core: pager: ltc: prng: add entropy to the AE key for paged TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still vulnerable, unless they provide an implementation of plat_prng_add_jitter_entropy_norpc(). Adds some entropy to the PRNG used to generate the AE key for paged user TAs. Link: https://op-tee.org/security-advisories/ Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org> Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
OP-TEE · Oct 11, 2017 · 93d3c45 · 93d3c45
1 parent 12af5db
commit 93d3c45
Showing 1 changed file with 26 additions and 1 deletion.
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -2926,6 +2926,30 @@ static TEE_Result prng_read(void *buf, size_t blen)
 	return TEE_SUCCESS;
 }
 
+/* Called as a result of rng_generate() below */
+static TEE_Result _tee_ltc_prng_add_entropy(
+	const uint8_t *inbuf __maybe_unused, size_t len __maybe_unused)
+{
+#if defined(CFG_WITH_SOFTWARE_PRNG)
+	int err;
+#ifdef _CFG_CRYPTO_WITH_FORTUNA_PRNG
+        int (*add_entropy)(const unsigned char *, unsigned long,
+                           prng_state *) = fortuna_add_entropy;
+#else
+        int (*add_entropy)(const unsigned char *, unsigned long,
+                           prng_state *) = rc4_add_entropy;
+#endif
+
+	err = add_entropy(inbuf, len, &_tee_ltc_prng.state);
+	if (err != CRYPT_OK)
+		return TEE_ERROR_BAD_STATE;
+
+	return TEE_SUCCESS;
+#else
+	return TEE_ERROR_BAD_STATE;
+#endif
+}
+
 static TEE_Result prng_add_entropy(const uint8_t *inbuf, size_t len)
 {
 	int err;
@@ -2934,7 +2958,7 @@ static TEE_Result prng_add_entropy(const uint8_t *inbuf, size_t len)
 	err = prng_is_valid(prng->index);
 
 	if (err != CRYPT_OK)
-		return TEE_ERROR_BAD_STATE;
+		return _tee_ltc_prng_add_entropy(inbuf, len);
 
 	err = prng_descriptor[prng->index]->add_entropy(
 			inbuf, len, &prng->state);
@@ -3101,6 +3125,7 @@ TEE_Result rng_generate(void *buffer, size_t len)
 	if (!_tee_ltc_prng.inited) {
 		if (start(&_tee_ltc_prng.state) != CRYPT_OK)
 			return TEE_ERROR_BAD_STATE;
+		plat_prng_add_jitter_entropy_norpc();
 		if (ready(&_tee_ltc_prng.state) != CRYPT_OK)
 			return TEE_ERROR_BAD_STATE;
 		_tee_ltc_prng.inited = true;