aboot: mdtp: Fix insecure defaults issue.
This change fixes a minor issue of insecure defaults in mdtp pin
check.
Change-Id: Idf51c699cd52efd5a675a3366a0bbb3de122aab4
diff --git a/app/aboot/mdtp.c b/app/aboot/mdtp.c
index a38092e..e1e9568 100644
--- a/app/aboot/mdtp.c
+++ b/app/aboot/mdtp.c
@@ -410,7 +410,7 @@
uint32_t pin_length = 0;
char entered_pin[MDTP_PIN_LEN+1] = {0};
uint32_t i;
- char pin_mismatch = 0;
+ int pin_mismatch = -1;
if (mdtp_cfg->enable_local_pin_authentication)
{
@@ -434,12 +434,14 @@
// (with INVALID_PIN_DELAY_MSECONDS after each failed attempt)
while (1)
{
+ pin_mismatch = pin_length;
get_pin_from_user(entered_pin, pin_length);
// Go over the entire PIN in any case, to prevent side-channel attacks
for (i=0; i<pin_length; i++)
{
- pin_mismatch |= mdtp_cfg->mdtp_pin.mdtp_pin[i] ^ entered_pin[i];
+ // If current digit match, reduce 1 from pin_mismatch
+ pin_mismatch -= (((mdtp_cfg->mdtp_pin.mdtp_pin[i] ^ entered_pin[i]) == 0) ? 1 : 0);
}
if (0 == pin_mismatch)
@@ -455,8 +457,6 @@
// for INVALID_PIN_DELAY_MSECONDS), and allow the user to try again
dprintf(CRITICAL, "mdtp: display_recovery_ui: ERROR, invalid PIN\n");
display_invalid_pin_msg();
-
- pin_mismatch = 0;
}
}
}