NeoPGPApplet: fix user PIN verification

The user PIN wasn't checked propertly due to calling the wrong function
type. Fix that and add some more test cases.

Signed-off-by: Michael Walle <[email protected]>

src/cc/walle/neopgp/NeoPGPApplet.java

@@ -1256,12 +1256,12 @@ private void processPerformSecurityOperation(APDU apdu) throws ISOException {
 
  switch (op) {
  case PSO_OP_COMPUTE_DIGITAL_SIGNATURE:
- userPIN.isValidated(USER_PIN_MODE_CDS);
+ userPIN.assertValidated(USER_PIN_MODE_CDS);
  incrementDigitalSignatureCounter();
  off = signatureKey.sign(buf, off, lc);
  break;
  case PSO_OP_DECIPHER:
- userPIN.isValidated(USER_PIN_MODE_NORMAL);
+ userPIN.assertValidated(USER_PIN_MODE_NORMAL);
  off = decryptionKey.decipher(buf, off, lc);
  break;
  case PSO_OP_ENCIPHER:
@@ -1290,7 +1290,7 @@ private void processInternalAuthenticate(APDU apdu) throws ISOException {
  if (p1 != 0 || p2 != 0)
  ISOException.throwIt(ISO7816.SW_WRONG_P1P2);
 
- userPIN.isValidated(USER_PIN_MODE_NORMAL);
+ userPIN.assertValidated(USER_PIN_MODE_NORMAL);
  off = authenticationKey.authenticate(buf, off, lc);
  apdu.setOutgoingAndSend((short)0, off);
  }

test/cc/walle/neopgp/JcardsimTestCase.java

@@ -46,6 +46,20 @@ public void admin() {
  assertResponseOK("00200083 08 3132333435363738");
  }
 
+ /**
+ * Sends the default user PIN for CDS operation.
+ */
+ public void userCDS() {
+ assertResponseOK("00200081 06 313233343536");
+ }
+
+ /**
+ * Sends the default user PIN.
+ */
+ public void user() {
+ assertResponseOK("00200082 06 313233343536");
+ }
+
  /**
  * Changes the signature key to RSA-2048.
  *

test/cc/walle/neopgp/PSODecipherTest.java

@@ -0,0 +1,41 @@
+// SPDX-License-Identifier: GPL-3.0-or-later
+package cc.walle.neopgp;
+
+import static org.junit.Assert.*;
+import javax.smartcardio.ResponseAPDU;
+import javacard.framework.ISO7816;
+import org.junit.Test;
+
+public class PSODecipherTest extends JcardsimTestCase {
+ @Test public void generateDecryptionKey() {
+ admin();
+ assertResponseOK("00478000000002B8000000");
+ }
+
+ @Test public void decipherWithECKey() {
+ String req =
+ "00 2A 80 86 48 A6 46 7F 49 43 86 41 04 16 42 70" +
+ "CB 1B E7 E2 13 0C 35 4C B4 C3 B7 D1 92 B7 B6 47" +
+ "EB 5D B8 A2 F0 E2 1A 4A 88 3A 8B C9 83 BE 1B E5" +
+ "94 4E 51 29 13 A2 80 7E 3A 93 3E F3 28 FC F3 08" +
+ "2A 3A 8C 4A 77 8A C9 CB 54 9B 55 EF 83 00";
+ admin();
+ changeKey(NeoKey.DECRYPTION_KEY, NeoKey.ALGORITHM_ID_ECDH);
+ assertResponseOK("00478000000002B8000000");
+ user();
+ assertResponseOK(req);
+ }
+
+ @Test public void decipherWithECKeyNoAuthentication() {
+ String req =
+ "00 2A 80 86 48 A6 46 7F 49 43 86 41 04 16 42 70" +
+ "CB 1B E7 E2 13 0C 35 4C B4 C3 B7 D1 92 B7 B6 47" +
+ "EB 5D B8 A2 F0 E2 1A 4A 88 3A 8B C9 83 BE 1B E5" +
+ "94 4E 51 29 13 A2 80 7E 3A 93 3E F3 28 FC F3 08" +
+ "2A 3A 8C 4A 77 8A C9 CB 54 9B 55 EF 83 00";
+ admin();
+ changeKey(NeoKey.DECRYPTION_KEY, NeoKey.ALGORITHM_ID_ECDH);
+ assertResponseOK("00478000000002B8000000");
+ assertResponseStatus(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED, req);
+ }
+}

test/cc/walle/neopgp/PSOSignatureTest.java

@@ -10,9 +10,19 @@ public class PSOSignatureTest extends JcardsimTestCase {
  @Test public void generateSignature() {
  admin();
  assertResponseOK("00478000000002B6000000");
+ userCDS();
  assertResponseOK(
  "002A9E9A533051300D06096086480165030402030500044093BFAC45A3D9EC01" +
  "9536A9F60DAA246283EBA5EC892E09AFEA289B37D956A6C46D74F5ECE076A6EF" +
  "392C7728045C1403F0C758C3BC01826E29697E8CF78A4B8E00");
  }
+
+ @Test public void generateSignatureNoAuthentication() {
+ admin();
+ assertResponseOK("00478000000002B6000000");
+ assertResponseStatus(ISO7816.SW_SECURITY_STATUS_NOT_SATISFIED,
+ "002A9E9A533051300D06096086480165030402030500044093BFAC45A3D9EC01" +
+ "9536A9F60DAA246283EBA5EC892E09AFEA289B37D956A6C46D74F5ECE076A6EF" +
+ "392C7728045C1403F0C758C3BC01826E29697E8CF78A4B8E00");
+ }
 }