Update cmd_extras.c

This security fix ensures that the extra settings, cannot be silently disabled, if button control enabled. So the button control setting cannot be silently (without button push) disabled, even if the user's PC is fully compromised.
2024-06-13 16:09:54 +09:00
parent 98e9b72b42
commit 87ffd21543
1 changed files with 4 additions and 0 deletions
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -28,6 +28,10 @@
 #include "mbedtls/chachapoly.h"

 int cmd_extras() {
+    //check button (if enabled)
+    if (wait_button_pressed() == true) { 
+                return SW_SECURE_MESSAGE_EXEC_ERROR();
+        }
    if (P1(apdu) == 0xA) { //datetime operations
        if (P2(apdu) != 0x0) {
            return SW_INCORRECT_P1P2();