From 85ff92c4ded1ef156a422dd40a0f5a6f030e34d0 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Sun, 3 Apr 2022 20:40:16 +0200
Subject: [PATCH] Adding check for device options whether it can reset retry
 counter with PIN or without.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/sc_hsm.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/hsm/sc_hsm.c b/src/hsm/sc_hsm.c
index 35c3094..3cff83a 100644
--- a/src/hsm/sc_hsm.c
+++ b/src/hsm/sc_hsm.c
@@ -478,6 +478,7 @@ static int cmd_verify() {
 }
 
 static int cmd_reset_retry() {
+    uint16_t opts = get_device_options();
     if (P1(apdu) == 0x0) {
         if (P2(apdu) == 0x81) {
             if (!file_sopin || !file_pin1) {
@@ -488,6 +489,8 @@ static int cmd_reset_retry() {
             }
             if (apdu.cmd_apdu_data_len <= 8)
                 return SW_WRONG_LENGTH();
+            if (!(opts & HSM_OPT_RRC))
+                return SW_COMMAND_NOT_ALLOWED();
             uint16_t r = check_pin(file_sopin, apdu.cmd_apdu_data, 8);
             if (r != 0x9000)
                 return r;
@@ -513,6 +516,8 @@ static int cmd_reset_retry() {
             }
             if (apdu.cmd_apdu_data_len != 8)
                 return SW_WRONG_LENGTH();
+            if (!(opts & HSM_OPT_RRC) || !(opts & HSM_OPT_RRC_RESET_ONLY))
+                return SW_COMMAND_NOT_ALLOWED();
             uint16_t r = check_pin(file_sopin, apdu.cmd_apdu_data, 8);
             if (r != 0x9000)
                 return r;