Skip to content

Commit

Permalink
Restrict passcodes to the values 00000001 to 99999998 in decimal as p…
Browse files Browse the repository at this point in the history
…er 5.1.1.6 (#9977)
  • Loading branch information
bluebin14 authored Sep 27, 2021
1 parent 45c7a41 commit 12ce672
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/protocols/secure_channel/PASESession.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -221,8 +221,8 @@ CHIP_ERROR PASESession::GeneratePASEVerifier(PASEVerifier & verifier, uint32_t p
{
ReturnErrorOnFailure(DRBG_get_bytes(reinterpret_cast<uint8_t *>(&setupPIN), sizeof(setupPIN)));

// Use only kSetupPINCodeFieldLengthInBits bits out of the code
setupPIN &= ((1 << kSetupPINCodeFieldLengthInBits) - 1);
// Passcodes shall be restricted to the values 00000001 to 99999998 in decimal, see 5.1.1.6
setupPIN = (setupPIN % 99999998) + 1;
}

return PASESession::ComputePASEVerifier(setupPIN, pbkdf2IterCount, salt, verifier);
Expand Down

0 comments on commit 12ce672

Please sign in to comment.