Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 81ab27ea0f32d5f8830da53402183433b15cbea2^! / . / plat
commit81ab27ea0f32d5f8830da53402183433b15cbea2[log] [tgz]
authorGirisha Dengi <girisha.dengi@intel.com>Fri Mar 21 19:50:54 2025 +0800
committerJit Loon Lim <jit.loon.lim@altera.com>Tue May 20 15:03:57 2025 +0800
tree4dc3e6436d90e3be1356d70a748b217a1e675211
parent0c97aed283ae7cddbc6a048a0cea55353a12de94 [diff]
fix(intel): verify data size in AES GCM and GCM-GHASH modes

On the Agilex5 platform, in the FCS AES GCM and GCM-GHASH
modes enc/dec data size should be 0 or multiple of 16bytes.

Change-Id: I23e51bf942771e74d16f8a87fbfdbf36ef3c3893
Signed-off-by: Girisha Dengi <girisha.dengi@intel.com>
Signed-off-by: Jit Loon Lim <jit.loon.lim@altera.com>

diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 97ea850..21d9b66 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h

@@ -76,6 +76,10 @@
 #define FCS_MAX_DATA_SIZE					0x20000000	/* 512 MB */
 #define FCS_MIN_DATA_SIZE					0x8	/* 8 Bytes */
 
+#define FCS_AES_DATA_SIZE_CHECK(x)				(((x >= FCS_AES_MIN_DATA_SIZE) && \
+								  (x <= FCS_AES_MAX_DATA_SIZE)) ? \
+								  true : false)
+
 #define FCS_GET_DIGEST_CMD_MAX_WORD_SIZE			7U
 #define FCS_GET_DIGEST_RESP_MAX_WORD_SIZE			19U
 #define FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE			23U

diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 443f6b1..f184788 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c

@@ -2732,6 +2732,8 @@
 	uint32_t dst_addr_sdm = (uint32_t)dst_addr;
 	bool is_src_size_aligned;
 	bool is_dst_size_aligned;
+	bool is_src_size_valid;
+	bool is_dst_size_valid;
 
 	if (fcs_aes_init_payload.session_id != session_id ||
 		fcs_aes_init_payload.context_id != context_id) {
@@ -2741,6 +2743,8 @@
 	/* Default source and destination size align check, 32 bytes alignment. */
 	is_src_size_aligned = is_32_bytes_aligned(src_size);
 	is_dst_size_aligned = is_32_bytes_aligned(dst_size);
+	is_src_size_valid = FCS_AES_DATA_SIZE_CHECK(src_size);
+	is_dst_size_valid = FCS_AES_DATA_SIZE_CHECK(dst_size);
 
 	/*
 	 * Get the requested block mode.
@@ -2755,6 +2759,9 @@
 	    (block_mode == FCS_CRYPTO_GCM_GHASH_MODE)) {
 		is_src_size_aligned = is_16_bytes_aligned(src_size);
 		is_dst_size_aligned = is_16_bytes_aligned(dst_size);
+		/* The size validity here is, should be 0 or multiples of 16 bytes. */
+		is_src_size_valid = is_16_bytes_aligned(src_size);
+		is_dst_size_valid = is_16_bytes_aligned(dst_size);
 	}
 #endif
 
@@ -2770,12 +2777,8 @@
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
-	if ((dst_size > FCS_AES_MAX_DATA_SIZE ||
-		dst_size < FCS_AES_MIN_DATA_SIZE) ||
-		(src_size > FCS_AES_MAX_DATA_SIZE ||
-		src_size < FCS_AES_MIN_DATA_SIZE)) {
+	if (!is_src_size_valid || !is_dst_size_valid)
 		return INTEL_SIP_SMC_STATUS_REJECTED;
-	}
 
 	/* Prepare crypto header*/
 	flag = 0;