From 93d3c451da7014193220c3f686c4b6379a1c5095 Mon Sep 17 00:00:00 2001
From: Jerome Forissier <jerome.forissier@linaro.org>
Date: Fri, 8 Sep 2017 15:51:07 +0200
Subject: [PATCH] core: pager: ltc: prng: add entropy to the AE key for paged
 TAs

This commit fixes a vulnerability (OP-TEE-2017-0001) that affects
platforms built with CFG_WITH_SOFTWARE_PRNG=y. Note however that
platforms that also set CFG_SECURE_TIME_SOURCE_REE=y are still
vulnerable, unless they provide an implementation of
plat_prng_add_jitter_entropy_norpc().

Adds some entropy to the PRNG used to generate the AE key for paged
user TAs.

Link: https://op-tee.org/security-advisories/
Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
---
 core/lib/libtomcrypt/src/tee_ltc_provider.c | 27 ++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c
index 6e825492e3d..69fae64663a 100644
--- a/core/lib/libtomcrypt/src/tee_ltc_provider.c
+++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c
@@ -2926,6 +2926,30 @@ static TEE_Result prng_read(void *buf, size_t blen)
 	return TEE_SUCCESS;
 }
 
+/* Called as a result of rng_generate() below */
+static TEE_Result _tee_ltc_prng_add_entropy(
+	const uint8_t *inbuf __maybe_unused, size_t len __maybe_unused)
+{
+#if defined(CFG_WITH_SOFTWARE_PRNG)
+	int err;
+#ifdef _CFG_CRYPTO_WITH_FORTUNA_PRNG
+        int (*add_entropy)(const unsigned char *, unsigned long,
+                           prng_state *) = fortuna_add_entropy;
+#else
+        int (*add_entropy)(const unsigned char *, unsigned long,
+                           prng_state *) = rc4_add_entropy;
+#endif
+
+	err = add_entropy(inbuf, len, &_tee_ltc_prng.state);
+	if (err != CRYPT_OK)
+		return TEE_ERROR_BAD_STATE;
+
+	return TEE_SUCCESS;
+#else
+	return TEE_ERROR_BAD_STATE;
+#endif
+}
+
 static TEE_Result prng_add_entropy(const uint8_t *inbuf, size_t len)
 {
 	int err;
@@ -2934,7 +2958,7 @@ static TEE_Result prng_add_entropy(const uint8_t *inbuf, size_t len)
 	err = prng_is_valid(prng->index);
 
 	if (err != CRYPT_OK)
-		return TEE_ERROR_BAD_STATE;
+		return _tee_ltc_prng_add_entropy(inbuf, len);
 
 	err = prng_descriptor[prng->index]->add_entropy(
 			inbuf, len, &prng->state);
@@ -3101,6 +3125,7 @@ TEE_Result rng_generate(void *buffer, size_t len)
 	if (!_tee_ltc_prng.inited) {
 		if (start(&_tee_ltc_prng.state) != CRYPT_OK)
 			return TEE_ERROR_BAD_STATE;
+		plat_prng_add_jitter_entropy_norpc();
 		if (ready(&_tee_ltc_prng.state) != CRYPT_OK)
 			return TEE_ERROR_BAD_STATE;
 		_tee_ltc_prng.inited = true;