WeaverApplet:Increase failure count before key compare for security

Resist Cancle-After-Match-Fail and Match-After-Lock Bug: https://issuetracker.google.com/issues/292464264 Test: N/A Change-Id: If30e12dcc485127ee82bf3df465e28511396fcca Signed-off-by: 鞠明岐 <jumingqi@xiaomi.corp-partner.google.com>
author: 鞠明岐 <jumingqi@xiaomi.corp-partner.google.com> 2023-07-24 10:59:58 +0800
committer: 鞠明岐 <jumingqi@xiaomi.corp-partner.google.com> 2023-08-03 14:39:25 +0800
commit: 9339e797ef411c3c47df19ab557552dae5c8b595 (patch)
tree: 8957b4dbf609ac90eff835d5a0043e97981ff859
parent: 86340259e968f3cbb906e814b531fd2686ab5894 (diff)
download: libese-9339e797ef411c3c47df19ab557552dae5c8b595.tar.gz
1 files changed, 16 insertions, 15 deletions
diff --git a/apps/weaver/card/src/com/android/weaver/core/CoreSlots.java b/apps/weaver/card/src/com/android/weaver/core/CoreSlots.java
index b2ef6b7..4fb86cd 100644
--- a/apps/weaver/card/src/com/android/weaver/core/CoreSlots.java
+++ b/apps/weaver/card/src/com/android/weaver/core/CoreSlots.java
@@ -156,22 +156,11 @@ class CoreSlots implements Slots {
                 return Consts.READ_BACK_OFF;
             }
 
-            // Check the key matches in constant time and copy out the value if it does
-            byte result = (Util.arrayCompare(
-                    keyBuffer, keyOffset, mKey, (short) 0, Consts.SLOT_KEY_BYTES) == 0) ?
-                    Consts.READ_SUCCESS : Consts.READ_WRONG_KEY;
-
-            // Keep track of the number of failures
-            if (result == Consts.READ_WRONG_KEY) {
-                if (mFailureCount != 0x7fff) {
-                    mFailureCount += 1;
-                }
-            } else {
-                // This read was successful so reset the failures
-                if (mFailureCount != 0) { // attempt to maintain constant time
-                    mFailureCount = 0;
-                }
+            // Assume this read will fail
+            if (mFailureCount != 0x7fff) {
+                mFailureCount += 1;
             }
+            byte result = Consts.READ_WRONG_KEY;
 
             // Start the timer on a failure
             if (throttle(sRemainingBackoff, (short) 0, mFailureCount)) {
@@ -182,6 +171,18 @@ class CoreSlots implements Slots {
                 mBackoffTimer.stopTimer();
             }
 
+            // Check the key matches in constant time and copy out the value if it does
+            result = (Util.arrayCompare(
+                    keyBuffer, keyOffset, mKey, (short) 0, Consts.SLOT_KEY_BYTES) == 0) ?
+                    Consts.READ_SUCCESS : result;
+
+            // Keep track of the number of failures
+            if (result == Consts.READ_SUCCESS) {
+                // This read was successful so reset the failures
+                mFailureCount = 0;
+                mBackoffTimer.stopTimer();
+            }
+
             final byte[] data = (result == Consts.READ_SUCCESS) ? mValue : sRemainingBackoff;
             Util.arrayCopyNonAtomic(data, (short) 0, outBuffer, outOffset, Consts.SLOT_VALUE_BYTES);
author	鞠明岐 <jumingqi@xiaomi.corp-partner.google.com>	2023-07-24 10:59:58 +0800
committer	鞠明岐 <jumingqi@xiaomi.corp-partner.google.com>	2023-08-03 14:39:25 +0800
commit	9339e797ef411c3c47df19ab557552dae5c8b595 (patch)
tree	8957b4dbf609ac90eff835d5a0043e97981ff859
parent	86340259e968f3cbb906e814b531fd2686ab5894 (diff)
download	libese-9339e797ef411c3c47df19ab557552dae5c8b595.tar.gz