dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Only allow initialize if secure lock is disabled or has mkek mask.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-12-08 01:24:35 +01:00
parent 859dec7e4a
commit 320455815f
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/hsm/cmd_initialize.c
View File

@@ -43,10 +43,14 @@ extern void reset_puk_store();
int cmd_initialize() { int cmd_initialize() {
if (apdu.nc > 0) { if (apdu.nc > 0) {
uint8_t mkek[MKEK_SIZE]; uint8_t mkek[MKEK_SIZE];
uint16_t opts = get_device_options();
if (opts & HSM_OPT_SECURE_LOCK && !has_mkek_mask) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}
int ret_mkek = load_mkek(mkek); //Try loading MKEK with previous session int ret_mkek = load_mkek(mkek); //Try loading MKEK with previous session
initialize_flash(true); initialize_flash(true);
scan_all(); scan_all();
has_session_pin = has_session_sopin = false; has_session_pin = has_session_sopin = has_mkek_mask = false;
uint16_t tag = 0x0; uint16_t tag = 0x0;
uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL; uint8_t *tag_data = NULL, *p = NULL, *kds = NULL, *dkeks = NULL;
uint16_t tag_len = 0; uint16_t tag_len = 0;