/*
 * Copyright (c) Hunan Goke,Chengdu Goke,Shandong Goke. 2021. All rights reserved.
 */

#ifndef __GK_CIPHER_H__
#define __GK_CIPHER_H__

#include "types.h"

#ifdef __cplusplus
#if __cplusplus
extern "C" {
#endif
#endif /* __cplusplus */

/* CIPHER set IV for first package */
#define GK_CIPHER_IV_CHG_ONE_PKG           1

/* CIPHER set IV for all package */
#define GK_CIPHER_IV_CHG_ALL_PKG           2

#define GK_CIPHER_MAX_IV_SIZE_IN_WORD       4
#define GK_CIPHER_MAX_KEY_SIZE_IN_WORD      8
#define GK_CIPHER_SM1_KEY_SIZE_IN_WORD      4
#define GK_CIPHER_SM4_KEY_SIZE_IN_WORD      4

/* enum typedef */
/* Cipher work mode. */
typedef enum {
    GK_CIPHER_WORK_MODE_ECB     = 0x0,  /* Electronic codebook (ECB) mode, ECB has been considered insecure and it is
                                           recommended not to use it. */
    GK_CIPHER_WORK_MODE_CBC,            /* Cipher block chaining (CBC) mode. */
    GK_CIPHER_WORK_MODE_CFB,            /* Cipher feedback (CFB) mode. */
    GK_CIPHER_WORK_MODE_OFB,            /* Output feedback (OFB) mode. */
    GK_CIPHER_WORK_MODE_CTR,            /* Counter (CTR) mode. */
    GK_CIPHER_WORK_MODE_CCM,            /* Counter (CCM) mode. */
    GK_CIPHER_WORK_MODE_GCM,            /* Counter (GCM) mode. */
    GK_CIPHER_WORK_MODE_CBC_CTS,        /* Cipher block chaining CipherStealing mode. */
    GK_CIPHER_WORK_MODE_BUTT,
    GK_CIPHER_WORK_MODE_INVALID = 0xffffffff,
} gk_cipher_work_mode;

/* Cipher algorithm. */
typedef enum {
    GK_CIPHER_ALG_AES           = 0x0,  /* Advanced encryption standard (AES) algorithm */
    GK_CIPHER_ALG_SM1           = 0x1,  /* SM1 algorithm. */
    GK_CIPHER_ALG_SM4           = 0x2,  /* SM4 algorithm. */
    GK_CIPHER_ALG_DMA           = 0x3,  /* DMA copy. */
    GK_CIPHER_ALG_BUTT          = 0x4,
    GK_CIPHER_ALG_INVALID       = 0xffffffff,
} gk_cipher_alg;

/* Key length. */
typedef enum {
    GK_CIPHER_KEY_DEFAULT       = 0x0,  /* Default key length, AES-16, SM1-48, SM4-16 */
    GK_CIPHER_KEY_AES_128BIT    = 0x0,  /* 128-bit key for the AES algorithm */
    GK_CIPHER_KEY_AES_192BIT    = 0x1,  /* 192-bit key for the AES algorithm */
    GK_CIPHER_KEY_AES_256BIT    = 0x2,  /* 256-bit key for the AES algorithm */
    GK_CIPHER_KEY_LEN_BUTT      = 0x3,
    GK_CIPHER_KEY_INVALID       = 0xffffffff,
} gk_cipher_key_len;

/* Cipher bit width. */
typedef enum {
    GK_CIPHER_BIT_WIDTH_128BIT  = 0x0,  /* 128-bit width */
    GK_CIPHER_BIT_WIDTH_64BIT   = 0x1,  /* 64-bit width */
    GK_CIPHER_BIT_WIDTH_8BIT    = 0x2,  /* 8-bit width */
    GK_CIPHER_BIT_WIDTH_1BIT    = 0x3,  /* 1-bit width */
    GK_CIPHER_BIT_WIDTH_BUTT    = 0x4,
    GK_CIPHER_BIT_WIDTH_INVALID = 0xffffffff,
} gk_cipher_bit_width;

/* Key ladder selecting parameters. */
typedef enum {
    GK_CIPHER_KEY_SRC_USER      = 0x0,  /* User Key. */
    GK_CIPHER_KEY_SRC_KLAD_1,           /* KLAD Key 1. */
    GK_CIPHER_KEY_SRC_KLAD_2,           /* KLAD Key 2. */
    GK_CIPHER_KEY_SRC_KLAD_3,           /* KLAD Key 3. */
    GK_CIPHER_KEY_SRC_BUTT,
    GK_CIPHER_KEY_SRC_INVALID   = 0xffffffff,
} gk_cipher_ca_type;

/* Klad target. */
typedef enum {
    GK_CIPHER_KLAD_TARGET_AES   = 0x0,  /* Klad for AES. */
    GK_CIPHER_KLAD_TARGET_RSA,          /* Klad for RSA. */
    GK_CIPHER_KLAD_TARGET_BUTT,
} gk_cipher_klad_target;

/* Encryption/Decryption type selecting. */
typedef enum {
    GK_CIPHER_TYPE_NORMAL       = 0x0,
    GK_CIPHER_TYPE_COPY_AVOID,
    GK_CIPHER_TYPE_BUTT,
    GK_CIPHER_TYPE_INVALID      = 0xffffffff,
} gk_cipher_type;

/* SM1 round config */
typedef enum {
    GK_CIPHER_SM1_ROUND_08      = 0x00, /* SM1 round 08. */
    GK_CIPHER_SM1_ROUND_10      = 0x01, /* SM1 round 10. */
    GK_CIPHER_SM1_ROUND_12      = 0x02, /* SM1 round 12. */
    GK_CIPHER_SM1_ROUND_14      = 0x03, /* SM1 round 14. */
    GK_CIPHER_SM1_ROUND_BUTT,
    GK_CIPHER_SM1_ROUND_INVALID = 0xffffffff,
} gk_cipher_sm1_round;

/* Hash algrithm type. */
typedef enum {
    GK_CIPHER_HASH_TYPE_SHA1,
    GK_CIPHER_HASH_TYPE_SHA224,
    GK_CIPHER_HASH_TYPE_SHA256,
    GK_CIPHER_HASH_TYPE_SHA384,
    GK_CIPHER_HASH_TYPE_SHA512,
    GK_CIPHER_HASH_TYPE_HMAC_SHA1,
    GK_CIPHER_HASH_TYPE_HMAC_SHA224,
    GK_CIPHER_HASH_TYPE_HMAC_SHA256,
    GK_CIPHER_HASH_TYPE_HMAC_SHA384,
    GK_CIPHER_HASH_TYPE_HMAC_SHA512,
    GK_CIPHER_HASH_TYPE_SM3,
    GK_CIPHER_HASH_TYPE_BUTT,
    GK_CIPHER_HASH_TYPE_INVALID = 0xffffffff,
} gk_cipher_hash_type;

/* Rsa encrypt and decrypt scheme. */
typedef enum {
    GK_CIPHER_RSA_ENCRYPT_SCHEME_NO_PADDING  = 0x00, /* without padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_BLOCK_TYPE_0,       /* PKCS#1 block type 0 padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_BLOCK_TYPE_1,       /* PKCS#1 block type 1padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_BLOCK_TYPE_2,       /* PKCS#1 block type 2 padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_OAEP_SHA1,    /* PKCS#1 RSAES-OAEP-SHA1 padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_OAEP_SHA224,  /* PKCS#1 RSAES-OAEP-SHA224 padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_OAEP_SHA256,  /* PKCS#1 RSAES-OAEP-SHA256   padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_OAEP_SHA384,  /* PKCS#1 RSAES-OAEP-SHA384   padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_OAEP_SHA512,  /* PKCS#1 RSAES-OAEP-SHA512   padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_RSAES_PKCS1_V1_5,   /* PKCS#1 RSAES-PKCS1_V1_5    padding. */
    GK_CIPHER_RSA_ENCRYPT_SCHEME_BUTT,
    GK_CIPHER_RSA_ENCRYPT_SCHEME_INVALID    = 0xffffffff,
} gk_cipher_rsa_encrypt_scheme;

/* Rsa sign and verify scheme. */
typedef enum {
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA1 = 0x100, /* PKCS#1 RSASSA_PKCS1_V15_SHA1 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA224,       /* PKCS#1 RSASSA_PKCS1_V15_SHA224 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA256,       /* PKCS#1 RSASSA_PKCS1_V15_SHA256 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA384,       /* PKCS#1 RSASSA_PKCS1_V15_SHA384 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_V15_SHA512,       /* PKCS#1 RSASSA_PKCS1_V15_SHA512 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA1,         /* PKCS#1 RSASSA_PKCS1_PSS_SHA1 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA224,       /* PKCS#1 RSASSA_PKCS1_PSS_SHA224 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA256,       /* PKCS#1 RSASSA_PKCS1_PSS_SHA256 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA384,       /* PKCS#1 RSASSA_PKCS1_PSS_SHA1 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_RSASSA_PKCS1_PSS_SHA512,       /* PKCS#1 RSASSA_PKCS1_PSS_SHA256 signature. */
    GK_CIPHER_RSA_SIGN_SCHEME_BUTT,
    GK_CIPHER_RSA_SIGN_SCHEME_INVALID               = 0xffffffff,
} gk_cipher_rsa_sign_scheme;

/* struct define. */
/* Cipher control parameters. */
typedef struct {
    /* Initial Vector change flag, 0-don't set, 1-set IV for first package, 2-set IV for each package.  */
    gk_u32 bits_iv      : 2;
    gk_u32 bits_resv    : 30;             /* Reserved. */
} gk_cipher_ctrl_chg_flag;

/* Structure of the cipher type */
typedef struct {
    gk_cipher_type cipher_type;
} gk_cipher_attr;

/* Structure of the cipher control information */
typedef struct {
    gk_u32 key[GK_CIPHER_MAX_KEY_SIZE_IN_WORD];   /* Key input */
    gk_u32 iv[GK_CIPHER_MAX_IV_SIZE_IN_WORD];     /* Initialization vector (IV) */
    gk_bool key_by_ca;                  /* Encryption using advanced conditional access (CA) or decryption using keys */
    gk_cipher_ca_type ca_type;          /* Select keyladder type when using advanced CA */
    gk_cipher_alg alg;                  /* Cipher algorithm */
    gk_cipher_bit_width bit_width;      /* Bit width for encryption or decryption */
    gk_cipher_work_mode work_mode;      /* Operating mode */
    gk_cipher_key_len key_len;          /* Key length */
    gk_cipher_ctrl_chg_flag chg_flags;  /* control information exchange choices, we default all woulde be change
                                                except they have been in the choices */
} gk_cipher_ctrl;

/* Structure of the cipher AES control information */
typedef struct {
    gk_u32 even_key[GK_CIPHER_MAX_KEY_SIZE_IN_WORD];   /* Key input, default use this key. */
    gk_u32 odd_key[GK_CIPHER_MAX_KEY_SIZE_IN_WORD];    /* Key input, only valid for Multi encrypt/decrypt. */
    gk_u32 iv[GK_CIPHER_MAX_IV_SIZE_IN_WORD];          /* Initialization vector (IV) */
    gk_cipher_bit_width bit_width;           /* Bit width for encryption or decryption */
    gk_cipher_key_len key_len;               /* Key length */
    gk_cipher_ctrl_chg_flag chg_flags;       /* control information exchange choices, we default all woulde be change
                                                except they have been in the choices */
} gk_cipher_ctrl_aes;

/* Structure of the cipher AES CCM/GCM control information */
typedef struct {
    gk_u32 key[GK_CIPHER_MAX_KEY_SIZE_IN_WORD];    /* Key input */
    gk_u32 iv[GK_CIPHER_MAX_IV_SIZE_IN_WORD];      /* Initialization vector (IV) */
    gk_cipher_key_len key_len;           /* Key length */
    gk_u32 iv_len;                       /* IV lenght for CCM/GCM, which is an element of {7, 8, 9, 10, 11, 12, 13}
                                            for CCM, and is an element of [1-16] for GCM. */
    gk_u32 tag_len;                      /* Tag lenght for CCM which is an element of {4, 6, 8, 10, 12, 14, 16}. */
    gk_u32 aad_len;                      /* Associated data for CCM and GCM. */
    gk_phys_addr_t aad_phys_addr;        /* Physical address of Associated data  for CCM and GCM. */
} gk_cipher_ctrl_aes_ccm_gcm;

/* Structure of the cipher SM1 control information */
typedef struct {
    gk_u32 ek[GK_CIPHER_SM1_KEY_SIZE_IN_WORD];         /* Key of EK input */
    gk_u32 ak[GK_CIPHER_SM1_KEY_SIZE_IN_WORD];         /* Key of AK input */
    gk_u32 sk[GK_CIPHER_SM1_KEY_SIZE_IN_WORD];         /* Key of SK input */
    gk_u32 iv[GK_CIPHER_MAX_IV_SIZE_IN_WORD];          /* Initialization vector (IV) */
    gk_cipher_bit_width bit_width;           /* Bit width for encryption or decryption */
    gk_cipher_sm1_round sm1_round;           /* SM1 round number, should be 8, 10, 12 or 14. */
    gk_cipher_ctrl_chg_flag chg_flags;       /* control information exchange choices, we default all woulde be change
                                                except they have been in the choices */
} gk_cipher_ctrl_sm1;

/* Structure of the cipher SM4 control information */
typedef struct {
    gk_u32 key[GK_CIPHER_SM4_KEY_SIZE_IN_WORD];        /* Key input */
    gk_u32 iv[GK_CIPHER_MAX_IV_SIZE_IN_WORD];          /* Initialization vector (IV) */
    gk_cipher_ctrl_chg_flag chg_flags;       /* control information exchange choices, we default all woulde be change
                                                except they have been in the choices */
} gk_cipher_ctrl_sm4;

/* Expand Structure of the cipher control information */
typedef struct {
    gk_cipher_alg alg;              /* Cipher algorithm */
    gk_cipher_work_mode work_mode;  /* Operating mode */
    gk_bool key_by_ca;              /* Encryption using advanced conditional access (CA) or decryption using keys */
    /*  Parameter for special algorithm
        for AES, the pointer should point to gk_cipher_ctrl_aes;
        for AES_CCM or AES_GCM, the pointer should point to gk_cipher_ctrl_aes_ccm_gcm;
        for SM1, the pointer should point to gk_cipher_ctrl_sm1;
        for SM4, the pointer should point to gk_cipher_ctrl_sm4;
    */
    gk_void *param;
    gk_u32 param_size;
} gk_cipher_ctrl_ex;

/* Cipher data */
typedef struct {
    gk_phys_addr_t src_phys_addr;   /* phy address of the original data */
    gk_phys_addr_t dst_phys_addr;   /* phy address of the purpose data */
    gk_u32 byte_len;                /* Cigher data length. */
    gk_bool odd_key;                /* Use odd key or even key. */
} gk_cipher_data;

/* Hash init struct input */
typedef struct {
    gk_u8 *hmac_key;
    gk_u32 hmac_key_len;
    gk_cipher_hash_type sha_type;
} gk_cipher_hash_attr;

/* RSA public key struct */
typedef struct {
    gk_u8 *n;         /* Point to public modulus N */
    gk_u8 *e;         /* Point to public exponent E */
    gk_u16 n_len;     /* Length of public modulus N, max value is 512Byte */
    gk_u16 e_len;     /* Length of public exponent E, max value is 512Byte */
} gk_cipher_rsa_pub_key;

/* RSA private key struct */
typedef struct {
    gk_u8 *n;         /* Public modulus N. */
    gk_u8 *e;         /* Public exponent E. */
    gk_u8 *d;         /* Private exponent D. */
    gk_u8 *p;         /* 1st prime factor P. */
    gk_u8 *q;         /* 2nd prime factor Q. */
    gk_u8 *dp;        /* descript:d % (p - 1) is DP. */
    gk_u8 *dq;        /* descript:d % (q - 1) is DQ. */
    gk_u8 *qp;        /* descript:1 / (q % p) is QP. */
    gk_u16 n_len;     /* Length of public modulus */
    gk_u16 e_len;     /* Length of public exponent */
    gk_u16 d_len;     /* Length of private exponent */
    gk_u16 p_len;     /* Length of 1st prime factor,should be half of n_len */
    gk_u16 q_len;     /* Length of 2nd prime factor,should be half of n_len */
    gk_u16 dp_len;    /* Length of D % (P - 1),should be half of n_len */
    gk_u16 dq_len;    /* Length of D % (Q - 1),should be half of n_len */
    gk_u16 qp_len;    /* Length of 1 / (Q % P),should be half of n_len */
} gk_cipher_rsa_private_key;

/* RSA public key encryption struct input */
typedef struct {
    gk_cipher_rsa_encrypt_scheme scheme;    /* RSA encryption scheme */
    gk_cipher_rsa_pub_key pub_key;          /* RSA public key struct */
} gk_cipher_rsa_pub_encrypt;

/* RSA private key decryption struct input */
typedef struct {
    gk_cipher_rsa_encrypt_scheme scheme;    /* RSA encryption scheme */
    gk_cipher_rsa_private_key private_key;  /* RSA private key struct */
    gk_cipher_ca_type ca_type;              /* CA type */
} gk_cipher_rsa_private_encrypt;

typedef struct {
    const gk_u8 *in;                        /* Input data to be cryption. */
    gk_u32 in_len;                          /* Length of input data. */
    gk_u8 *out;                             /* Output data. */
    gk_u32 out_buf_len;                     /* Length of output buffer. */
    gk_u32 *out_len;                        /* Length of output valid data. */
} gk_cipher_rsa_crypt;

/* RSA signature struct input */
typedef struct {
    gk_cipher_rsa_sign_scheme scheme;       /* RSA signature scheme */
    gk_cipher_rsa_private_key private_key;  /* RSA private key struct */
    gk_cipher_ca_type ca_type;              /* CA type */
} gk_cipher_rsa_sign;

/* RSA signature verify struct input */
typedef struct {
    gk_cipher_rsa_sign_scheme scheme;       /* RSA signature scheme */
    gk_cipher_rsa_pub_key pub_key;          /* RSA public key struct */
} gk_cipher_rsa_verify;

typedef struct {
    const gk_u8 *in;                    /* Input data to be cryption. */
    gk_u32 in_len;                      /* Length of input data. */
    const gk_u8 *hash_data;             /* Hash data. */
    gk_u32 hash_data_len;               /* Length of hash data. */
    gk_u8 *sign;                        /* Sign output data. */
    gk_u32 sign_buf_len;                /* Length of sign output buffer. */
    gk_u32 *sign_len;                   /* Length of sign output valid data. */
} gk_cipher_sign_data;

typedef struct {
    const gk_u8 *in;                    /* Input data to be cryption. */
    gk_u32 in_len;                      /* Length of input data. */
    const gk_u8 *hash_data;             /* Hash data. */
    gk_u32 hash_data_len;               /* Length of hash data. */
    gk_u8 *sign;                        /* Input sign data. */
    gk_u32 sign_len;                    /* Length of input sign data. */
} gk_cipher_verify_data;

/******************************* API Declaration *****************************/
/** \addtogroup      CIPHER */
/** @{ */  /** <!-- [CIPHER] */
/* ---CIPHER---*/
/**
\attention
This API is used to start the cipher device.

\param N/A
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_FAILED_INIT  The cipher device fails to be initialized.
\see
N/A
*/
gk_s32 gk_api_cipher_init(gk_void);

/**
\brief  Deinit the cipher device.
\attention \n
This API is used to stop the cipher device.
If this API is called repeatedly, GK_SUCCESS is returned, but only the first operation takes effect.
\param N/A
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\see \n
N/A
*/
gk_s32 gk_api_cipher_deinit(gk_void);

/**
\brief Obtain a cipher handle for encryption and decryption.

\param[in] cipher attributes
\param[out] phCipher Cipher handle
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_POINT  The pointer is null.
\retval ::GK_ERR_CIPHER_FAILED_GETHANDLE  The cipher handle fails to be obtained,
                                          because there are no available cipher handles.
\see \n
N/A
*/
gk_s32 gk_api_cipher_create_handle(gk_handle* handle, const gk_cipher_attr *cipher_attr);

/**
\attention \n
This API is used to destroy existing cipher handles.

\param[in] hCipher Cipher handle
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\see \n
N/A
*/
gk_s32 gk_api_cipher_destroy_handle(gk_handle handle);

/**
\brief Configures the cipher control information.
\attention \n
Before encryption or decryption, you must call this API to configure the cipher control information.
The first 64-bit data and the last 64-bit data should not be the same when using TDES algorithm.

\param[in] hCipher Cipher handle.
\param[in] pstCtrl Cipher control information.
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_POINT  The pointer is null.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_config_handle(gk_handle handle, gk_cipher_ctrl* cipher_ctrl);

/**
\brief Configures the cipher control information.
\attention \n
Before encryption or decryption, you must call this API to configure the cipher control information.
The first 64-bit data and the last 64-bit data should not be the same when using TDES algorithm.

\param[in] hCipher Cipher handle.
\param[in] pstExCtrl Cipher control information.
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_POINT  The pointer is null.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_config_handle_ex(gk_handle handle, gk_cipher_ctrl_ex* ctrl_ex);

/**
\brief Performs encryption.

\attention \n
This API is used to perform encryption by using the cipher module.
The length of the encrypted data should be a multiple of 8 in TDES mode and 16 in AES mode.
Besides, the length can not be bigger than 0xFFFFF.After this operation, the result will affect next operation.
If you want to remove vector,
you need to config IV(config pstCtrl->chg_flags.bit1IV with 1) by transfering gk_api_cipher_config_handle.
\param[in] hCipher Cipher handle
\param[in] u32SrcPhyAddr Physical address of the source data
\param[in] u32DestPhyAddr Physical address of the target data
\param[in] u32ByteLength   Length of the encrypted data
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_encrypt(gk_handle handle, gk_size_t src_phy_addr, gk_size_t dest_phy_addr, gk_u32 byte_len);

/**
\brief Performs decryption.

\attention \n
This API is used to perform decryption by using the cipher module.
The length of the decrypted data should be a multiple of 8 in TDES mode and 16 in AES mode.
Besides, the length can not be bigger than 0xFFFFF.
After this operation, the result will affect next operation.
If you want to remove vector,
you need to config IV(config pstCtrl->chg_flags.bit1IV with 1) by transfering gk_api_cipher_config_handle.
\param[in] hCipher Cipher handle.
\param[in] u32SrcPhyAddr Physical address of the source data.
\param[in] u32DestPhyAddr Physical address of the target data.
\param[in] u32ByteLength Length of the decrypted data
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_decrypt(gk_handle handle, gk_size_t src_phy_addr, gk_size_t dest_phy_addr, gk_u32 byte_len);

/**
\brief Encrypt multiple packaged data.
\attention \n
You can not encrypt more than 128 data package one time.
When GK_ERR_CIPHER_BUSY return, the data package you send will not be deal,
the customer should decrease the number of data package or run cipher again.
Note: When encrypting more than one packaged data,
every one package will be calculated using initial vector configured by gk_api_cipher_config_handle.
Previous result will not affect the later result.
\param[in] hCipher cipher handle
\param[in] pstDataPkg data package ready for cipher
\param[in] u32DataPkgNum  number of package ready for cipher
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  cipher device have not been initialized
\retval ::GK_ERR_CIPHER_INVALID_PARA  parameter error
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  handle invalid
\retval ::GK_ERR_CIPHER_BUSY  hardware is busy, it can not deal with all data package once time
\see \n
N/A
*/
gk_s32 gk_api_cipher_encrypt_multi_pack(gk_handle handle, gk_cipher_data *data_pkg, gk_u32 data_pkg_num);

/**
\brief Decrypt multiple packaged data.
\attention \n
You can not decrypt more than 128 data package one time.
When GK_ERR_CIPHER_BUSY return, the data package you send will not be deal,
the custmer should decrease the number of data package or run cipher again.
Note: When decrypting more than one packaged data,
every one package will be calculated using initial vector configured by gk_api_cipher_config_handle.
Previous result will not affect the later result.
\param[in] hCipher cipher handle
\param[in] pstDataPkg data package ready for cipher
\param[in] u32DataPkgNum  number of package ready for cipher
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  cipher device have not been initialized
\retval ::GK_ERR_CIPHER_INVALID_PARA  parameter error
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  handle invalid
\retval ::GK_ERR_CIPHER_BUSY  hardware is busy, it can not deal with all data package once time
\see \n
N/A
*/
gk_s32 gk_api_cipher_decrypt_multi_pack(gk_handle handle, gk_cipher_data *data_pkg, gk_u32 data_pkg_num);

/**
\brief Get the cipher control information.

\param[in] hCipher Cipher handle.
\param[in] pstCtrl Cipher control information.
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_POINT  The pointer is null.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_get_handle_cfg(gk_handle handle, gk_cipher_ctrl* cipher_ctrl);

/**
\brief Get the tag data of CCM/GCM.

\attention \n
This API is used to get the tag data of CCM/GCM.
\param[in] hCipher cipher handle
\param[out] pu8Tag tag data of CCM/GCM
\retval ::GK_SUCCESS  Call this API succussful.
\retval ::GK_FAILURE  Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_get_tag(gk_handle handle, gk_u8 *tag, gk_u32 *tag_len);

/**
\brief Encrypt the clean key data by KLAD.
\attention \n
N/A
\param[in] enRootKey klad root key.
\param[in] pu8CleanKey clean key.
\param[in] enTarget the module who to use this key.
\param[out] pu8EcnryptKey encrypt key.
\param[in] u32KeyLen clean key.
\retval ::GK_SUCCESS Call this API successful.
\retval ::GK_FAILURE Call this API fails.
\retval ::GK_ERR_CIPHER_NOT_INIT  The cipher device is not initialized.
\retval ::GK_ERR_CIPHER_INVALID_POINT  The pointer is null.
\retval ::GK_ERR_CIPHER_INVALID_PARA  The parameter is invalid.
\retval ::GK_ERR_CIPHER_INVALID_HANDLE  The handle is invalid.
\see \n
N/A
*/
gk_s32 gk_api_cipher_klad_encrypt_key(gk_cipher_ca_type root_key,
                                      gk_cipher_klad_target klad_target,
                                      gk_u8 *clean_key,
                                      gk_u8* enc_key,
                                      gk_u32 key_len);

/**
\brief Get the random number.

\attention \n
This API is used to obtain the random number from the hardware.

\param[out] pu32RandomNumber Point to the random number.
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.

\see \n
N/A
*/
gk_s32 gk_api_cipher_get_random_number(gk_u32 *random_number);

/**
\brief Init the hash module, if other program is using the hash module, the API will return failure.

\attention \n
N/A

\param[in] pstHashAttr: The hash calculating structure input.
\param[out] pHashHandle: The output hash handle.
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.

\see \n
N/A
*/
gk_s32 gk_api_cipher_hash_init(gk_cipher_hash_attr *hash_attr, gk_handle *hash_handle);

/**
\brief Calculate the hash, if the size of the data to be calculated is very big and the DDR ram is not enough,
       this API can calculate the data one block by one block.
       Attention: The input block length must be 64bytes aligned except for the last block.

\attention \n
N/A

\param[in] hHashHandl:  Hash handle.
\param[in] pu8InputData:  The input data buffer.
\param[in] u32InputDataLen:  The input data length.
                             Attention: the block length input must be 64bytes aligned except the last block!
\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.

\see \n
N/A
*/
gk_s32 gk_api_cipher_hash_update(gk_handle hash_handle, gk_u8 *input_data, gk_u32 input_data_len);

/**
\brief Get the final hash value, after calculate all of the data,
       call this API to get the final hash value and close the handle.
       If there is some reason need to interrupt the calculation,
       this API should also be call to close the handle.

\attention \n
N/A

\param[in] hHashHandle:  Hash handle.
\param[out] pu8OutputHash:  The final output hash value.

\retval ::GK_SUCCESS  Call this API successful.
\retval ::GK_FAILURE  Call this API fails.

\see \n
N/A
*/
gk_s32 gk_api_cipher_hash_final(gk_handle hash_handle, gk_u8 *output_hash);

/*
 * brief RSA encryption a plaintext with a RSA public key.
 *
 * attention \n
 * N/A
 *
 * param[in]  rsa_encrypt:    encryption struct.
 * param[in]  rsa_data:       rsa data struct.
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 *
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_pub_encrypt(const gk_cipher_rsa_pub_encrypt *rsa_encrypt,
                                     gk_cipher_rsa_crypt *rsa_data);

/*
 * brief RSA decryption a ciphertext with a RSA private key.
 *
 * attention \n
 * N/A
 *
 * param[in]  rsa_decrypt:    decryption struct.
 * param[in]  rsa_data:       rsa data struct.
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 *
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_private_decrypt(const gk_cipher_rsa_private_encrypt *rsa_decrypt,
                                         gk_cipher_rsa_crypt *rsa_data);

/*
 * brief RSA signature a context with appendix, where a signer's RSA private key is used.
 *
 * attention \n
 * N/A
 * param[in]  rsa_sign:       signature struct.
 * param[in]  sign_data:      sign data struct.
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_sign(const gk_cipher_rsa_sign *rsa_sign,
                              gk_cipher_sign_data *sign_data);

/*
 * brief RSA signature verification a context with appendix, where a signer's RSA public key is used.
 *
 * attention \n
 * N/A
 *
 * param[in] rsa_verify:      signature verification struct.
 * param[in] verify_data:     verify data struct;
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 *
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_verify(const gk_cipher_rsa_verify *rsa_verify,
                                gk_cipher_verify_data *verify_data);

/*
 * brief RSA encryption a plaintext with a RSA private key.
 *
 * attention \n
 * N/A
 *
 * param[in]  rsa_encrypt:    encryption struct.
 * param[in]  rsa_data:       rsa data struct.
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 *
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_private_encrypt(const gk_cipher_rsa_private_encrypt *rsa_encrypt,
                                         gk_cipher_rsa_crypt *rsa_data);

/*
 * brief RSA decryption a ciphertext with a RSA public key.
 *
 * attention \n
 * N/A
 *
 * param[in]  rsa_decrypt:    decryption struct.
 * param[in]  rsa_data:       rsa data struct.
 * retval ::GK_SUCCESS        Call this API successful.
 * retval ::GK_FAILURE        Call this API fails.
 *
 * see \n
 * N/A
 */
gk_s32 gk_api_cipher_rsa_pub_decrypt(const gk_cipher_rsa_pub_encrypt *rsa_decrypt,
                                     gk_cipher_rsa_crypt *rsa_data);

/** @} */  /** <!-- ==== API declaration end ==== */

#ifdef __cplusplus
#if __cplusplus
}
#endif
#endif /* __cplusplus */

#endif /* __GK_CIPHER_H__ */