crypto ec verify 220 * 221 * @dev: crypto device 222 * @ctx: ec key context 223 * @hash: hash data buffer 224 * @hash_len: hash data length 225 * @sign: signature 226 * 227 * @return 0 on success, otherwise failed 228 */ 229 int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 230 231 /** 232 * crypto_hmac_init() - Crypto hmac init 233 * 234 * @dev: crypto device 235 * @ctx: sha context 236 * 237 * @return 0 on success, otherwise failed 238 */ 239 int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 240 u8 *key, u32 key_len); 241 242 /** 243 * crypto_hmac_update() - Crypto hmac update 244 * 245 * @dev: crypto device 246 * @input: input data buffer 247 * @len: input data length 248 * 249 * @return 0 on success, otherwise failed 250 */ 251 int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 252 253 /** 254 * crypto_sha_final() - Crypto hmac finish and get result 255 * 256 * @dev: crypto device 257 * @ctx: sha context 258 * @output: output hash data 259 * 260 * @return 0 on success, otherwise failed 261 */ 262 int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 263 264 /** 265 * crypto_cipher() - Crypto cipher crypt 266 * 267 * @dev: crypto device 268 * @ctx: cipher context 269 * @in: input data buffer 270 * @out: output data buffer 271 * @len: input data length 272 * @enc: true for encrypt, false for decrypt 273 * @return 0 on success, otherwise failed 274 */ 275 int crypto_cipher(struct udevice *dev, cipher_context *ctx, 276 const u8 *in, u8 *out, u32 len, bool enc); 277 278 /** 279 * crypto_mac() - Crypto cipher mac 280 * 281 * @dev: crypto device 282 * @ctx: cipher context 283 * @in: input data buffer 284 * @len: input data length 285 * @tag: output data buffer 286 * @return 0 on success, otherwise failed 287 */ 288 int crypto_mac(struct udevice *dev, cipher_context *ctx, 289 const u8 *in, u32 len, u8 *tag); 290 291 /** 292 * crypto_ae() - Crypto cipher authorization and encryption 293 * 294 * @dev: crypto device 295 * @ctx: cipher context 296 * @in: input data buffer 297 * @len: input data length 298 * @aad: associated data buffer 299 * @aad_len: associated data length 300 * @out: output data buffer 301 * @tag: tag buffer 302 * @return 0 on success, otherwise failed 303 */ 304 int crypto_ae(struct udevice *dev, cipher_context *ctx, 305 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 306 u8 *out, u8 *tag); 307 308 #endif 309