50 	int ret;  in crypto_lib_init()  local
54 	ret = stm32_hash_register();  in crypto_lib_init()
55 	if (ret != 0) {  in crypto_lib_init()
56 		ERROR("HASH init (%d)\n", ret);  in crypto_lib_init()
85 	int ret;  in get_plain_pk_from_asn1()  local
99 	ret =  mbedtls_asn1_get_tag(&p, end, len,  in get_plain_pk_from_asn1()
101 	if (ret != 0) {  in get_plain_pk_from_asn1()
106 	ret = mbedtls_asn1_get_alg(&p, end, &alg_oid, &alg_params);  in get_plain_pk_from_asn1()
107 	if (ret != 0) {  in get_plain_pk_from_asn1()
108 		VERBOSE("%s: mbedtls_asn1_get_alg (%d)\n", __func__, ret);  in get_plain_pk_from_asn1()
125 	ret = mbedtls_asn1_get_bitstring_null(&p, end, len);  in get_plain_pk_from_asn1()
126 	if (ret != 0) {  in get_plain_pk_from_asn1()
127 		VERBOSE("%s: mbedtls_asn1_get_bitstring_null (%d)\n", __func__, ret);  in get_plain_pk_from_asn1()
147 	int ret;  in verify_signature()  local
149 	ret = mmap_add_dynamic_region(STM32MP_ROM_BASE, STM32MP_ROM_BASE,  in verify_signature()
151 	if (ret != 0) {  in verify_signature()
152 		VERBOSE("%s: mmap_add_dynamic_region (%d)\n", __func__, ret);  in verify_signature()
156 	ret = auth_ops.verify_signature(hash_in, pubkey_in, signature, ecc_algo);  in verify_signature()
158 	if (ret != BOOT_API_RETURN_OK) {  in verify_signature()
159 		VERBOSE("%s: auth_ops.verify_sign (%d)\n", __func__, ret);  in verify_signature()
160 		ret = CRYPTO_ERR_SIGNATURE;  in verify_signature()
162 		ret = 0;  in verify_signature()
167 	return ret;  in verify_signature()
174 	int ret;  in crypto_convert_pk()  local
176 	ret = get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, hashed_pk_ptr, &len, NULL);  in crypto_convert_pk()
177 	if (ret == 0) {  in crypto_convert_pk()
181 	return ret;  in crypto_convert_pk()
187 	int ret = -1;  in verify_signature()  local
194 		ret = 0;  in verify_signature()
202 		ret = 0;  in verify_signature()
212 	if (ret < 0) {  in verify_signature()
216 	ret = stm32_pka_ecdsa_verif(hash_in,  in verify_signature()
224 	if (ret < 0) {  in verify_signature()
235 	int ret;  in crypto_convert_pk()  local
241 	ret = get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, &plain_pk, &len, &curve_id);  in crypto_convert_pk()
242 	if ((ret != 0) || (len > CRYPTO_PUBKEY_MAX_SIZE))  {  in crypto_convert_pk()
261 	int ret;  in get_plain_digest_from_asn1()  local
272 	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |  in get_plain_digest_from_asn1()
274 	if (ret != 0) {  in get_plain_digest_from_asn1()
275 		return ret;  in get_plain_digest_from_asn1()
279 	ret = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);  in get_plain_digest_from_asn1()
280 	if (ret != 0) {  in get_plain_digest_from_asn1()
281 		return ret;  in get_plain_digest_from_asn1()
284 	ret = mbedtls_oid_get_md_alg(&hash_oid, md_alg);  in get_plain_digest_from_asn1()
285 	if (ret != 0) {  in get_plain_digest_from_asn1()
286 		return ret;  in get_plain_digest_from_asn1()
289 	ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);  in get_plain_digest_from_asn1()
290 	if (ret != 0) {  in get_plain_digest_from_asn1()
291 		return ret;  in get_plain_digest_from_asn1()
313 	int ret;  in crypto_verify_signature()  local
333 	ret = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);  in crypto_verify_signature()
334 	if (ret != 0) {  in crypto_verify_signature()
335 		VERBOSE("%s: mbedtls_asn1_get_alg (%d)\n", __func__, ret);  in crypto_verify_signature()
340 	ret = mbedtls_oid_get_sig_alg(&sig_oid, &md_alg, &pk_alg);  in crypto_verify_signature()
341 	if (ret != 0) {  in crypto_verify_signature()
342 		VERBOSE("%s: mbedtls_oid_get_sig_alg (%d)\n", __func__, ret);  in crypto_verify_signature()
351 	ret = get_plain_pk_from_asn1(pk_ptr, pk_len, &pk_ptr, &len, &curve_id);  in crypto_verify_signature()
352 	if (ret != 0) {  in crypto_verify_signature()
353 		VERBOSE("%s: get_plain_pk_from_asn1 (%d)\n", __func__, ret);  in crypto_verify_signature()
371 	ret = mbedtls_asn1_get_bitstring_null(&p, end, &len);  in crypto_verify_signature()
372 	if (ret != 0) {  in crypto_verify_signature()
373 		VERBOSE("%s: mbedtls_asn1_get_bitstring_null (%d)\n", __func__, ret);  in crypto_verify_signature()
378 	ret = mbedtls_asn1_get_sequence_of(&p, end, &seq, MBEDTLS_ASN1_INTEGER);  in crypto_verify_signature()
379 	if (ret != 0) {  in crypto_verify_signature()
380 		VERBOSE("%s: mbedtls_asn1_get_sequence_of (%d)\n", __func__, ret);  in crypto_verify_signature()
437 	ret = stm32_hash_final_update((uint8_t *)data_ptr, data_len, image_hash);  in crypto_verify_signature()
438 	if (ret != 0) {  in crypto_verify_signature()
439 		VERBOSE("%s: stm32_hash_final_update (%d)\n", __func__, ret);  in crypto_verify_signature()
450 	int ret;  in crypto_verify_hash()  local
457 	ret = get_plain_digest_from_asn1(digest_info_ptr,  in crypto_verify_hash()
460 	if ((ret != 0) || (md_alg != MBEDTLS_MD_SHA256) || (len != sizeof(calc_hash))) {  in crypto_verify_hash()
469 	ret = stm32_hash_final_update(data_ptr, data_len, calc_hash);  in crypto_verify_hash()
470 	if (ret != 0) {  in crypto_verify_hash()
475 	ret = memcmp(calc_hash, digest_info_ptr, digest_info_len);  in crypto_verify_hash()
476 	if (ret != 0) {  in crypto_verify_hash()
478 		ret = CRYPTO_ERR_HASH;  in crypto_verify_hash()
481 	return ret;  in crypto_verify_hash()
578 	int ret;  in stm32_decrypt_aes_gcm()  local
587 	ret = stm32_saes_init(&ctx, true, STM32_SAES_MODE_GCM, key_mode, key,  in stm32_decrypt_aes_gcm()
589 	if (ret != 0) {  in stm32_decrypt_aes_gcm()
593 	ret = stm32_saes_update_assodata(&ctx, true, NULL, 0U);  in stm32_decrypt_aes_gcm()
594 	if (ret != 0) {  in stm32_decrypt_aes_gcm()
598 	ret = stm32_saes_update_load(&ctx, true, data, data, data_len);  in stm32_decrypt_aes_gcm()
599 	if (ret != 0) {  in stm32_decrypt_aes_gcm()
603 	ret = stm32_saes_final(&ctx, tag_buf, sizeof(tag_buf));  in stm32_decrypt_aes_gcm()
604 	if (ret != 0) {  in stm32_decrypt_aes_gcm()