commit 231ca5c79700b39dd9b7b6331a68b705a0c95813
author Jit Loon Lim <jit.loon.lim@intel.com> Wed Sep 13 09:25:59 2023 +0800
committer Sieu Mun Tang <sieu.mun.tang@intel.com> Fri Dec 15 01:44:29 2023 +0800
tree 7562eeb21494519020978be3eb5a966d4ad5918a
parent bb653a35a679202c4d2f37e7ca201e259e63a0eb

fix(intel): update fcs crypto init code to check for mode

The shall code only limit ECB, CBC and CTR mode to flow through the init
function. Anything other than that, the code shall reject to prevent
security vulnerability.

Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I702ce90e229188830f8936bee2999610e9559b8b

plat/intel/soc/common/sip/socfpga_sip_fcs.c

diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index beaa720..e25c96e 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -2171,14 +2171,28 @@
 
 	param_addr_ptr = (uint64_t *) param_addr;
 
+	/* Check if mbox_error is not NULL or 0xF or 0x3FF */
+	if (mbox_error == NULL || *mbox_error > 0xF ||
+		(*mbox_error != 0 && *mbox_error != 0x3FF)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	/* Check if param_addr is not 0 or larger that 0xFFFFFFFFFF */
+	if (param_addr == 0 || param_addr > 0xFFFFFFFFFF) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	/*
-	 * Since crypto param size vary between mode.
-	 * Check ECB here and limit to size 12 bytes
+	 * Check if not ECB, CBC and CTR mode, addr ptr is NULL.
+	 * Return "Reject" status
 	 */
-	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
-		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
+	if ((param_addr_ptr == NULL) ||
+		(((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_ECB_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CBC_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CTR_MODE))) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
+
 	/*
 	 * Since crypto param size vary between mode.
 	 * Check CBC/CTR here and limit to size 28 bytes
@@ -2189,7 +2203,12 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if (mbox_error == NULL) {
+	/*
+	 * Since crypto param size vary between mode.
+	 * Check ECB here and limit to size 12 bytes
+	 */
+	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
+		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}