diff options
author | Bipin Ravi <bipin.ravi@arm.com> | 2023-02-06 03:26:32 +0100 |
---|---|---|
committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2023-02-06 03:26:32 +0100 |
commit | 40f04e53aa4ef2c3155be2692400e9a911dd7c4a (patch) | |
tree | 1d8ce38ca78b9f5c063762f37ae69c6bc45239c8 | |
parent | a6e13d995b186f131e010bbdb86ffe7cfb2fdd17 (diff) | |
parent | 2b2eaf1d96255f5e56cf8469e98ee77631b0bcda (diff) | |
download | arm-trusted-firmware-40f04e53aa4ef2c3155be2692400e9a911dd7c4a.tar.gz |
Merge "fix(intel): fix fcs_client crashed when increased param size" into lts-v2.8
-rw-r--r-- | plat/intel/soc/common/include/socfpga_fcs.h | 8 | ||||
-rw-r--r-- | plat/intel/soc/common/sip/socfpga_sip_fcs.c | 23 |
2 files changed, 31 insertions, 0 deletions
diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h index 893551de3..91e00361b 100644 --- a/plat/intel/soc/common/include/socfpga_fcs.h +++ b/plat/intel/soc/common/include/socfpga_fcs.h @@ -84,6 +84,14 @@ #define FCS_ECDSA_HASH_SIGN_CMD_MAX_WORD_SIZE 17U #define FCS_ECDSA_HASH_SIG_VERIFY_CMD_MAX_WORD_SIZE 52U #define FCS_ECDH_REQUEST_CMD_MAX_WORD_SIZE 29U + +#define FCS_CRYPTO_ECB_BUFFER_SIZE 12U +#define FCS_CRYPTO_CBC_CTR_BUFFER_SIZE 28U +#define FCS_CRYPTO_BLOCK_MODE_MASK 0x07 +#define FCS_CRYPTO_ECB_MODE 0x00 +#define FCS_CRYPTO_CBC_MODE 0x01 +#define FCS_CRYPTO_CTR_MODE 0x02 + /* FCS Payload Structure */ typedef struct fcs_rng_payload_t { uint32_t session_id; diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c index facee0fbd..5f6f5decf 100644 --- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c +++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c @@ -1620,6 +1620,29 @@ int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id, uint32_t key_id, uint64_t param_addr, uint32_t param_size, uint32_t *mbox_error) { + /* ptr to get param_addr value */ + uint64_t *param_addr_ptr; + + param_addr_ptr = (uint64_t *) param_addr; + + /* + * Since crypto param size vary between mode. + * Check ECB here and limit to size 12 bytes + */ + if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) && + (param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) { + return INTEL_SIP_SMC_STATUS_REJECTED; + } + /* + * Since crypto param size vary between mode. + * Check CBC/CTR here and limit to size 28 bytes + */ + if ((((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_CBC_MODE) || + ((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_CTR_MODE)) && + (param_size > FCS_CRYPTO_CBC_CTR_BUFFER_SIZE)) { + return INTEL_SIP_SMC_STATUS_REJECTED; + } + if (mbox_error == NULL) { return INTEL_SIP_SMC_STATUS_REJECTED; } |