mirrors/pico-hsm
1
0
Fork 0
mirror of https://github.com/polhenarejos/pico-hsm.git synced 2026-04-17 13:48:27 +00:00
Code Issues Projects Releases Packages Wiki Activity

Do not allow reading private objects if not authenticated.

Browse source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos 2026-03-18 13:21:14 +01:00
parent 983a5b7d10
commit db9d6ef2f5
No known key found for this signature in database
GPG key ID: C0095B7870A4CCD3
2 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pico-keys-sdk

@ -1 +1 @@
Subproject commit 8aad7bdef9103f0c2abb4ececffa29928d489403
Subproject commit 39c3339b38b4adce642ba9a0013e4f3eba0919ee

14
src/hsm/cmd_read_binary.c
View file

@ -22,7 +22,7 @@ typedef int (*file_data_handler_t)(const file_t *f, int mode);
int cmd_read_binary(void) {
uint16_t offset = 0;
uint8_t ins = INS(apdu), p1 = P1(apdu), p2 = P2(apdu);
const file_t *ef = NULL;
file_t *ef = NULL;
if ((ins & 0x1) == 0) {
if ((p1 & 0x80) != 0) {
@ -62,6 +62,18 @@ int cmd_read_binary(void) {
}
}
if (ef == NULL) {
return SW_FILE_NOT_FOUND();
}
if (offset > 0x7fff) {
return SW_WRONG_P1P2();
}
if ((ef->fid >> 8) == PROT_DATA_PREFIX) {
ef->acl[ACL_OP_READ_SEARCH] = 0x90; //force PIN for protected data objects
}
if ((ef->fid >> 8) == KEY_PREFIX || !authenticate_action(ef, ACL_OP_READ_SEARCH)) {
return SW_SECURITY_STATUS_NOT_SATISFIED();
}