Do not allow reading private objects if not authenticated.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2026-04-27 09:07:42 +02:00 · 2026-03-18 13:21:14 +01:00
parent 983a5b7d10
commit db9d6ef2f5
2 changed files with 14 additions and 2 deletions
--- a/2
+++ b/2
--- a/src/hsm/cmd_read_binary.c
+++ b/src/hsm/cmd_read_binary.c
@@ -22,7 +22,7 @@ typedef int (*file_data_handler_t)(const file_t *f, int mode);
 int cmd_read_binary(void) {
    uint16_t offset = 0;
    uint8_t ins = INS(apdu), p1 = P1(apdu), p2 = P2(apdu);
-    const file_t *ef = NULL;
+    file_t *ef = NULL;

    if ((ins & 0x1) == 0) {
        if ((p1 & 0x80) != 0) {
@@ -62,6 +62,18 @@ int cmd_read_binary(void) {
        }
    }

+    if (ef == NULL) {
+        return SW_FILE_NOT_FOUND();
+    }
+
+    if (offset > 0x7fff) {
+        return SW_WRONG_P1P2();
+    }
+
+    if ((ef->fid >> 8) == PROT_DATA_PREFIX) {
+        ef->acl[ACL_OP_READ_SEARCH] = 0x90; //force PIN for protected data objects
+    }
+
    if ((ef->fid >> 8) == KEY_PREFIX || !authenticate_action(ef, ACL_OP_READ_SEARCH)) {
        return SW_SECURITY_STATUS_NOT_SATISFIED();
    }