xref: /rk3399_rockchip-uboot/include/crypto.h (revision d9332f1c9555e2b415ae536413394adfaebc4308) 
1 /* SPDX-License-Identifier:     GPL-2.0+ */
2 /*
3  * (C) Copyright 2019 Rockchip Electronics Co., Ltd
4  */
5 
6 #ifndef _CORE_CRYPTO_H_
7 #define _CORE_CRYPTO_H_
8 
9 #include <common.h>
10 #include <dm.h>
11 #include <image.h>
12 #include <u-boot/sha1.h>
13 
14 /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */
15 #define CRYPTO_MD5		BIT(0)
16 #define CRYPTO_SHA1		BIT(1)
17 #define CRYPTO_SHA256		BIT(2)
18 #define CRYPTO_SHA512		BIT(3)
19 #define CRYPTO_SM3		BIT(4)
20 
21 #define CRYPTO_RSA512		BIT(10)
22 #define CRYPTO_RSA1024		BIT(11)
23 #define CRYPTO_RSA2048		BIT(12)
24 #define CRYPTO_RSA3072		BIT(13)
25 #define CRYPTO_RSA4096		BIT(14)
26 
27 #define CRYPTO_DES		BIT(20)
28 #define CRYPTO_AES		BIT(21)
29 #define CRYPTO_SM4		BIT(22)
30 
31 #define CRYPTO_HMAC_MD5		BIT(25)
32 #define CRYPTO_HMAC_SHA1	BIT(26)
33 #define CRYPTO_HMAC_SHA256	BIT(27)
34 #define CRYPTO_HMAC_SHA512	BIT(28)
35 #define CRYPTO_HMAC_SM3		BIT(29)
36 
37 #define BYTE2WORD(bytes)	((bytes) / 4)
38 #define BITS2BYTE(nbits)	((nbits) / 8)
39 #define BITS2WORD(nbits)	((nbits) / 32)
40 
41 enum RK_CRYPTO_MODE {
42 	RK_MODE_ECB = 0,
43 	RK_MODE_CBC,
44 	RK_MODE_CTS,
45 	RK_MODE_CTR,
46 	RK_MODE_CFB,
47 	RK_MODE_OFB,
48 	RK_MODE_XTS,
49 	RK_MODE_CMAC,
50 	RK_MODE_CBC_MAC,
51 	RK_MODE_MAX
52 };
53 
54 typedef struct {
55 	u32 algo;	/* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */
56 	u32 length;	/* Data total length */
57 
58 } sha_context;
59 
60 typedef struct {
61 	u32 algo;	/* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */
62 	u32 *n;		/* Public key factor N */
63 	u32 *e;		/* Public key factor E */
64 	u32 *c;		/* Optional, a accelerate factor for some crypto */
65 } rsa_key;
66 
67 typedef struct {
68 	u32		algo;
69 	u32		mode;
70 	const u8	*key;
71 	const u8	*twk_key;
72 	u32		key_len;
73 	const u8	*iv;
74 	u32		iv_len;
75 } cipher_context;
76 
77 struct dm_crypto_ops {
78 	/* Hardware algorithm capability */
79 	u32 (*capability)(struct udevice *dev);
80 
81 	/* SHA init/update/final */
82 	int (*sha_init)(struct udevice *dev, sha_context *ctx);
83 	int (*sha_update)(struct udevice *dev, u32 *input, u32 len);
84 	int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output);
85 
86 	/* RSA verify */
87 	int (*rsa_verify)(struct udevice *dev, rsa_key *ctx,
88 			  u8 *sign, u8 *output);
89 	/* HMAC init/update/final */
90 	int (*hmac_init)(struct udevice *dev, sha_context *ctx,
91 			 u8 *key, u32 key_len);
92 	int (*hmac_update)(struct udevice *dev, u32 *input, u32 len);
93 	int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output);
94 
95 	/* cipher encryption and decryption */
96 	int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx,
97 			    const u8 *in, u8 *out, u32 len, bool enc);
98 
99 	/* cipher mac cmac&cbc_mac */
100 	int (*cipher_mac)(struct udevice *dev, cipher_context *ctx,
101 			  const u8 *in, u32 len, u8 *tag);
102 };
103 
104 /**
105  * crypto_algo_nbits() - Get algorithm bits accroding to algorithm
106  * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048...
107  *
108  * @return algorithm bits
109  */
110 u32 crypto_algo_nbits(u32 algo);
111 
112 /**
113  * crypto_get_device() - Get crypto device by capability
114  * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048...
115  *
116  * @return dev on success, otherwise NULL
117  */
118 struct udevice *crypto_get_device(u32 capability);
119 
120 /**
121  * crypto_sha_init() - Crypto sha init
122  *
123  * @dev: crypto device
124  * @ctx: sha context
125  *
126  * @return 0 on success, otherwise failed
127  */
128 int crypto_sha_init(struct udevice *dev, sha_context *ctx);
129 
130 /**
131  * crypto_sha_update() - Crypto sha update
132  *
133  * @dev: crypto device
134  * @input: input data buffer
135  * @len: input data length
136  *
137  * @return 0 on success, otherwise failed
138  */
139 int crypto_sha_update(struct udevice *dev, u32 *input, u32 len);
140 
141 /**
142  * crypto_sha_final() - Crypto sha finish and get result
143  *
144  * @dev: crypto device
145  * @ctx: sha context
146  * @output: output hash data
147  *
148  * @return 0 on success, otherwise failed
149  */
150 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output);
151 
152 /**
153  * crypto_sha_csum() - Crypto sha hash for one data block only
154  *
155  * @dev: crypto device
156  * @ctx: sha context
157  * @input: input data buffer
158  * @input_len: input data length
159  * @output: output hash data
160  *
161  * @return 0 on success, otherwise failed
162  */
163 int crypto_sha_csum(struct udevice *dev, sha_context *ctx,
164 		    char *input, u32 input_len, u8 *output);
165 
166 /**
167  * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks
168  *
169  * @dev: crypto device
170  * @ctx: sha context
171  * @region: regions buffer
172  * @region_count: regions count
173  * @output: output hash data
174  *
175  * @return 0 on success, otherwise failed
176  */
177 int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx,
178 			    const struct image_region region[],
179 			    int region_count, u8 *output);
180 
181 /**
182  * crypto_rsa_verify() - Crypto rsa verify
183  *
184  * @dev: crypto device
185  * @ctx: rsa key context
186  * @sign: signature
187  * @output: output hash data buffer
188  *
189  * @return 0 on success, otherwise failed
190  */
191 int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output);
192 
193 /**
194  * crypto_hmac_init() - Crypto hmac init
195  *
196  * @dev: crypto device
197  * @ctx: sha context
198  *
199  * @return 0 on success, otherwise failed
200  */
201 int crypto_hmac_init(struct udevice *dev, sha_context *ctx,
202 		     u8 *key, u32 key_len);
203 
204 /**
205  * crypto_hmac_update() - Crypto hmac update
206  *
207  * @dev: crypto device
208  * @input: input data buffer
209  * @len: input data length
210  *
211  * @return 0 on success, otherwise failed
212  */
213 int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len);
214 
215 /**
216  * crypto_sha_final() - Crypto hmac finish and get result
217  *
218  * @dev: crypto device
219  * @ctx: sha context
220  * @output: output hash data
221  *
222  * @return 0 on success, otherwise failed
223  */
224 int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output);
225 
226 /**
227  * crypto_cipher() - Crypto cipher crypt
228  *
229  * @dev: crypto device
230  * @ctx: cipher context
231  * @in: input data buffer
232  * @out: output data buffer
233  * @len: input data length
234  * @enc: true for encrypt, false for decrypt
235  * @return 0 on success, otherwise failed
236  */
237 int crypto_cipher(struct udevice *dev, cipher_context *ctx,
238 		  const u8 *in, u8 *out, u32 len, bool enc);
239 
240 /**
241  * crypto_mac() - Crypto cipher mac
242  *
243  * @dev: crypto device
244  * @ctx: cipher context
245  * @in: input data buffer
246  * @len: input data length
247  * @tag: output data buffer
248  * @return 0 on success, otherwise failed
249  */
250 int crypto_mac(struct udevice *dev, cipher_context *ctx,
251 	       const u8 *in, u32 len, u8 *tag);
252 
253 #endif
254