fix(intel): update fcs crypto init code to check for mode

The shall code only limit ECB, CBC and CTR mode to flow through the init function. Anything other than that, the code shall reject to prevent security vulnerability. Signed-off-by: Jit Loon Lim <jit.loon.lim@intel.com> Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com> Change-Id: I702ce90e229188830f8936bee2999610e9559b8b
2025-04-16 09:34:18 +00:00 · 2023-09-13 09:25:59 +08:00 · 2023-09-13 09:25:59 +08:00 · b0f447897d
commit b0f447897d
parent d0574da589
1 changed files with 26 additions and 7 deletions
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@ -2171,14 +2171,28 @@ int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,

 	param_addr_ptr = (uint64_t *) param_addr;

-	/*
-	 * Since crypto param size vary between mode.
-	 * Check ECB here and limit to size 12 bytes
-	 */
-	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
-		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
+	/* Check if mbox_error is not NULL or 0xF or 0x3FF */
+	if (mbox_error == NULL || *mbox_error > 0xF ||
+		(*mbox_error != 0 && *mbox_error != 0x3FF)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
+
+	/* Check if param_addr is not 0 or larger that 0xFFFFFFFFFF */
+	if (param_addr == 0 || param_addr > 0xFFFFFFFFFF) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	/*
+	 * Check if not ECB, CBC and CTR mode, addr ptr is NULL.
+	 * Return "Reject" status
+	 */
+	if ((param_addr_ptr == NULL) ||
+		(((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_ECB_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CBC_MODE) &&
+		((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) != FCS_CRYPTO_CTR_MODE))) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	/*
 	 * Since crypto param size vary between mode.
 	 * Check CBC/CTR here and limit to size 28 bytes
@ -2189,7 +2203,12 @@ int intel_fcs_aes_crypt_init(uint32_t session_id, uint32_t context_id,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}

-	if (mbox_error == NULL) {
+	/*
+	 * Since crypto param size vary between mode.
+	 * Check ECB here and limit to size 12 bytes
+	 */
+	if (((*param_addr_ptr & FCS_CRYPTO_BLOCK_MODE_MASK) == FCS_CRYPTO_ECB_MODE) &&
+		(param_size > FCS_CRYPTO_ECB_BUFFER_SIZE)) {
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}