Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 5c66fab68fe093dd7b3554e61694e5f31a11f063 / . / plat / st / common / stm32mp_crypto_lib.c
blob: d6442427859ec23ecf1d1114420a49111cb357b2 [file] [log] [blame]
Lionel Debievefd02b802022-10-05 16:16:50 +0200[diff] [blame]1/*
2 * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7#include <assert.h>
8#include <endian.h>
9#include <errno.h>
10
11#include <common/debug.h>
12#include <drivers/auth/crypto_mod.h>
13#include <drivers/io/io_storage.h>
14#include <drivers/st/bsec.h>
15#include <drivers/st/stm32_hash.h>
16#include <drivers/st/stm32_pka.h>
17#include <drivers/st/stm32_rng.h>
18#include <drivers/st/stm32_saes.h>
19#include <lib/xlat_tables/xlat_tables_v2.h>
20#include <mbedtls/asn1.h>
21#include <mbedtls/md.h>
22#include <mbedtls/oid.h>
23#include <mbedtls/platform.h>
24#include <mbedtls/x509.h>
25#include <plat/common/platform.h>
26#include <tools_share/firmware_encrypted.h>
27
28#include <platform_def.h>
29
30#define CRYPTO_HASH_MAX_SIZE 32U
31#define CRYPTO_SIGN_MAX_SIZE 64U
32#define CRYPTO_PUBKEY_MAX_SIZE 64U
33#define CRYPTO_MAX_TAG_SIZE 16U
34
35/* brainpoolP256t1 OID is not defined in mbedTLS */
36#define OID_EC_GRP_BP256T1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x08"
37
38#if STM32MP_CRYPTO_ROM_LIB
39struct stm32mp_auth_ops {
40 uint32_t (*verify_signature)(uint8_t *hash_in, uint8_t *pubkey_in,
41 uint8_t *signature, uint32_t ecc_algo);
42};
43
44static struct stm32mp_auth_ops auth_ops;
45#endif
46
47static void crypto_lib_init(void)
48{
49 boot_api_context_t *boot_context __maybe_unused;
50 int ret;
51
52 NOTICE("TRUSTED_BOARD_BOOT support enabled\n");
53
54 ret = stm32_hash_register();
55 if (ret != 0) {
56 ERROR("HASH init (%d)\n", ret);
57 panic();
58 }
59
60 if (stm32mp_is_closed_device() || stm32mp_is_auth_supported()) {
61#if STM32MP_CRYPTO_ROM_LIB
62 boot_context = (boot_api_context_t *)stm32mp_get_boot_ctx_address();
63 auth_ops.verify_signature = boot_context->bootrom_ecdsa_verify_signature;
64#else
65 /* Use hardware peripherals */
66 if (stm32_rng_init() != 0) {
67 panic();
68 }
69
70 if (stm32_saes_driver_init() != 0) {
71 panic();
72 }
73
74 if (stm32_pka_init() != 0) {
75 panic();
76 }
77#endif
78 }
79}
80
81int get_plain_pk_from_asn1(void *pk_ptr, unsigned int pk_len, void **plain_pk,
82 unsigned int *len, int *pk_alg)
83{
84 int ret;
85 mbedtls_pk_context mbedtls_pk = {0};
86 unsigned char *p, *end;
87 mbedtls_asn1_buf alg_params = {0};
88 mbedtls_asn1_buf alg_oid = {0};
89
90 *plain_pk = NULL;
91 *len = 0U;
92
93 /* Parse the public key */
94 mbedtls_pk_init(&mbedtls_pk);
95 p = (unsigned char *)pk_ptr;
96 end = (unsigned char *)(p + pk_len);
97
98 ret = mbedtls_asn1_get_tag(&p, end, len,
99 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
100 if (ret != 0) {
101 return -EINVAL;
102 }
103
104 end = p + *len;
105 ret = mbedtls_asn1_get_alg(&p, end, &alg_oid, &alg_params);
106 if (ret != 0) {
107 VERBOSE("%s: mbedtls_asn1_get_alg (%d)\n", __func__, ret);
108 return -EINVAL;
109 }
110
111 if (pk_alg != NULL) {
112 if ((strlen(MBEDTLS_OID_EC_GRP_SECP256R1) == alg_params.len) &&
113 (memcmp(MBEDTLS_OID_EC_GRP_SECP256R1, alg_params.p, alg_params.len) == 0)) {
114 *pk_alg = BOOT_API_ECDSA_ALGO_TYPE_P256NIST;
115 } else if ((strlen(OID_EC_GRP_BP256T1) == alg_params.len) &&
116 (memcmp(OID_EC_GRP_BP256T1, alg_params.p, alg_params.len) == 0)) {
117 *pk_alg = BOOT_API_ECDSA_ALGO_TYPE_BRAINPOOL256;
118 } else {
119 ERROR("%s: Algorithm is not supported\n", __func__);
120 return -EINVAL;
121 }
122 }
123
124 ret = mbedtls_asn1_get_bitstring_null(&p, end, len);
125 if (ret != 0) {
126 VERBOSE("%s: mbedtls_asn1_get_bitstring_null (%d)\n", __func__, ret);
127 return -EINVAL;
128 }
129
130 /* We remove the ident (0x04) first byte. */
131 if ((*len < 1U) || (p[0] != MBEDTLS_ASN1_OCTET_STRING)) {
132 VERBOSE("%s: not expected len or tag\n", __func__);
133 return -EINVAL;
134 }
135
136 *len = *len - 1U;
137 *plain_pk = p + 1U;
138
139 return 0;
140}
141
142#if STM32MP_CRYPTO_ROM_LIB
143uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in,
144 uint8_t *signature, uint32_t ecc_algo)
145{
146 int ret;
147
148 ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,
149 STM32MP_ROM_SIZE_2MB_ALIGNED, MT_CODE | MT_SECURE);
150 if (ret != 0) {
151 VERBOSE("%s: mmap_add_dynamic_region (%d)\n", __func__, ret);
152 return CRYPTO_ERR_SIGNATURE;
153 }
154
155 ret = auth_ops.verify_signature(hash_in, pubkey_in, signature, ecc_algo);
156
157 if (ret != BOOT_API_RETURN_OK) {
158 VERBOSE("%s: auth_ops.verify_sign (%d)\n", __func__, ret);
159 ret = CRYPTO_ERR_SIGNATURE;
160 } else {
161 ret = 0;
162 }
163
164 mmap_remove_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_SIZE_2MB_ALIGNED);
165
166 return ret;
167}
168
169int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
170 void **hashed_pk_ptr, unsigned int *hashed_pk_len)
171{
172 return get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, hashed_pk_ptr, hashed_pk_len, NULL);
173}
174#else /* STM32MP_CRYPTO_ROM_LIB*/
175static uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in,
176 uint8_t *signature, uint32_t ecc_algo)
177{
178 int ret = -1;
179 enum stm32_pka_ecdsa_curve_id cid;
180
181 switch (ecc_algo) {
182 case BOOT_API_ECDSA_ALGO_TYPE_P256NIST:
183#if PKA_USE_NIST_P256
184 cid = PKA_NIST_P256;
185 ret = 0;
186#else
187 WARN("%s nist_p256 requested but not included\n", __func__);
188#endif
189 break;
190 case BOOT_API_ECDSA_ALGO_TYPE_BRAINPOOL256:
191#if PKA_USE_BRAINPOOL_P256T1
192 cid = PKA_BRAINPOOL_P256T1;
193 ret = 0;
194#else
195 WARN("%s brainpool_p256t1 requested but not included\n", __func__);
196#endif
197 break;
198 default:
199 WARN("%s unexpected ecc_algo(%u)\n", __func__, ecc_algo);
200 break;
201 }
202
203 if (ret < 0) {
204 return CRYPTO_ERR_SIGNATURE;
205 }
206
207 ret = stm32_pka_ecdsa_verif(hash_in,
208 BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES,
209 signature, BOOT_API_ECDSA_SIGNATURE_LEN_IN_BYTES / 2U,
210 signature + BOOT_API_ECDSA_SIGNATURE_LEN_IN_BYTES / 2U,
211 BOOT_API_ECDSA_SIGNATURE_LEN_IN_BYTES / 2U,
212 pubkey_in, BOOT_API_ECDSA_PUB_KEY_LEN_IN_BYTES / 2U,
213 pubkey_in + BOOT_API_ECDSA_PUB_KEY_LEN_IN_BYTES / 2U,
214 BOOT_API_ECDSA_PUB_KEY_LEN_IN_BYTES / 2U, cid);
215 if (ret < 0) {
216 return CRYPTO_ERR_SIGNATURE;
217 }
218
219 return 0;
220}
221
222int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
223 void **hashed_pk_ptr, unsigned int *hashed_pk_len)
224{
225 static uint8_t st_pk[CRYPTO_PUBKEY_MAX_SIZE + sizeof(uint32_t)];
226 int ret;
227 void *plain_pk;
228 unsigned int len;
229 int curve_id;
230 uint32_t cid;
231
232 ret = get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, &plain_pk, &len, &curve_id);
233 if ((ret != 0) || (len > CRYPTO_PUBKEY_MAX_SIZE)) {
234 return -EINVAL;
235 }
236
237 cid = curve_id; /* we want value of curve_id (1 or 2) in a uint32_t */
238
239 memcpy(st_pk, &cid, sizeof(cid));
240 memcpy(st_pk + sizeof(cid), plain_pk, len);
241
242 *hashed_pk_ptr = st_pk;
243 *hashed_pk_len = len + sizeof(cid);
244
245 return 0;
246}
247#endif /* STM32MP_CRYPTO_ROM_LIB */
248
249static int get_plain_digest_from_asn1(void *digest_ptr, unsigned int digest_len,
250 uint8_t **out, size_t *out_len, mbedtls_md_type_t *md_alg)
251{
252 int ret;
253 mbedtls_asn1_buf hash_oid, params;
254 size_t len;
255 unsigned char *p, *end;
256
257 *out = NULL;
258 *out_len = 0U;
259
260 /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
261 p = (unsigned char *)digest_ptr;
262 end = p + digest_len;
263 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
264 MBEDTLS_ASN1_SEQUENCE);
265 if (ret != 0) {
266 return ret;
267 }
268
269 /* Get the hash algorithm */
270 ret = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
271 if (ret != 0) {
272 return ret;
273 }
274
275 ret = mbedtls_oid_get_md_alg(&hash_oid, md_alg);
276 if (ret != 0) {
277 return ret;
278 }
279
280 ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
281 if (ret != 0) {
282 return ret;
283 }
284
285 /* Length of hash must match the algorithm's size */
286 if (len != BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES) {
287 return -1;
288 }
289
290 *out = p;
291 *out_len = len;
292
293 return 0;
294}
295
296static int crypto_verify_signature(void *data_ptr, unsigned int data_len,
297 void *sig_ptr, unsigned int sig_len,
298 void *sig_alg, unsigned int sig_alg_len,
299 void *pk_ptr, unsigned int pk_len)
300{
301 uint8_t image_hash[CRYPTO_HASH_MAX_SIZE] = {0};
302 uint8_t sig[CRYPTO_SIGN_MAX_SIZE];
303 uint8_t my_pk[CRYPTO_PUBKEY_MAX_SIZE];
304 int ret;
305 size_t len;
306 mbedtls_asn1_sequence seq;
307 mbedtls_asn1_sequence *cur;
308 unsigned char *p, *end;
309 int curve_id;
310 mbedtls_asn1_buf sig_oid, sig_params;
311 mbedtls_md_type_t md_alg;
312 mbedtls_pk_type_t pk_alg;
313 size_t bignum_len = sizeof(sig) / 2U;
314 unsigned int seq_num = 0U;
315
316 if (!stm32mp_is_closed_device() && !stm32mp_is_auth_supported()) {
317 return CRYPTO_SUCCESS;
318 }
319
320 /* Get pointers to signature OID and parameters */
321 p = (unsigned char *)sig_alg;
322 end = (unsigned char *)(p + sig_alg_len);
323 ret = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);
324 if (ret != 0) {
325 VERBOSE("%s: mbedtls_asn1_get_alg (%d)\n", __func__, ret);
326 return CRYPTO_ERR_SIGNATURE;
327 }
328
329 /* Get the actual signature algorithm (MD + PK) */
330 ret = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);
331 if (ret != 0) {
332 VERBOSE("%s: mbedtls_oid_get_sig_alg (%d)\n", __func__, ret);
333 return CRYPTO_ERR_SIGNATURE;
334 }
335
336 if ((md_alg != MBEDTLS_MD_SHA256) || (pk_alg != MBEDTLS_PK_ECDSA)) {
337 VERBOSE("%s: md_alg=%u pk_alg=%u\n", __func__, md_alg, pk_alg);
338 return CRYPTO_ERR_SIGNATURE;
339 }
340
341 ret = get_plain_pk_from_asn1(pk_ptr, pk_len, &pk_ptr, &pk_len, &curve_id);
342 if (ret != 0) {
343 VERBOSE("%s: get_plain_pk_from_asn1 (%d)\n", __func__, ret);
344 return CRYPTO_ERR_SIGNATURE;
345 }
346
347 /* We expect a known pk_len */
348 if (pk_len != sizeof(my_pk)) {
349 VERBOSE("%s: pk_len=%u sizeof(my_pk)=%zu)\n", __func__, pk_len, sizeof(my_pk));
350 return CRYPTO_ERR_SIGNATURE;
351 }
352
353 /* Need to copy as auth_ops.verify_signature
354 * expects aligned public key.
355 */
356 memcpy(my_pk, pk_ptr, sizeof(my_pk));
357
358 /* Get the signature (bitstring) */
359 p = (unsigned char *)sig_ptr;
360 end = (unsigned char *)(p + sig_len);
361 ret = mbedtls_asn1_get_bitstring_null(&p, end, &len);
362 if (ret != 0) {
363 VERBOSE("%s: mbedtls_asn1_get_bitstring_null (%d)\n", __func__, ret);
364 return CRYPTO_ERR_SIGNATURE;
365 }
366
367 /* Get r and s from sequence */
368 ret = mbedtls_asn1_get_sequence_of(&p, end, &seq, MBEDTLS_ASN1_INTEGER);
369 if (ret != 0) {
370 VERBOSE("%s: mbedtls_asn1_get_sequence_of (%d)\n", __func__, ret);
371 return CRYPTO_ERR_SIGNATURE;
372 }
373
374 /* We expect only 2 integers (r and s) from the sequence */
375 if (seq.next->next != NULL) {
376 cur = seq.next;
377 mbedtls_asn1_sequence *next;
378
379 VERBOSE("%s: nb seq != 2\n", __func__);
380 /* Free all the sequences */
381 while (cur != NULL) {
382 next = cur->next;
383 mbedtls_free(cur);
384 cur = next;
385 }
386
387 return CRYPTO_ERR_SIGNATURE;
388 }
389
390 /*
391 * ECDSA signatures are composed of a tuple (R,S) where R and S are between 0 and n.
392 * This means that the R and S can have a maximum of 32 each, but can also be smaller.
393 * Also seen the integer sequence may (sometime) start with 0x00 as MSB, but we can only
394 * manage exactly 2*32 bytes, we remove this higher byte if there are not 00,
395 * we will fail either.
396 */
397 cur = &seq;
398 memset(sig, 0U, sizeof(sig));
399
400 while (cur != NULL) {
401 size_t skip = 0U;
402 size_t seek = seq_num * bignum_len;
403
404 if (cur->buf.len > bignum_len) {
405 /* Remove extra 0x00 bytes */
406 skip = cur->buf.len - bignum_len;
407 } else if (cur->buf.len < bignum_len) {
408 /* Add padding to match HW required size */
409 seek += (bignum_len % cur->buf.len);
410 }
411
412 if (seek + cur->buf.len > sizeof(sig) + skip) {
413 panic();
414 }
415
416 memcpy(sig + seek, cur->buf.p + skip, cur->buf.len - skip);
417 cur = cur->next;
418 seq_num++;
419 }
420
421 /* Need to free allocated 'next' in mbedtls_asn1_get_sequence_of */
422 mbedtls_free(seq.next);
423
424 /* Compute hash for the data covered by the signature */
425 stm32_hash_init(HASH_SHA256);
426
427 ret = stm32_hash_final_update((uint8_t *)data_ptr, data_len, image_hash);
428 if (ret != 0) {
429 VERBOSE("%s: stm32_hash_final_update (%d)\n", __func__, ret);
430 return CRYPTO_ERR_SIGNATURE;
431 }
432
433 return verify_signature(image_hash, my_pk, sig, curve_id);
434}
435
436static int crypto_verify_hash(void *data_ptr, unsigned int data_len,
437 void *digest_info_ptr,
438 unsigned int digest_info_len)
439{
440 int ret;
441 uint8_t calc_hash[BOOT_API_SHA256_DIGEST_SIZE_IN_BYTES];
442 unsigned char *p;
443 mbedtls_md_type_t md_alg;
444 size_t len;
445
446 /* we receive an asn1 encapsulated digest, we flatten it */
447 ret = get_plain_digest_from_asn1(digest_info_ptr,
448 digest_info_len, &p, &len,
449 &md_alg);
450 if ((ret != 0) || (md_alg != MBEDTLS_MD_SHA256) || (len != sizeof(calc_hash))) {
451 return CRYPTO_ERR_HASH;
452 }
453
454 digest_info_ptr = p;
455 digest_info_len = len;
456
457 stm32_hash_init(HASH_SHA256);
458
459 ret = stm32_hash_final_update(data_ptr, data_len, calc_hash);
460 if (ret != 0) {
461 VERBOSE("%s: hash failed\n", __func__);
462 return CRYPTO_ERR_HASH;
463 }
464
465 ret = memcmp(calc_hash, digest_info_ptr, digest_info_len);
466 if (ret != 0) {
467 VERBOSE("%s: not expected digest\n", __func__);
468 ret = CRYPTO_ERR_HASH;
469 }
470
471 return ret;
472}
473
474#if !defined(DECRYPTION_SUPPORT_none)
475static int derive_key(uint8_t *key, size_t *key_len, size_t len,
476 unsigned int *flags, const uint8_t *img_id, size_t img_id_len)
477{
478 size_t i, j;
479
480 assert(*key_len >= 32U);
481
482 /*
483 * Not a real derivation yet
484 *
485 * But we expect a 32 bytes key, and OTP is only 16 bytes
486 * => duplicate.
487 */
488 for (i = 0U, j = len; j < 32U;
489 i += sizeof(uint32_t), j += sizeof(uint32_t)) {
490 memcpy(key + j, key + i, sizeof(uint32_t));
491 }
492
493 *key_len = 32U;
494 /* Variable 'key' store a real key */
495 *flags = 0U;
496
497 return 0;
498}
499
500int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key,
501 size_t *key_len, unsigned int *flags,
502 const uint8_t *img_id, size_t img_id_len)
503{
504 uint32_t otp_idx;
505 uint32_t otp_len;
506 size_t read_len;
507 size_t i;
508
509 if (fw_enc_status == FW_ENC_WITH_BSSK) {
510 return -EINVAL;
511 }
512
513 if (stm32_get_otp_index(ENCKEY_OTP, &otp_idx, &otp_len) != 0) {
514 VERBOSE("%s: get %s index error\n", __func__, ENCKEY_OTP);
515 return -EINVAL;
516 }
517
518 if (otp_len > (*key_len * CHAR_BIT)) {
519 VERBOSE("%s: length Error otp_len=%u key_len=%u\n", __func__,
520 otp_len, *key_len * CHAR_BIT);
521 return -EINVAL;
522 }
523
524 read_len = otp_len / CHAR_BIT;
525 assert(read_len % sizeof(uint32_t) == 0);
526
527 for (i = 0U; i < read_len / sizeof(uint32_t); i++) {
528 uint32_t tmp;
529 uint32_t otp_val;
530
531 if (stm32_get_otp_value_from_idx(otp_idx + i, &otp_val) != 0) {
532 zeromem(key, *key_len);
533 VERBOSE("%s: unable to read from otp\n", __func__);
534 return -EINVAL;
535 }
536
537 tmp = bswap32(otp_val);
538 memcpy(key + i * sizeof(uint32_t), &tmp, sizeof(tmp));
539 }
540
541 /* Now we have the OTP values in key till read_len */
542
543 if (derive_key(key, key_len, read_len, flags, img_id,
544 img_id_len) != 0) {
545 zeromem(key, *key_len);
546 return -EINVAL;
547 }
548
549 return 0;
550}
551
552static enum stm32_saes_key_selection select_key(unsigned int key_flags)
553{
554 if ((key_flags & ENC_KEY_IS_IDENTIFIER) != 0U) {
555 panic();
556 }
557
558 /* Use the provided key buffer */
559 return STM32_SAES_KEY_SOFT;
560}
561
562static int stm32_decrypt_aes_gcm(void *data, size_t data_len,
563 const void *key, unsigned int key_len,
564 unsigned int key_flags,
565 const void *iv, unsigned int iv_len,
566 const void *tag, unsigned int tag_len)
567{
568 int ret;
569 struct stm32_saes_context ctx;
570 unsigned char tag_buf[CRYPTO_MAX_TAG_SIZE];
571 enum stm32_saes_key_selection key_mode;
572 unsigned int diff = 0U;
573 unsigned int i;
574
575 key_mode = select_key(key_flags);
576
577 ret = stm32_saes_init(&ctx, true, STM32_SAES_MODE_GCM, key_mode, key,
578 key_len, iv, iv_len);
579 if (ret != 0) {
580 return CRYPTO_ERR_INIT;
581 }
582
583 ret = stm32_saes_update_assodata(&ctx, true, NULL, 0U);
584 if (ret != 0) {
585 return CRYPTO_ERR_DECRYPTION;
586 }
587
588 ret = stm32_saes_update_load(&ctx, true, data, data, data_len);
589 if (ret != 0) {
590 return CRYPTO_ERR_DECRYPTION;
591 }
592
593 ret = stm32_saes_final(&ctx, tag_buf, sizeof(tag_buf));
594 if (ret != 0) {
595 return CRYPTO_ERR_DECRYPTION;
596 }
597
598 /* Check tag in "constant-time" */
599 for (i = 0U; i < tag_len; i++) {
600 diff |= ((const unsigned char *)tag)[i] ^ tag_buf[i];
601 }
602
603 if (diff != 0U) {
604 return CRYPTO_ERR_DECRYPTION;
605 }
606
607 return CRYPTO_SUCCESS;
608}
609
610/*
611 * Authenticated decryption of an image
612 *
613 */
614static int crypto_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, size_t len,
615 const void *key, unsigned int key_len, unsigned int key_flags,
616 const void *iv, unsigned int iv_len, const void *tag,
617 unsigned int tag_len)
618{
619 int rc = -1;
620 uint32_t real_iv[4];
621
622 switch (dec_algo) {
623 case CRYPTO_GCM_DECRYPT:
624 /*
625 * GCM expect a Nonce
626 * The AES IV is the nonce (a uint32_t[3])
627 * then a counter (a uint32_t big endian)
628 * The counter starts at 2.
629 */
630 memcpy(real_iv, iv, iv_len);
631 real_iv[3] = htobe32(0x2U);
632
633 rc = stm32_decrypt_aes_gcm(data_ptr, len, key, key_len, key_flags,
634 real_iv, sizeof(real_iv), tag, tag_len);
635 break;
636 default:
637 rc = CRYPTO_ERR_DECRYPTION;
638 break;
639 }
640
641 if (rc != 0) {
642 return rc;
643 }
644
645 return CRYPTO_SUCCESS;
646}
647
648REGISTER_CRYPTO_LIB("stm32_crypto_lib",
649 crypto_lib_init,
650 crypto_verify_signature,
651 crypto_verify_hash,
652 crypto_auth_decrypt);
653
654#else /* No decryption support */
655REGISTER_CRYPTO_LIB("stm32_crypto_lib",
656 crypto_lib_init,
657 crypto_verify_signature,
658 crypto_verify_hash,
659 NULL);
660
661#endif