NeoKeyStore: clear the old key on key change

Don't make the setAlgorithmAttributes() clear the keys itself, which didn't work anyway, because it would only have cleared the keys (type) which came before the requested type. Instead the applet code will now clear the old key before setting the new type. Signed-off-by: Michael Walle <[email protected]>
mwalle · Mar 21, 2024 · 01d8c99 · 01d8c99
1 parent d5c2aa5
commit 01d8c99
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 14 deletions.
diff --git a/src/cc/walle/neopgp/NeoKeyStore.java b/src/cc/walle/neopgp/NeoKeyStore.java
@@ -182,11 +182,9 @@ public NeoKey setAlgorithmAttributes(byte[] buf, short off, short len) {
  for (short i = 0; i < keyStore.length; i++) {
  NeoKey key = keyStore[i];
 
- key.clear();
  if (key.matchAlgorithmAttributes(buf, off, len))
  return key;
  }
- ISOException.throwIt(ISO7816.SW_WRONG_DATA);
  return null;
  }
 }
diff --git a/src/cc/walle/neopgp/NeoPGPApplet.java b/src/cc/walle/neopgp/NeoPGPApplet.java
@@ -830,22 +830,40 @@ private void processPutData(APDU apdu) throws ISOException {
  break;
  case TAG_ALGORITHM_ATTRIBUTES_SIGNATURE:
  adminPIN.assertValidated();
- JCSystem.beginTransaction();
- signatureKey = signatureKeyStore.setAlgorithmAttributes(buf, off, lc);
- JCSystem.commitTransaction();
- break;
+ {
+ NeoKey newKey;
+ newKey = signatureKeyStore.setAlgorithmAttributes(buf, off, lc);
+ if (newKey == null)
+ ISOException.throwIt(ISO7816.SW_WRONG_DATA);
+ JCSystem.beginTransaction();
+ signatureKey.clear();
+ signatureKey = newKey;
+ JCSystem.commitTransaction();
+ } break;
  case TAG_ALGORITHM_ATTRIBUTES_DECRYPTION:
  adminPIN.assertValidated();
- JCSystem.beginTransaction();
- decryptionKey = decryptionKeyStore.setAlgorithmAttributes(buf, off, lc);
- JCSystem.commitTransaction();
- break;
+ {
+ NeoKey newKey;
+ newKey = decryptionKeyStore.setAlgorithmAttributes(buf, off, lc);
+ if (newKey == null)
+ ISOException.throwIt(ISO7816.SW_WRONG_DATA);
+ JCSystem.beginTransaction();
+ decryptionKey.clear();
+ decryptionKey = newKey;
+ JCSystem.commitTransaction();
+ } break;
  case TAG_ALGORITHM_ATTRIBUTES_AUTHENTICATION:
  adminPIN.assertValidated();
- JCSystem.beginTransaction();
- authenticationKey = authenticationKeyStore.setAlgorithmAttributes(buf, off, lc);
- JCSystem.commitTransaction();
- break;
+ {
+ NeoKey newKey;
+ newKey = authenticationKeyStore.setAlgorithmAttributes(buf, off, lc);
+ if (newKey == null)
+ ISOException.throwIt(ISO7816.SW_WRONG_DATA);
+ JCSystem.beginTransaction();
+ authenticationKey.clear();
+ authenticationKey = newKey;
+ JCSystem.commitTransaction();
+ } break;
  default:
  ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2);
  break;