org.globalplatform
Interface Authority

All Superinterfaces:

javacard.framework.Shareable

public interface Authority
extends javacard.framework.Shareable

This interface provides services to recover a cryptographic key and to sign data. The CASD shall publish this interface to the OPEN, using Global Service interface, to make its services available to other Applications. The APSD is the first entity requiring this service from the CASD as shown in 2.1. There is only one CASD inside the card. The CASD shall register this service as a unique Global Service with the service family identifier =’83’ (per section 8.1.3 of GlobalPlatform Card Specification v2.2).

The Authority interface is responsible for signing and verifying message with a key implicitly known. The implementer of this interface has the knowledge of the keys used for the different operations.

Since:

export file version 1.2

Field Summary

static byte	MODE_KEY_RECOVERY Used in init() methods to indicate key recovery mode.
static byte	MODE_SIGN Used in init() methods to indicate signature sign mode.

Method Summary

void	init(byte theMode) Initializes the Authority interface with the appropriate mode (MODE_SIGN or MODE_KEY_RECOVERY).
short	recoverKey(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset) Recovers a cryptographic key from a set of data structures provided in the input buffer (inBuff).
short	sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset) Generates the signature of all/last input data.
void	update(byte[] inBuff, short inOffset, short inLength) Accumulates input data. for the current operation (MODE_SIGN or MODE_KEY_RECOVERY).

Field Detail

MODE_SIGN

static final byte MODE_SIGN

Used in init() methods to indicate signature sign mode.

See Also:

Constant Field Values

MODE_KEY_RECOVERY

static final byte MODE_KEY_RECOVERY

Used in init() methods to indicate key recovery mode.

See Also:

Constant Field Values

Method Detail

init

void init(byte theMode)
          throws javacard.security.CryptoException

Initializes the Authority interface with the appropriate mode (MODE_SIGN or MODE_KEY_RECOVERY).

Parameters:

theMode - one of MODE_SIGN or MODE_KEY_RECOVERY

Throws:

javacard.security.CryptoException - with the following reason code:

ILLEGUAL_VALUE if theMode option is an undefined value

sign

short sign(byte[] inBuff,
           short inOffset,
           short inLength,
           byte[] sigBuff,
           short sigOffset)
           throws javacard.security.CryptoException

Generates the signature of all/last input data. A call to this method resets this Authority interface to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message. The input and output buffer may overlap and shall be global arrays.

Parameters:

inBuff - the input buffer of data to be signed

inOffset - the offset in input buffer at which the signature starts

inLength - the byte length to sign

sigBuff - the output buffer to store signature data

sigOffset - the offset into sigBuff at which to begin signature generation

Returns:

the number of bytes of signature output in sigBuff

Throws:

javacard.security.CryptoException - with the following reason codes:

INVALID_INIT if this Authority interface is not initialized or initialized in MODE_KEY_RECOVERY mode.

ILLEGAL_USE if this Authority algorithm does not pad the message and the message is not block aligned.

java.lang.SecurityException - if the inBuff or sigBuff are not global array.

update

void update(byte[] inBuff,
            short inOffset,
            short inLength)
            throws javacard.security.CryptoException

Accumulates input data. for the current operation (MODE_SIGN or MODE_KEY_RECOVERY).

When this method is used, temporary storage of intermediate results is required. This method should only be used if all the input data required for the current operation is not available in one byte array. The sign or recoverKey methods are recommended whenever possible. The inBuff shall be global array.

Parameters:

inBuff - buffer containing input data

inOffset - offset of input data

inLength - length of input data

Throws:

javacard.security.CryptoException - with the following reason codes:

INVALID_INIT if this Authority interface is not initialized.

java.lang.SecurityException - if the inBuff is not global array.

recoverKey

short recoverKey(byte[] inBuff,
                 short inOffset,
                 short inLength,
                 byte[] outBuff,
                 short outOffset)
                 throws javacard.security.CryptoException

Recovers a cryptographic key from a set of data structures provided in the input buffer (inBuff). As a mandatory step, the recovery mechanism includes the verification of the origin and integrity of the recovered key. This method knows, from the set of data structures present in the input buffer, which recovery mechanism is to be used. The recovered key is written in the ouput buffer (outBuff) at specified offset (outOffset), in the form of a key data structure whose format depends on the type of the key. A call to this method resets this instance of the Authority interface to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to recover another key. The input and output buffers may overlap and shall be global arrays.

Parameters:

inBuff - containing input data.

inOffset - offset of input data.

inLength - length of input data.

outBuff - the buffer where recovered key data structure shall be written

outOffset - offset where recovered key data structure shall be written

Returns:

Length of the recovered key data structure written in outBuff at outOffset,or 0 if the recovery mechanism failed (e.g. recovered key was considered invalid).

Throws:

javacard.security.CryptoException - - with the following reason codes:

INVALID_INIT if this Authority interface is not initialized or initialized in MODE_SIGN mode.

java.lang.SecurityException - if the inBuff or outBuff are not global array.