From 87ffd21543ba4df1e8b52e25e32f5e1cecff35f7 Mon Sep 17 00:00:00 2001
From: fastchain <at@symbiosis.finance>
Date: Thu, 13 Jun 2024 16:09:54 +0900
Subject: [PATCH 1/3] Update cmd_extras.c

This security fix ensures that the extra settings, cannot be silently disabled, if button control enabled. So the button control setting cannot be silently (without button push) disabled, even if the user's PC is fully compromised.
---
 src/hsm/cmd_extras.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/hsm/cmd_extras.c b/src/hsm/cmd_extras.c
index e0f26ba..d484b17 100644
--- a/src/hsm/cmd_extras.c
+++ b/src/hsm/cmd_extras.c
@@ -28,6 +28,10 @@
 #include "mbedtls/chachapoly.h"
 
 int cmd_extras() {
+    //check button (if enabled)
+    if (wait_button_pressed() == true) { 
+                return SW_SECURE_MESSAGE_EXEC_ERROR();
+        }
     if (P1(apdu) == 0xA) { //datetime operations
         if (P2(apdu) != 0x0) {
             return SW_INCORRECT_P1P2();

From 99c777c780278086e6ae6ea1d3468b7283dc73c7 Mon Sep 17 00:00:00 2001
From: al heisner <al@heisner.org>
Date: Fri, 21 Jun 2024 11:35:05 -0500
Subject: [PATCH 2/3] Fix for multiples of 64 bytes on cmd_list_keys

---
 src/hsm/cmd_list_keys.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/hsm/cmd_list_keys.c b/src/hsm/cmd_list_keys.c
index ef92c6f..d3bc6af 100644
--- a/src/hsm/cmd_list_keys.c
+++ b/src/hsm/cmd_list_keys.c
@@ -60,5 +60,9 @@ int cmd_list_keys() {
             res_APDU[res_APDU_size++] = f->fid & 0xff;
         }
     }
+    if ((apdu.rlen + 2 + 10) % 64 == 0) {     // FIX for strange behaviour with PSCS and multiple of 64
+        res_APDU[res_APDU_size++] = 0;
+	res_APDU[res_APDU_size++] = 0;
+    }
     return SW_OK();
 }

From 47acef71c86b1545cab818dc8110035818845532 Mon Sep 17 00:00:00 2001
From: Pol Henarejos <pol.henarejos@cttc.es>
Date: Fri, 21 Jun 2024 21:11:18 +0200
Subject: [PATCH 3/3] Only when not emulation.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
---
 src/hsm/cmd_list_keys.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/hsm/cmd_list_keys.c b/src/hsm/cmd_list_keys.c
index d3bc6af..da09a08 100644
--- a/src/hsm/cmd_list_keys.c
+++ b/src/hsm/cmd_list_keys.c
@@ -60,9 +60,11 @@ int cmd_list_keys() {
             res_APDU[res_APDU_size++] = f->fid & 0xff;
         }
     }
-    if ((apdu.rlen + 2 + 10) % 64 == 0) {     // FIX for strange behaviour with PSCS and multiple of 64
+#if !defined(ENABLE_EMULATION)
+    if ((apdu.rlen + 2 + 10) % 64 == 0) { // FIX for strange behaviour with PSCS and multiple of 64
+        res_APDU[res_APDU_size++] = 0;
         res_APDU[res_APDU_size++] = 0;
-	res_APDU[res_APDU_size++] = 0;
     }
+#endif
     return SW_OK();
 }