0 Replies Latest reply: May 15, 2012 10:19 PM by 921719 RSS

    Any body know about Authority interface?

    921719
      Dear all,
      in the GlobalPlatform_Card_API_org.globalplatform_1.5, Authority interface has below information
      public interface Authority
      extends javacard.framework.Shareable
      
      This interface provides services to recover a cryptographic key and to sign data. The CASD shall publish this interface to the OPEN, using Global Service interface, to make its services available to other Applications. The APSD is the first entity requiring this service from the CASD as shown in 2.1. There is only one CASD inside the card. The CASD shall register this service as a unique Global Service with the service family identifier =’83’ (per section 8.1.3 of GlobalPlatform Card Specification v2.2).
      
            The Authority interface is responsible for signing and verifying message with a key implicitly known. The implementer of this interface has the knowledge of the keys used for the different operations.
      
      Since:
          export file version 1.2
      
      Field Summary
      static byte      MODE_KEY_RECOVERY
                Used in init() methods to indicate key recovery mode.
      static byte      MODE_SIGN
                Used in init() methods to indicate signature sign mode.
       
      Method Summary
       void      init(byte theMode)
                Initializes the Authority interface with the appropriate mode (MODE_SIGN or MODE_KEY_RECOVERY).
       short      recoverKey(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset)
                Recovers a cryptographic key from a set of data structures provided in the input buffer (inBuff).
       short      sign(byte[] inBuff, short inOffset, short inLength, byte[] sigBuff, short sigOffset)
                Generates the signature of all/last input data.
       void      update(byte[] inBuff, short inOffset, short inLength)
                Accumulates input data. for the current operation (MODE_SIGN or MODE_KEY_RECOVERY).
      
      Method Detail
      init
      
      void init(byte theMode)
                throws javacard.security.CryptoException
      
          Initializes the Authority interface with the appropriate mode (MODE_SIGN or MODE_KEY_RECOVERY).
      
          Parameters:
              theMode - one of MODE_SIGN or MODE_KEY_RECOVERY 
          Throws:
            # javacard.security.CryptoException - with the following reason code: ILLEGUAL_VALUE if theMode option is an undefined value
      
      sign
      
      short sign(byte[] inBuff,
                 short inOffset,
                 short inLength,
                 byte[] sigBuff,
                 short sigOffset)
                 throws javacard.security.CryptoException
      
          Generates the signature of all/last input data. A call to this method resets this Authority interface to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to sign another message. The input and output buffer may overlap and shall be global arrays.
      
          Parameters:
              inBuff - the input buffer of data to be signed
              inOffset - the offset in input buffer at which the signature starts
              inLength - the byte length to sign
              sigBuff - the output buffer to store signature data
              sigOffset - the offset into sigBuff at which to begin signature generation 
          Returns:
              the number of bytes of signature output in sigBuff 
          Throws:
            # javacard.security.CryptoException - with the following reason codes: INVALID_INIT if this Authority interface is not initialized or initialized in MODE_KEY_RECOVERY mode.
            # ILLEGAL_USE if this Authority algorithm does not pad the message and the message is not block aligned.
              java.lang.SecurityException - if the inBuff or sigBuff are not global array.
      
      update
      
      void update(byte[] inBuff,
                  short inOffset,
                  short inLength)
                  throws javacard.security.CryptoException
      
          Accumulates input data. for the current operation (MODE_SIGN or MODE_KEY_RECOVERY).
      
          When this method is used, temporary storage of intermediate results is required. This method should only be used if all the input data required for the current operation is not available in one byte array. The sign or recoverKey methods are recommended whenever possible. The inBuff shall be global array.
      
          Parameters:
              inBuff - buffer containing input data
              inOffset - offset of input data
              inLength - length of input data 
          Throws:
            # javacard.security.CryptoException - with the following reason codes: INVALID_INIT if this Authority interface is not initialized.
              java.lang.SecurityException - if the inBuff is not global array.
      
      recoverKey
      
      short recoverKey(byte[] inBuff,
                       short inOffset,
                       short inLength,
                       byte[] outBuff,
                       short outOffset)
                       throws javacard.security.CryptoException
      
          Recovers a cryptographic key from a set of data structures provided in the input buffer (inBuff). As a mandatory step, the recovery mechanism includes the verification of the origin and integrity of the recovered key. This method knows, from the set of data structures present in the input buffer, which recovery mechanism is to be used. The recovered key is written in the ouput buffer (outBuff) at specified offset (outOffset), in the form of a key data structure whose format depends on the type of the key. A call to this method resets this instance of the Authority interface to the state it was in when previously initialized via a call to init(). That is, the object is reset and available to recover another key. The input and output buffers may overlap and shall be global arrays.
      
          Parameters:
              inBuff - containing input data.
              inOffset - offset of input data.
              inLength - length of input data.
              outBuff - the buffer where recovered key data structure shall be written
              outOffset - offset where recovered key data structure shall be written 
          Returns:
              Length of the recovered key data structure written in outBuff at outOffset,or 0 if the recovery mechanism failed (e.g. recovered key was considered invalid). 
          Throws:
            # javacard.security.CryptoException - - with the following reason codes: INVALID_INIT if this Authority interface is not initialized or initialized in MODE_SIGN mode.
              java.lang.SecurityException - if the inBuff or outBuff are not global array.
      As my knowledge, to use above method of Authority interface, the applet should extends the Authority interface and implement those method above.
      i want to validate above methods, but i still dont understand what should i do to validate above methods. Can any body tell me?
      Thanks