Package uicc.usim.gba_u

Class GBAUCipher.OneShot

java.lang.Object

uicc.usim.gba_u.GBAUCipher

uicc.usim.gba_u.GBAUCipher.OneShot

Enclosing class:

GBAUCipher

public static final class GBAUCipher.OneShot
extends GBAUCipher

The OneShot class is a specialization of the GBAUCipher class intended to support efficient one-shot ciphering and deciphering operations that may avoid persistent memory writes entirely. The OneShot class uses a delegation model where calls are delegated to an instance of a GBAUCipher-implementing class configured for one-shot use.

Note:

• Instances of OneShot are JCRE owned temporary Entry Point Object instances and references to these temporary objects cannot be stored in class variables or instance variables or array components. See Runtime Environment Specification, Java Card Platform, Classic Edition for details.
• The platform must support at least one instance of OneShot. Support for several OneShot instances is platform dependent. To guarantee application code portability, acquiring/opening and then releasing/closing OneShot instances should be performed within tight try-catch-finally blocks (as illustrated in the code sample below) in order to avoid unnecessarily keeping hold of instances and to prevent interleaving invocations - hence enforcing the One-Shot usage pattern. Additionally, any local variable holding a reference to a OneShot instance should be set to null once the instance is closed in order to prevent further use attempts.
• Upon return from any Applet entry point method, back to the JCRE, and on tear or card reset events any OneShot instances in use are released back to the JCRE.
• The internal state associated with an instance of OneShot must be bound to the initial calling context (owner context) as to preclude use/calls on that instance from other contexts.
• Unless otherwise specified, after an instance of OneShot is released back to the JCRE, calls to any of the instance methods of the OneShot class results in an CryptoException being thrown with reason code CryptoException.ILLEGAL_USE.

The following code shows a typical usage pattern for the OneShot class.

 ...
 GBAUCipher.OneShot enc = null;
  try {
      enc = GBAUCipher.OneShot.open(Cipher.CIPHER_AES_CBC, Cipher.PAD_PKCS5);
      enc.init( Cipher.MODE_ENCRYPT, adfAID, adfAIDOff, adfAIDLen, nafID, nafIDOff, nafIDLen );
      enc.doFinal(someInData, (short) 0, (short) someInData.length, encData, (short) 0);
  } catch (CryptoException ce) {
      // Handle exception
  } finally {
      if (enc != null) {
          enc.close();
          enc = null;
      }
  }
 ...
 

Nested Class Summary

Nested classes/interfaces inherited from class uicc.usim.gba_u.GBAUCipher

GBAUCipher.OneShot

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	OneShot()	Protected constructor

Method Summary

Modifier and Type	Method	Description
void	close()	Closes and releases this JCRE owned temporary instance of the OneShot object for reuse.
short	doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)	Generates encrypted/decrypted output from all/last input data using Ks_int_NAF linked to NAF ID given in init().
byte	getAlgorithm()	Gets the cipher algorithm.
byte	getCipherAlgorithm()	Gets the raw cipher algorithm.
byte	getPaddingAlgorithm()	Gets the padding algorithm.
void	init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)	Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key).
void	init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)	Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key) and algorithm specific parameters.
void	init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)	Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key) and algorithm specific parameters.
void	init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)	Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key).
static GBAUCipher.OneShot	open(byte cipherAlgorithm, byte paddingAlgorithm)	Opens/acquires a JCRE owned temporary Entry Point Object instance of OneShot with the selected cipher algorithm and padding algorithm.
short	update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)	Always throws a CryptoException.

Methods inherited from class uicc.usim.gba_u.GBAUCipher

getInstance, getInstance

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OneShot

protected OneShot()

Protected constructor

Method Details

open

public static GBAUCipher.OneShot open(byte cipherAlgorithm,
 byte paddingAlgorithm)
                               throws javacard.security.CryptoException

Opens/acquires a JCRE owned temporary Entry Point Object instance of OneShot with the selected cipher algorithm and padding algorithm.
Ks_int_NAF keys, internal keys generated during GBA_U process (see 3GPP TS 31.102 and 3GPP TS 33.220), are the only ones used in this class.
Ks_int_NAF keys are 256 bits symmetric keys then all asymmetric key algorithms are not supported.

Parameters:

cipherAlgorithm - the desired cipher algorithm. Valid codes listed in CIPHER_* constants in this GBAUCipher or Cipher class from javacardx.crypto package e.g. CIPHER_AES_CBC.

paddingAlgorithm - the desired padding algorithm. Valid codes listed in PAD_* constants in GBAUCipher class or Cipher class from javacardx.crypto package e.g. PAD_NULL.

Returns:

the OneShot object instance of the requested algorithm.

Throws:

javacard.security.CryptoException - with the following reason codes:

• CryptoException.NO_SUCH_ALGORITHM if the requested cipher algorithm or padding algorithm or their combination is not supported.

javacard.framework.SystemException - with the following reason codes:

• SystemException.NO_SUCH_ALGORITHM if sufficient resources are not available.

See Also:

• GBAUCipher.getInstance(byte cipherAlgorithm, byte paddingAlgorithm, boolean externalAcces)

close

public void close()
           throws SecurityException

Closes and releases this JCRE owned temporary instance of the OneShot object for reuse. If this method is called again this method does nothing.

Throws:

SecurityException - if this JCRE owned temporary instance of the OneShot object was opened in a context different from that of the caller.

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)

init

public void init(byte theMode,
 byte[] adfAID,
 short adfAIDOff,
 short adfAIDLen,
 byte[] nafID,
 short nafIDOff,
 short nafIDLen)
          throws GBAUException,
javacard.security.CryptoException

Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key). This method should be used for algorithms which do not need initialization parameters or use default parameter values.

init() must be used to update the GBAUCipher object with a new key / NAF ID. If the Ks_int_NAF key is modified after invoking the init() method, the behavior of the update() and doFinal() methods is unspecified.

If init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen) is used, the key length is implicitly selected:

• AES will use the Ks_int_NAF on 256 bits.
• Korean SEED will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• SM4 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.

Use init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength) for different key length.

Specified by:

init in class GBAUCipher

Parameters:

theMode - one of javacardx.crypto.Cipher.MODE_DECRYPT or javacardx.crypto.Cipher.MODE_ENCRYPT

adfAID - byte array containing the value of complete ADF AID to use (e.g. USIM, ISIM), partial AID is not supported

adfAIDOff - offset within adfAID where the ADF AID value begins

adfAIDLen - byte length of ADF AID value

nafID - byte array containing the value of NAF ID

nafIDOff - offset within nafID where the NAF ID value begins

nafIDLen - byte length of NAF ID value

Throws:

GBAUException - with the following reason codes:

• GBA_U_BOOTSTRAP_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U Bootstrap procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_NAF_DERIVATION_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U NAF derivation procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_UNALLOWED_ACCESS if applet is not allowed to use API, see 3GPP TS 31.130 for detail on access condition required
• GBA_U_INCORRECT_NAF_ID if applet provides a NAF ID (through nafID, nafIDOff and nafIDLen) which is not defined in its access condition, see 3GPP TS 31.130 for detail on access condition and NAF ID association
• GBA_U_INCORRECT_ADF_AID if applet provides a ADF AID (through adfAID, adfAIDOff and adfAIDLen) which does not supported GBA_U computation

javacard.security.CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_USE if one of the following conditions is met:
  • if theMode option is an undefined value.
  • if key size is incompatible with algorithm defined in open().

NullPointerException - if adfAID or nafID is null

ArrayIndexOutOfBoundsException - if the check operation on adfAIDOff or adfAIDLen would cause access of data outside adfAID array bounds

ArrayIndexOutOfBoundsException - if the check operation on nafIDOff or nafIDLen would cause access of data outside nafID array bounds

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)
• doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)
• update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)

init

public void init(byte theMode,
 byte[] adfAID,
 short adfAIDOff,
 short adfAIDLen,
 byte[] nafID,
 short nafIDOff,
 short nafIDLen,
 short keyLength)
          throws GBAUException,
javacard.security.CryptoException

Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key). This method should be used for algorithms which do not need initialization parameters or use default parameter values.

init() must be used to update the GBAUCipher object with a new key / NAF ID. If the Ks_int_NAF key is modified after invoking the init() method, the behavior of the update() and doFinal() methods is unspecified.

Depending on keyLength parameter the key is retrieved from Ks_int_NAF as follows:

• LENGTH_AES_128 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_AES_192 will use the 192 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_AES_256 will use all the 256 bits of the Ks_int_NAF 256 bits key.
• LENGTH_KOREAN_SEED_128 Korean SEED will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_SM4 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.

Specified by:

init in class GBAUCipher

Parameters:

theMode - one of javacardx.crypto.Cipher.MODE_DECRYPT or javacardx.crypto.Cipher.MODE_ENCRYPT

adfAID - byte array containing the value of complete ADF AID to use (e.g. USIM, ISIM), partial AID is not supported

adfAIDOff - offset within adfAID where the ADF AID value begins

adfAIDLen - byte length of ADF AID value

nafID - byte array containing the value of NAF ID

nafIDOff - offset within nafID where the NAF ID value begins

nafIDLen - byte length of NAF ID value

keyLength - the key size in bits. The valid key bit length is key type dependent. Some common key lengths are listed in LENGTH_* constants in the KeyBuilder class from javacard.security e.g. LENGTH_AES_128.

Throws:

GBAUException - with the following reason codes:

• GBA_U_BOOTSTRAP_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U Bootstrap procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_NAF_DERIVATION_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U NAF derivation procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_UNALLOWED_ACCESS if applet is not allowed to use API, see 3GPP TS 31.130 for detail on access condition required
• GBA_U_INCORRECT_NAF_ID if applet provides a NAF ID (through nafID, nafIDOff and nafIDLen) which is not defined in its access condition, see 3GPP TS 31.130 for detail on access condition and NAF ID association
• GBA_U_INCORRECT_ADF_AID if applet provides a ADF AID (through adfAID, adfAIDOff and adfAIDLen) which does not supported GBA_U computation

javacard.security.CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_USE if one of the following conditions is met:
  • if theMode option is an undefined value.
  • if keyLength is incompatible with algorithm defined in open().

NullPointerException - if adfAID or nafID is null

ArrayIndexOutOfBoundsException - if the check operation on adfAIDOff or adfAIDLen would cause access of data outside adfAID array bounds

ArrayIndexOutOfBoundsException - if the check operation on nafIDOff or nafIDLen would cause access of data outside nafID array bounds

Since:

1.2

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)
• doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)
• update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)

init

public void init(byte theMode,
 byte[] adfAID,
 short adfAIDOff,
 short adfAIDLen,
 byte[] nafID,
 short nafIDOff,
 short nafIDLen,
 byte[] bArray,
 short bOff,
 short bLen)
          throws GBAUException,
javacard.security.CryptoException

Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key) and algorithm specific parameters.
init() must be used to update the GBAUCipher object with a new key / NAF ID. If the Ks_int_NAF key is modified after invoking the init() method, the behavior of the update() and doFinal() methods is unspecified.

If init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen) is used, the key length is implicitly selected:

• AES will use the Ks_int_NAF on 256 bits.
• Korean SEED will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• SM4 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.

Use init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength) for different key length.

Specified by:

init in class GBAUCipher

Parameters:

theMode - one of javacardx.crypto.Cipher.MODE_DECRYPT or javacardx.crypto.Cipher.MODE_ENCRYPT

adfAID - byte array containing the value of complete ADF AID to use (e.g. USIM, ISIM), partial AID is not supported

adfAIDOff - offset within adfAID where the ADF AID value begins

adfAIDLen - byte length of ADF AID value

nafID - byte array containing the value of NAF ID

nafIDOff - offset within nafID where the NAF ID value begins

nafIDLen - byte length of NAF ID value

bArray - byte array containing algorithm specific initialization info

bOff - offset within bArray where the algorithm specific data begins

bLen - byte length of algorithm specific parameter data

Throws:

GBAUException - with the following reason codes:

• GBA_U_BOOTSTRAP_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U Bootstrap procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_NAF_DERIVATION_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U NAF derivation procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_UNALLOWED_ACCESS if applet is not allowed to use API, see 3GPP TS 31.130 for detail on access condition required
• GBA_U_INCORRECT_NAF_ID if applet provides a NAF ID (through nafID, nafIDOff and nafIDLen) which is not defined in its access condition, see 3GPP TS 31.130 for detail on access condition and NAF ID association
• GBA_U_INCORRECT_ADF_AID if applet provides a ADF AID (through adfAID, adfAIDOff and adfAIDLen) which does not supported GBA_U computation

javacard.security.CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_USE if one of the following conditions is met:
  • if theMode option is an undefined value.
  • if key size is incompatible with algorithm defined in open().

NullPointerException - if adfAID, nafID or bArray is null

ArrayIndexOutOfBoundsException - if the check operation on adfAIDOff or adfAIDLen would cause access of data outside adfAID array bounds

ArrayIndexOutOfBoundsException - if the check operation on nafIDOff or nafIDLen would cause access of data outside nafID array bounds

ArrayIndexOutOfBoundsException - if the check operation on bOff or bLen would cause access of data outside bArray array bounds

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)
• doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)
• update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)

init

public void init(byte theMode,
 byte[] adfAID,
 short adfAIDOff,
 short adfAIDLen,
 byte[] nafID,
 short nafIDOff,
 short nafIDLen,
 byte[] bArray,
 short bOff,
 short bLen,
 short keyLength)
          throws GBAUException,
javacard.security.CryptoException

Initializes the GBAUCipher object with the appropriate NAF ID (then Ks_int_NAF key) and algorithm specific parameters.
init() must be used to update the GBAUCipher object with a new key / NAF ID. If the Ks_int_NAF key is modified after invoking the init() method, the behavior of the update() and doFinal() methods is unspecified.

Depending on keyLength parameter the key is retrieved from Ks_int_NAF as follows:

• LENGTH_AES_128 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_AES_192 will use the 192 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_AES_256 will use all the 256 bits of the Ks_int_NAF 256 bits key.
• LENGTH_KOREAN_SEED_128 Korean SEED will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.
• LENGTH_SM4 will use the 128 left most significant bits of the Ks_int_NAF 256 bits key.

Specified by:

init in class GBAUCipher

Parameters:

theMode - one of javacardx.crypto.Cipher.MODE_DECRYPT or javacardx.crypto.Cipher.MODE_ENCRYPT

adfAID - byte array containing the value of complete ADF AID to use (e.g. USIM, ISIM), partial AID is not supported

adfAIDOff - offset within adfAID where the ADF AID value begins

adfAIDLen - byte length of ADF AID value

nafID - byte array containing the value of NAF ID

nafIDOff - offset within nafID where the NAF ID value begins

nafIDLen - byte length of NAF ID value

bArray - byte array containing algorithm specific initialization info

bOff - offset within bArray where the algorithm specific data begins

bLen - byte length of algorithm specific parameter data

keyLength - the key size in bits. The valid key bit length is key type dependent. Some common key lengths are listed in LENGTH_* constants in the KeyBuilder class from javacard.security e.g. LENGTH_AES_128.

Throws:

GBAUException - with the following reason codes:

• GBA_U_BOOTSTRAP_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U Bootstrap procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_NAF_DERIVATION_NOT_DONE if Ks_int_NAF is not availaible linked to GBA_U NAF derivation procedure was not done (see 3GPP TS 31.102 and 3GPP TS 33.220)
• GBA_U_UNALLOWED_ACCESS if applet is not allowed to use API, see 3GPP TS 31.130 for detail on access condition required
• GBA_U_INCORRECT_NAF_ID if applet provides a NAF ID (through nafID, nafIDOff and nafIDLen) which is not defined in its access condition, see 3GPP TS 31.130 for detail on access condition and NAF ID association
• GBA_U_INCORRECT_ADF_AID if applet provides a ADF AID (through adfAID, adfAIDOff and adfAIDLen) which does not supported GBA_U computation

javacard.security.CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_USE if one of the following conditions is met:
  • if theMode option is an undefined value.
  • if keyLength is incompatible with algorithm defined in open().

NullPointerException - if adfAID or nafID is null

ArrayIndexOutOfBoundsException - if the check operation on adfAIDOff or adfAIDLen would cause access of data outside adfAID array bounds

ArrayIndexOutOfBoundsException - if the check operation on nafIDOff or nafIDLen would cause access of data outside nafID array bounds

ArrayIndexOutOfBoundsException - if the check operation on bOff or bLen would cause access of data outside bArray array bounds

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)
• doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)
• update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)

getAlgorithm

public byte getAlgorithm()

Gets the cipher algorithm. Pre-defined codes listed in ALG_* constants in javacardx.crypto.Cipher e.g. ALG_AES_BLOCK_128_CBC_NOPAD.

Specified by:

getAlgorithm in class GBAUCipher

Returns:

the algorithm code defined above; if the algorithm is not one of the pre-defined algorithms, 0 is returned.

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)

getCipherAlgorithm

public byte getCipherAlgorithm()

Gets the raw cipher algorithm. Pre-defined codes listed in CIPHER_* constants in javacardx.crypto.Cipher e.g. CIPHER_AES_CBC.

Specified by:

getCipherAlgorithm in class GBAUCipher

Returns:

the raw cipher algorithm code defined above; if the algorithm is not one of the pre-defined algorithms, 0 is returned.

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)

getPaddingAlgorithm

public byte getPaddingAlgorithm()

Gets the padding algorithm. Pre-defined codes listed in PAD_* constants in javacardx.crypto.Cipher e.g. PAD_NULL.

Specified by:

getPaddingAlgorithm in class GBAUCipher

Returns:

the padding algorithm code defined in the Cipher class; if the algorithm is not one of the pre-defined algorithms, 0 is returned.

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)

update

public short update(byte[] inBuff,
 short inOffset,
 short inLength,
 byte[] outBuff,
 short outOffset)
             throws javacard.security.CryptoException

Always throws a CryptoException. This method is not supported by OneShot.

Specified by:

update in class GBAUCipher

Parameters:

inBuff - the input buffer of data to be encrypted/decrypted

inOffset - the offset into the input buffer at which to begin encryption/decryption

inLength - the byte length to be encrypted/decrypted

outBuff - the output buffer, may be the same as the input buffer

outOffset - the offset into the output buffer where the resulting ciphertext/plaintext begins

Returns:

number of bytes output in outBuff.

Throws:

javacard.security.CryptoException - with the following reason codes:

• CryptoException.ILLEGAL_USE always.

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)
• doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)

doFinal

public short doFinal(byte[] inBuff,
 short inOffset,
 short inLength,
 byte[] outBuff,
 short outOffset)
              throws javacard.security.CryptoException

Generates encrypted/decrypted output from all/last input data using Ks_int_NAF linked to NAF ID given in init(). This method must be invoked to complete a cipher operation. This method processes any remaining input data buffered by one or more calls to the update() method as well as input data supplied in the inBuff parameter.

A call to this method also resets this Cipher object to the state it was in when previously initialized via a call to init() methods. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to init() methods) more data. In addition, note that the initial vector(IV) used in AES, DES, Korean SEED and SM4 algorithms will be reset to 0.

Note:

• When using block-aligned data (multiple of block size), if the input buffer, inBuff and the output buffer, outBuff are the same array, then the output data area must not partially overlap the input data area such that the input data is modified before it is used; if inBuff==outBuff and inOffset < outOffset < inOffset+inLength, incorrect output may result.
• When non-block aligned data is presented as input data, no amount of input and output buffer data overlap is allowed; if inBuff==outBuff and outOffset < inOffset+inLength, incorrect output may result.
• AES, DES, triple DES, Korean SEED and SM4 algorithms in CBC mode reset the initial vector(IV) to 0. The initial vector(IV) can be re-initialized using the init() methods.
• On decryption operations (except when ISO 9797 method 1 padding is used), the padding bytes are not written to outBuff.
• On encryption and decryption operations, the number of bytes output into outBuff may be larger or smaller than inLength or even 0.
• On decryption operations resulting in an ArrayIndexOutOfBoundsException, outBuff may be partially modified.

Specified by:

doFinal in class GBAUCipher

Parameters:

inBuff - the input buffer of data to be encrypted/decrypted

inOffset - the offset into the input buffer at which to begin encryption/decryption

inLength - the byte length to be encrypted/decrypted

outBuff - the output buffer, may be the same as the input buffer

outOffset - the offset into the output buffer where the resulting output data begins

Returns:

number of bytes output in outBuff.

Throws:

javacard.security.CryptoException - with the following reason codes:

• CryptoException.UNINITIALIZED_KEY if the key (Ks_int_NAF key) is uninitialized.
• CryptoException.INVALID_INIT if this GBAUCipher object is not initialized.
• CryptoException.ILLEGAL_USE if one of the following conditions is met
  • This GBAUCipher algorithm does not pad the message and the message is not block aligned.
  • This GBAUCipher algorithm does not pad the message and no input data has been provided in inBuff or via the update() method.
  • The decrypted data is not bounded by appropriate padding bytes.

NullPointerException - if inBuff or outOffset is null

ArrayIndexOutOfBoundsException - if the check operation on inBuff or outOffset would cause access of data outside array bounds

See Also:

• open(byte cipherAlgorithm, byte paddingAlgorithm)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, short keyLength)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen)
• init(byte theMode, byte[] adfAID, short adfAIDOff, short adfAIDLen, byte[] nafID, short nafIDOff, short nafIDLen, byte[] bArray, short bOff, short bLen, short keyLength)
• update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)