From 218660e6946b06dcbea37215356f71bc4dce4b61 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Mon, 22 Apr 2024 23:47:08 +0200
Subject: [PATCH] Only allow change PHY without PIN. PIN is required for other
 extra options.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/cmd_extras.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c
index f801852..02736ee 100644
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -28,6 +28,12 @@
 #include "mbedtls/chachapoly.h"
 
 int cmd_extras() {
+#ifndef ENABLE_EMULATION
+    // Only allow change PHY without PIN
+    if (!isUserAuthenticated && P1(apdu) != 0x1B) {
+        return SW_SECURITY_STATUS_NOT_SATISFIED();
+    }
+#endif
     if (P1(apdu) == 0xA) { //datetime operations
         if (P2(apdu) != 0x0) {
             return SW_INCORRECT_P1P2();