1 /* SPDX-License-Identifier: GPL-2.0+ */ 2 /* 3 * (C) Copyright 2019 Rockchip Electronics Co., Ltd 4 */ 5 6 #ifndef _CORE_CRYPTO_H_ 7 #define _CORE_CRYPTO_H_ 8 9 #include <common.h> 10 #include <dm.h> 11 #include <image.h> 12 #include <u-boot/sha1.h> 13 14 /* Algorithms/capability of crypto, works together with crypto_algo_nbits() */ 15 #define CRYPTO_MD5 BIT(0) 16 #define CRYPTO_SHA1 BIT(1) 17 #define CRYPTO_SHA256 BIT(2) 18 #define CRYPTO_SHA512 BIT(3) 19 #define CRYPTO_SM3 BIT(4) 20 21 #define CRYPTO_RSA512 BIT(10) 22 #define CRYPTO_RSA1024 BIT(11) 23 #define CRYPTO_RSA2048 BIT(12) 24 #define CRYPTO_RSA3072 BIT(13) 25 #define CRYPTO_RSA4096 BIT(14) 26 #define CRYPTO_SM2 BIT(15) 27 #define CRYPTO_ECC_192R1 BIT(16) 28 #define CRYPTO_ECC_224R1 BIT(17) 29 #define CRYPTO_ECC_256R1 BIT(18) 30 31 #define CRYPTO_DES BIT(20) 32 #define CRYPTO_AES BIT(21) 33 #define CRYPTO_SM4 BIT(22) 34 35 #define CRYPTO_HMAC_MD5 BIT(25) 36 #define CRYPTO_HMAC_SHA1 BIT(26) 37 #define CRYPTO_HMAC_SHA256 BIT(27) 38 #define CRYPTO_HMAC_SHA512 BIT(28) 39 #define CRYPTO_HMAC_SM3 BIT(29) 40 41 #define BYTE2WORD(bytes) ((bytes) / 4) 42 #define BITS2BYTE(nbits) ((nbits) / 8) 43 #define BITS2WORD(nbits) ((nbits) / 32) 44 #define WORD2BYTE(words) ((words) * 4) 45 46 enum RK_CRYPTO_MODE { 47 RK_MODE_ECB = 0, 48 RK_MODE_CBC, 49 RK_MODE_CTS, 50 RK_MODE_CTR, 51 RK_MODE_CFB, 52 RK_MODE_OFB, 53 RK_MODE_XTS, 54 RK_MODE_CCM, 55 RK_MODE_GCM, 56 RK_MODE_CMAC, 57 RK_MODE_CBC_MAC, 58 RK_MODE_MAX 59 }; 60 61 typedef struct { 62 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 63 u32 length; /* Data total length */ 64 65 } sha_context; 66 67 typedef struct { 68 u32 algo; /* Algorithm: CRYPTO_MD5/CRYPTO_SHA1/CRYPTO_RSA2048... */ 69 u32 *n; /* Public key factor N */ 70 u32 *e; /* Public key factor E */ 71 u32 *c; /* Optional, a accelerate factor for some crypto */ 72 } rsa_key; 73 74 typedef struct { 75 u32 algo; /* Algorithm: CRYPTO_SM2/CRYPTO_ECC_192R1/CRYPTO_ECC_224R1... */ 76 u32 *x; /* public key x */ 77 u32 *y; /* public key y */ 78 u32 *d; /* private key */ 79 } ec_key; 80 81 typedef struct { 82 u32 algo; 83 u32 mode; 84 const u8 *key; 85 const u8 *twk_key; 86 u32 key_len; 87 const u8 *iv; 88 u32 iv_len; 89 } cipher_context; 90 91 typedef struct { 92 u32 algo; 93 u32 mode; 94 u32 key_len; 95 const u8 *iv; 96 u32 iv_len; 97 u32 fw_keyid; 98 } cipher_fw_context; 99 100 struct dm_crypto_ops { 101 /* Hardware algorithm capability */ 102 u32 (*capability)(struct udevice *dev); 103 104 /* SHA init/update/final */ 105 int (*sha_init)(struct udevice *dev, sha_context *ctx); 106 int (*sha_update)(struct udevice *dev, u32 *input, u32 len); 107 int (*sha_final)(struct udevice *dev, sha_context *ctx, u8 *output); 108 109 /* RSA verify */ 110 int (*rsa_verify)(struct udevice *dev, rsa_key *ctx, 111 u8 *sign, u8 *output); 112 113 /* EC verify */ 114 int (*ec_verify)(struct udevice *dev, ec_key *ctx, 115 u8 *hash, u32 hash_len, u8 *sign); 116 117 /* HMAC init/update/final */ 118 int (*hmac_init)(struct udevice *dev, sha_context *ctx, 119 u8 *key, u32 key_len); 120 int (*hmac_update)(struct udevice *dev, u32 *input, u32 len); 121 int (*hmac_final)(struct udevice *dev, sha_context *ctx, u8 *output); 122 123 /* cipher encryption and decryption */ 124 int (*cipher_crypt)(struct udevice *dev, cipher_context *ctx, 125 const u8 *in, u8 *out, u32 len, bool enc); 126 127 /* cipher mac cmac&cbc_mac */ 128 int (*cipher_mac)(struct udevice *dev, cipher_context *ctx, 129 const u8 *in, u32 len, u8 *tag); 130 131 /* cipher aes ccm&gcm */ 132 int (*cipher_ae)(struct udevice *dev, cipher_context *ctx, 133 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 134 u8 *out, u8 *tag); 135 136 /* cipher firmware encryption and decryption */ 137 int (*cipher_fw_crypt)(struct udevice *dev, cipher_fw_context *ctx, 138 const u8 *in, u8 *out, u32 len, bool enc); 139 140 ulong (*keytable_addr)(struct udevice *dev); 141 }; 142 143 /** 144 * crypto_algo_nbits() - Get algorithm bits accroding to algorithm 145 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 146 * 147 * @return algorithm bits 148 */ 149 u32 crypto_algo_nbits(u32 algo); 150 151 /** 152 * crypto_get_device() - Get crypto device by capability 153 * @capability: expected algorithm capability, eg. CRYPTO_MD5/RSA2048... 154 * 155 * @return dev on success, otherwise NULL 156 */ 157 struct udevice *crypto_get_device(u32 capability); 158 159 /** 160 * crypto_sha_init() - Crypto sha init 161 * 162 * @dev: crypto device 163 * @ctx: sha context 164 * 165 * @return 0 on success, otherwise failed 166 */ 167 int crypto_sha_init(struct udevice *dev, sha_context *ctx); 168 169 /** 170 * crypto_sha_update() - Crypto sha update 171 * 172 * @dev: crypto device 173 * @input: input data buffer 174 * @len: input data length 175 * 176 * @return 0 on success, otherwise failed 177 */ 178 int crypto_sha_update(struct udevice *dev, u32 *input, u32 len); 179 180 /** 181 * crypto_sha_final() - Crypto sha finish and get result 182 * 183 * @dev: crypto device 184 * @ctx: sha context 185 * @output: output hash data 186 * 187 * @return 0 on success, otherwise failed 188 */ 189 int crypto_sha_final(struct udevice *dev, sha_context *ctx, u8 *output); 190 191 /** 192 * crypto_sha_csum() - Crypto sha hash for one data block only 193 * 194 * @dev: crypto device 195 * @ctx: sha context 196 * @input: input data buffer 197 * @input_len: input data length 198 * @output: output hash data 199 * 200 * @return 0 on success, otherwise failed 201 */ 202 int crypto_sha_csum(struct udevice *dev, sha_context *ctx, 203 char *input, u32 input_len, u8 *output); 204 205 /** 206 * crypto_sha_regions_csum() - Crypto sha hash for multi data blocks 207 * 208 * @dev: crypto device 209 * @ctx: sha context 210 * @region: regions buffer 211 * @region_count: regions count 212 * @output: output hash data 213 * 214 * @return 0 on success, otherwise failed 215 */ 216 int crypto_sha_regions_csum(struct udevice *dev, sha_context *ctx, 217 const struct image_region region[], 218 int region_count, u8 *output); 219 220 /** 221 * crypto_rsa_verify() - Crypto rsa verify 222 * 223 * @dev: crypto device 224 * @ctx: rsa key context 225 * @sign: signature 226 * @output: output hash data buffer 227 * 228 * @return 0 on success, otherwise failed 229 */ 230 int crypto_rsa_verify(struct udevice *dev, rsa_key *ctx, u8 *sign, u8 *output); 231 232 /** 233 * crypto_ec_verify() - Crypto ec verify 234 * 235 * @dev: crypto device 236 * @ctx: ec key context 237 * @hash: hash data buffer 238 * @hash_len: hash data length 239 * @sign: signature 240 * 241 * @return 0 on success, otherwise failed 242 */ 243 int crypto_ec_verify(struct udevice *dev, ec_key *ctx, u8 *hash, u32 hash_len, u8 *sign); 244 245 /** 246 * crypto_hmac_init() - Crypto hmac init 247 * 248 * @dev: crypto device 249 * @ctx: sha context 250 * 251 * @return 0 on success, otherwise failed 252 */ 253 int crypto_hmac_init(struct udevice *dev, sha_context *ctx, 254 u8 *key, u32 key_len); 255 256 /** 257 * crypto_hmac_update() - Crypto hmac update 258 * 259 * @dev: crypto device 260 * @input: input data buffer 261 * @len: input data length 262 * 263 * @return 0 on success, otherwise failed 264 */ 265 int crypto_hmac_update(struct udevice *dev, u32 *input, u32 len); 266 267 /** 268 * crypto_sha_final() - Crypto hmac finish and get result 269 * 270 * @dev: crypto device 271 * @ctx: sha context 272 * @output: output hash data 273 * 274 * @return 0 on success, otherwise failed 275 */ 276 int crypto_hmac_final(struct udevice *dev, sha_context *ctx, u8 *output); 277 278 /** 279 * crypto_cipher() - Crypto cipher crypt 280 * 281 * @dev: crypto device 282 * @ctx: cipher context 283 * @in: input data buffer 284 * @out: output data buffer 285 * @len: input data length 286 * @enc: true for encrypt, false for decrypt 287 * @return 0 on success, otherwise failed 288 */ 289 int crypto_cipher(struct udevice *dev, cipher_context *ctx, 290 const u8 *in, u8 *out, u32 len, bool enc); 291 292 /** 293 * crypto_mac() - Crypto cipher mac 294 * 295 * @dev: crypto device 296 * @ctx: cipher context 297 * @in: input data buffer 298 * @len: input data length 299 * @tag: output data buffer 300 * @return 0 on success, otherwise failed 301 */ 302 int crypto_mac(struct udevice *dev, cipher_context *ctx, 303 const u8 *in, u32 len, u8 *tag); 304 305 /** 306 * crypto_ae() - Crypto cipher authorization and encryption 307 * 308 * @dev: crypto device 309 * @ctx: cipher context 310 * @in: input data buffer 311 * @len: input data length 312 * @aad: associated data buffer 313 * @aad_len: associated data length 314 * @out: output data buffer 315 * @tag: tag buffer 316 * @return 0 on success, otherwise failed 317 */ 318 int crypto_ae(struct udevice *dev, cipher_context *ctx, 319 const u8 *in, u32 len, const u8 *aad, u32 aad_len, 320 u8 *out, u8 *tag); 321 322 /** 323 * crypto_fw_cipher() - Crypto cipher firmware crypt 324 * 325 * @dev: crypto device 326 * @ctx: cipher firmware context 327 * @in: input data buffer 328 * @out: output data buffer 329 * @len: input data length 330 * @enc: true for encrypt, false for decrypt 331 * @return 0 on success, otherwise failed 332 */ 333 int crypto_fw_cipher(struct udevice *dev, cipher_fw_context *ctx, 334 const u8 *in, u8 *out, u32 len, bool enc); 335 336 /** 337 * crypto_keytable_addr() - Crypto keytable address 338 * 339 * @dev: crypto device 340 * @return crypto keytable address 341 */ 342 ulong crypto_keytable_addr(struct udevice *dev); 343 344 #endif 345