add missing documentation

This commit is contained in:
Michele Balistreri 2017-11-21 17:02:45 +03:00
parent e04f4c7bc7
commit 5a8dcf4888
2 changed files with 49 additions and 2 deletions

View File

@ -269,7 +269,14 @@ public class SecureChannel {
return len;
}
public boolean verifyAESMAC(byte[] apduBuffer, short apduLen) {
/**
* Verifies the AES CBC-MAC, either natively or with a software implementation. Can only be called from the
* preprocessAPDU method since it expects the input buffer to be formatted in a particular way.
*
* @param apduBuffer the APDU buffer
* @param apduLen the data len
*/
private boolean verifyAESMAC(byte[] apduBuffer, short apduLen) {
if (scMac == null) {
scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
short encLen = scMacCipher.update(apduBuffer, (short) 0, ISO7816.OFFSET_CDATA, macCipherBuf, (short) 0);
@ -312,7 +319,14 @@ public class SecureChannel {
apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, len);
}
public void computeAESMAC(short len, byte[] apduBuffer) {
/**
* Computes the AES CBC-MAC, either natively or with a software implementation. Can only be called from the respond
* method since it expects the input buffer to be formatted in a particular way.
*
* @param len the data len
* @param apduBuffer the APDU buffer
*/
private void computeAESMAC(short len, byte[] apduBuffer) {
if (scMac == null) {
scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
short encLen = scMacCipher.update(apduBuffer, (short) 0, (short) 1, macCipherBuf, (short) 0);

View File

@ -317,6 +317,16 @@ public class SecureChannelSession {
}
}
/**
* Returns a command APDU with MAC and encrypted data.
*
* @param cla the CLA byte
* @param ins the INS byte
* @param p1 the P1 byte
* @param p2 the P2 byte
* @param data the data, can be an empty array but not null
* @return the command APDU
*/
public CommandAPDU protectedCommand(int cla, int ins, int p1, int p2, byte[] data) {
byte[] finalData;
@ -334,6 +344,15 @@ public class SecureChannelSession {
return new CommandAPDU(cla, ins, p1, p2, finalData);
}
/**
* Transmits a protected command APDU and unwraps the response data. The MAC is verified, the data decrypted and the
* SW read from the payload.
*
* @param apduChannel the APDU channel
* @param apdu the APDU to send
* @return the unwrapped response APDU
* @throws CardException transmission error
*/
public ResponseAPDU transmit(CardChannel apduChannel, CommandAPDU apdu) throws CardException {
ResponseAPDU resp = apduChannel.transmit(apdu);
@ -361,14 +380,28 @@ public class SecureChannelSession {
}
}
/**
* Marks the SecureChannel as closed
*/
public void reset() {
open = false;
}
/**
* Marks the SecureChannel as open. Only to be used when writing tests for the SecureChannel, in normal operation this
* would only make things wrong.
*
*/
void setOpen() {
open = true;
}
/**
* Calculates a CMAC from the metadata and data provided and sets it as the IV for the next message.
*
* @param meta metadata
* @param data data
*/
private void updateIV(byte[] meta, byte[] data) {
try {
sessionMac.init(sessionMacKey);