Documentation and structure touch-ups

Author: BryanJacobs

src/main/java/us/q3q/fido2/FIDO2Applet.java

@@ -918,7 +918,7 @@ private void makeCredential(APDU apdu, short lc, byte[] buffer) {
                         // ... but it might not match the user ID we're requesting...
                         if (userIdLen == residentKeys[i].getUserIdLength()) {
                             // DECRYPT the encrypted user ID we stored for this RK, so we can compare
-                            AESKey key = getAESKeyForRK(i, residentKeys[i].getCredProtectLevel());
+                            AESKey key = getAESKeyForExistingRK(i);
                             residentKeys[i].unpackUserID(key, symmetricUnwrapper, scratchUserIdBuffer, scratchUserIdOffset);
 
                             if (Util.arrayCompare(
@@ -988,7 +988,7 @@ private void makeCredential(APDU apdu, short lc, byte[] buffer) {
                     effectiveCredBlobLen = 0;
                 }
 
-                AESKey key = getAESKeyForRK(targetRKSlot, effectiveCPLevel);
+                AESKey key = getAESKeyForCreatingWithCredProtectLevel(effectiveCPLevel);
                 residentKeys[targetRKSlot] = new ResidentKeyData(
                         random, key, symmetricWrapper,
                         counter,
@@ -2443,7 +2443,7 @@ private void getAssertion(final APDU apdu, final short lc, final byte[] buffer,
             outputBuffer[outputIdx++] = 0x07; // map key: largeBlobKey
             outputIdx = encodeIntLenTo(outputBuffer, outputIdx, (byte) 32, true);
             residentKeys[rkMatch].emitLargeBlobKey(
-                    getAESKeyForRK(rkMatch, residentKeys[rkMatch].getCredProtectLevel()), symmetricWrapper,
+                    getAESKeyForExistingRK(rkMatch), symmetricWrapper,
                     outputBuffer, outputIdx);
             outputIdx += 32;
         }
@@ -5260,13 +5260,25 @@ private void handleEnumerateRPs(APDU apdu, short startOffset) {
         sendNoCopy(apdu, writeOffset);
     }
 
-    private AESKey getAESKeyForRK(short rkIndex, byte credProt) {
+    /**
+     * Gets the AES key to use when creating a new resident key
+     *
+     * @param credProt The cred protect level of the new key
+     * @return An AES key object to pass to ResidentKeyData methods
+     */
+    private AESKey getAESKeyForCreatingWithCredProtectLevel(byte credProt) {
         final boolean highSec = !LOW_SECURITY_MAXIMUM_COMPLIANCE && (!USE_LOW_SECURITY_FOR_SOME_RKS || credProt > 2);
         return highSec ? highSecurityWrappingKey : lowSecurityWrappingKey;
     }
 
+    /**
+     * Gets the AES key used for the data associated with the given RK
+     *
+     * @param rkIndex Index of the RK in the store
+     * @return An AES key object to pass to ResidentKeyData methods
+     */
     private AESKey getAESKeyForExistingRK(short rkIndex) {
-        return getAESKeyForRK(rkIndex, residentKeys[rkIndex].getCredProtectLevel());
+        return getAESKeyForCreatingWithCredProtectLevel(residentKeys[rkIndex].getCredProtectLevel());
     }
 
     /**

src/main/java/us/q3q/fido2/ResidentKeyData.java

@@ -156,7 +156,7 @@ public void setUser(AESKey key, Cipher wrapper, byte[] userIdBuffer, short userI
         wrapper.init(key, Cipher.MODE_ENCRYPT, userIV, (short) 0, (short) userIV.length);
         wrapper.doFinal(userIdBuffer, userIdOffset, MAX_USER_ID_LENGTH,
                 userId, (short) 0);
-        userIdBuffer[userIdLength + 1] = 0x00;
+        userIdBuffer[(short)(userIdLength + 1)] = 0x00;
         this.userIdLength = userIdLength;
     }