add missing documentation

src/main/java/im/status/wallet/SecureChannel.java

@@ -269,7 +269,14 @@ public class SecureChannel {
     return len;
   }
 
-  public boolean verifyAESMAC(byte[] apduBuffer, short apduLen) {
+  /**
+   * Verifies the AES CBC-MAC, either natively or with a software implementation. Can only be called from the
+   * preprocessAPDU method since it expects the input buffer to be formatted in a particular way.
+   *
+   * @param apduBuffer the APDU buffer
+   * @param apduLen the data len
+   */
+  private boolean verifyAESMAC(byte[] apduBuffer, short apduLen) {
     if (scMac == null) {
       scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
       short encLen = scMacCipher.update(apduBuffer, (short) 0, ISO7816.OFFSET_CDATA, macCipherBuf, (short) 0);
@@ -312,7 +319,14 @@ public class SecureChannel {
     apdu.setOutgoingAndSend(ISO7816.OFFSET_CDATA, len);
   }
 
-  public void computeAESMAC(short len, byte[] apduBuffer) {
+  /**
+   * Computes the AES CBC-MAC, either natively or with a software implementation. Can only be called from the respond
+   * method since it expects the input buffer to be formatted in a particular way.
+   *
+   * @param len the data len
+   * @param apduBuffer the APDU buffer
+   */
+  private void computeAESMAC(short len, byte[] apduBuffer) {
     if (scMac == null) {
       scMacCipher.init(scMacKey, Cipher.MODE_ENCRYPT);
       short encLen = scMacCipher.update(apduBuffer, (short) 0, (short) 1, macCipherBuf, (short) 0);

src/test/java/im/status/wallet/SecureChannelSession.java

@@ -317,6 +317,16 @@ public class SecureChannelSession {
     }
   }
 
+  /**
+   * Returns a command APDU with MAC and encrypted data.
+   *
+   * @param cla the CLA byte
+   * @param ins the INS byte
+   * @param p1 the P1 byte
+   * @param p2 the P2 byte
+   * @param data the data, can be an empty array but not null
+   * @return the command APDU
+   */
   public CommandAPDU protectedCommand(int cla, int ins, int p1, int p2, byte[] data) {
     byte[] finalData;
 
@@ -334,6 +344,15 @@ public class SecureChannelSession {
     return new CommandAPDU(cla, ins, p1, p2, finalData);
   }
 
+  /**
+   * Transmits a protected command APDU and unwraps the response data. The MAC is verified, the data decrypted and the
+   * SW read from the payload.
+   *
+   * @param apduChannel the APDU channel
+   * @param apdu the APDU to send
+   * @return the unwrapped response APDU
+   * @throws CardException transmission error
+   */
   public ResponseAPDU transmit(CardChannel apduChannel, CommandAPDU apdu) throws CardException {
     ResponseAPDU resp = apduChannel.transmit(apdu);
 
@@ -361,14 +380,28 @@ public class SecureChannelSession {
     }
   }
 
+  /**
+   * Marks the SecureChannel as closed
+   */
   public void reset() {
     open = false;
   }
 
+  /**
+   * Marks the SecureChannel as open. Only to be used when writing tests for the SecureChannel, in normal operation this
+   * would only make things wrong.
+   *
+   */
   void setOpen() {
     open = true;
   }
 
+  /**
+   * Calculates a CMAC from the metadata and data provided and sets it as the IV for the next message.
+   *
+   * @param meta metadata
+   * @param data data
+   */
   private void updateIV(byte[] meta, byte[] data) {
     try {
       sessionMac.init(sessionMacKey);