dearsky/pico-hsm
1
0
Fork 0
Code Issues 17 Pull Requests 4 Actions Packages Projects Releases 26 Wiki Activity

Accept mkek mask only if secure lock is enabled.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2024-12-08 01:23:51 +01:00
parent 053ccf4a89
commit 859dec7e4a
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/hsm/cmd_extras.c
View File

@@ -162,13 +162,12 @@ int cmd_extras() {
if (mse.init == false) { if (mse.init == false) {
return SW_COMMAND_NOT_ALLOWED(); return SW_COMMAND_NOT_ALLOWED();
} }
uint16_t opts = get_device_options();
int ret = mse_decrypt_ct(apdu.data, apdu.nc); int ret = mse_decrypt_ct(apdu.data, apdu.nc);
if (ret != 0) { if (ret != 0) {
return SW_WRONG_DATA(); return SW_WRONG_DATA();
} }
if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable if (P2(apdu) == SECURE_LOCK_ENABLE || P2(apdu) == SECURE_LOCK_DISABLE) { // Enable
uint16_t opts = get_device_options();
uint8_t newopts[] = { opts >> 8, (opts & 0xff) }; uint8_t newopts[] = { opts >> 8, (opts & 0xff) };
if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) || if ((P2(apdu) == SECURE_LOCK_ENABLE && !(opts & HSM_OPT_SECURE_LOCK)) ||
(P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) { (P2(apdu) == SECURE_LOCK_DISABLE && (opts & HSM_OPT_SECURE_LOCK))) {
@@ -196,7 +195,7 @@ int cmd_extras() {
file_put_data(tf, newopts, sizeof(newopts)); file_put_data(tf, newopts, sizeof(newopts));
low_flash_available(); low_flash_available();
} }
else if (P2(apdu) == SECURE_LOCK_MASK) { else if (P2(apdu) == SECURE_LOCK_MASK && (opts & HSM_OPT_SECURE_LOCK)) {
memcpy(mkek_mask, apdu.data, MKEK_KEY_SIZE); memcpy(mkek_mask, apdu.data, MKEK_KEY_SIZE);
has_mkek_mask = true; has_mkek_mask = true;
} }