Return 6285 for SELECT in termination state

This patch changes the status code for SELECT APDUs to 6285 if the card is in termination/initialization state. Fixes: #154
Nitrokey · May 2, 2023 · 851bc83 · 851bc83
1 parent e4ae7a5
commit 851bc83
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,12 @@ SPDX-License-Identifier: CC0-1.0
 
 ## Unreleased
 
+### Bugfixes
+
+- Return status 6285 if SELECT is called in termination state ([#154][])
+
+[#154]: https://github.com/Nitrokey/opcard-rs/issues/154
+
 ## [v1.0.0][] (2023-04-27)
 
 - Add support for larger storage for certificates and private use data objects ([#150][])

diff --git a/Cargo.toml b/Cargo.toml
@@ -86,6 +86,7 @@ log-warn = []
 log-error = []
 
 [patch.crates-io]
+iso7816 = { git = "https://github.com/Nitrokey/iso7816.git", tag = "v0.1.1-nitrokey.1" }
 p256-cortex-m4 = { git = "https://github.com/Nitrokey/p256-cortex-m4", tag = "v0.1.0-alpha.6-nitrokey-1" }
 trussed = { git = "https://github.com/trussed-dev/trussed" , rev = "55ea391367fce4bf5093ff2d3c79041d7aef0485" }
 trussed-auth = { git = "https://github.com/trussed-dev/trussed-auth.git", tag = "v0.2.2"}

diff --git a/src/command.rs b/src/command.rs
@@ -59,18 +59,16 @@ impl Command {
         &self,
         mut ctx: Context<'_, R, T>,
     ) -> Result<(), Status> {
-        if !self.can_lifecycle_run(State::lifecycle(
-            ctx.backend.client_mut(),
-            ctx.options.storage,
-        )) {
+        let lifecycle = State::lifecycle(ctx.backend.client_mut(), ctx.options.storage);
+        if !self.can_lifecycle_run(lifecycle) {
             warn!(
                 "Command {self:?} called in lifecycle {:?}",
                 State::lifecycle(ctx.backend.client_mut(), ctx.options.storage)
             );
             return Err(Status::ConditionsOfUseNotSatisfied);
         }
         match self {
-            Self::Select => select(ctx),
+            Self::Select => select(ctx, lifecycle),
             Self::GetData(mode, tag) => data::get_data(ctx, *mode, *tag),
             Self::GetNextData(tag) => data::get_next_data(ctx, *tag),
             Self::PutData(mode, tag) => data::put_data(ctx, *mode, *tag),
@@ -338,11 +336,15 @@ impl TryFrom<u8> for ManageSecurityEnvironmentMode {
 // § 7.2.1
 fn select<const R: usize, T: crate::card::Client>(
     context: Context<'_, R, T>,
+    lifecycle: LifeCycle,
 ) -> Result<(), Status> {
     if context.data.starts_with(&RID) {
         context.state.volatile.cur_do = None;
         context.state.volatile.keyrefs = Default::default();
-        Ok(())
+        match lifecycle {
+            LifeCycle::Operational => Ok(()),
+            LifeCycle::Initialization => Err(Status::SelectedFileInTerminationState),
+        }
     } else {
         info!("Selected application {:x?} not found", context.data);
         Err(Status::NotFound)