fix(intel): reject non 4-byte align request size for FPGA Crypto Service (FCS)

This patch is to add size checking to make sure that
each certificate and encryption/decryption request
are 4-byte align as this driver is expecting. Unaligned
size may indicate invalid/corrupted request hence will
be rejected.

Signed-off-by: Abdul Halim, Muhammad Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com>
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: Ib6f97849ec470e45679c5adc4fbfa3afd10eda90

plat/intel/soc/common/sip/socfpga_sip_fcs.c

@@ -11,6 +11,15 @@
 #include "socfpga_mailbox.h"
 #include "socfpga_sip_svc.h"
 
+static bool is_size_4_bytes_aligned(uint32_t size)
+{
+	if ((size % MBOX_WORD_BYTE) != 0U) {
+		return false;
+	} else {
+		return true;
+	}
+}
+
 uint32_t intel_fcs_random_number_gen(uint64_t addr, uint64_t *ret_size,
 					uint32_t *mbox_error)
 {
@@ -57,6 +66,10 @@ uint32_t intel_fcs_send_cert(uint64_t addr, uint64_t size,
 		return INTEL_SIP_SMC_STATUS_REJECTED;
 	}
 
+	if (!is_size_4_bytes_aligned(size)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	status = mailbox_send_cmd_async(send_id, MBOX_CMD_VAB_SRC_CERT,
 				(uint32_t *)addr, size / MBOX_WORD_BYTE,
 				CMD_DIRECT);
@@ -89,11 +102,6 @@ uint32_t intel_fcs_cryption(uint32_t mode, uint32_t src_addr,
 	int status;
 	uint32_t cmd;
 
-	if (!is_address_in_ddr_range(src_addr, src_size) ||
-		!is_address_in_ddr_range(dst_addr, dst_size)) {
-		return INTEL_SIP_SMC_STATUS_REJECTED;
-	}
-
 	fcs_crypt_payload payload = {
 		FCS_CRYPTION_DATA_0,
 		src_addr,
@@ -101,6 +109,15 @@ uint32_t intel_fcs_cryption(uint32_t mode, uint32_t src_addr,
 		dst_addr,
 		dst_size };
 
+	if (!is_address_in_ddr_range(src_addr, src_size) ||
+		!is_address_in_ddr_range(dst_addr, dst_size)) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
+	if (!is_size_4_bytes_aligned(sizeof(fcs_crypt_payload))) {
+		return INTEL_SIP_SMC_STATUS_REJECTED;
+	}
+
 	if (mode != 0U) {
 		cmd = MBOX_FCS_ENCRYPT_REQ;
 	} else {