Minor code cleanup

BryanJacobs · BryanJacobs · commit d0cbafc7c368 · 2023-08-17T17:20:29.000+10:00
diff --git a/src/main/java/us/q3q/fido2/FIDO2Applet.java b/src/main/java/us/q3q/fido2/FIDO2Applet.java
@@ -1195,24 +1195,6 @@ private boolean makeGoodKeyPair(KeyPair keyPair, byte[] publicKeyBuffer, short p
         return false;
     }
 
-    /**
-     * Encrypts data from one buffer to another using the symmetric wrapping key.
-     * Before call, symmetric crypto must be initialized; after call, it still is.
-     *
-     * @param inBuf Buffer containing data to be encrypted
-     * @param inOffset Offset of data in input buffer
-     * @param inLen Length of data to encrypt
-     * @param outBuf Buffer into which to write output
-     * @param outOff Offset at which to write encrypted data
-     */
-    private void symmetricWrap(byte[] inBuf, short inOffset, short inLen, byte[] outBuf, short outOff) {
-        short ret = symmetricWrapper.doFinal(inBuf, inOffset, inLen,
-                outBuf, outOff);
-        if (ret != inLen) {
-            throwException(ISO7816.SW_DATA_INVALID);
-        }
-    }
-
     /**
      * If, and only if, no PIN is set, directly initialize symmetric crypto
      * from our flash-stored wrapping key (which should be unencrypted)
@@ -2975,8 +2957,11 @@ private void extractCredentialMixed(byte[] credentialBuffer, short credentialInd
             (lowSecurity ? lowSecurityWrappingIV : externalCredentialIV);
         AESKey key = (LOW_SECURITY_MAXIMUM_COMPLIANCE || lowSecurity) ? lowSecurityWrappingKey : highSecurityWrappingKey;
         symmetricUnwrapper.init(key, Cipher.MODE_DECRYPT, iv, (short) 0, IV_LEN);
-        symmetricUnwrap(credentialBuffer, credentialIndex, CREDENTIAL_ID_LEN,
+        short ret = symmetricUnwrapper.doFinal(credentialBuffer, credentialIndex, CREDENTIAL_ID_LEN,
                 outputBuffer, outputOffset);
+        if (ret != CREDENTIAL_ID_LEN) {
+            throwException(ISO7816.SW_DATA_INVALID);
+        }
     }
 
     /**
@@ -5281,24 +5266,6 @@ private AESKey getAESKeyForExistingRK(short rkIndex) {
         return getAESKeyForCreatingWithCredProtectLevel(residentKeys[rkIndex].getCredProtectLevel());
     }
 
-    /**
-     * Uses the symmetric unwrapping key to decrypt stored data from one buffer to another.
-     * Before call, symmetric crypto must be initialized; after call, it still will be.
-     *
-     * @param inBuf Input buffer
-     * @param offset Offset of encrypted data in input buffer
-     * @param len Length of encrypted data
-     * @param outBuf Buffer into which to store output
-     * @param writeOffset Output at which to begin writing data
-     */
-    private void symmetricUnwrap(byte[] inBuf, short offset, short len, byte[] outBuf, short writeOffset) {
-        short ret = symmetricUnwrapper.doFinal(inBuf, offset, len,
-                outBuf, writeOffset);
-        if (ret != len) {
-            throwException(ISO7816.SW_DATA_INVALID);
-        }
-    }
-
     /**
      * Processes the CTAP2.1 credential management getCredsMetaData command
      *
diff --git a/src/main/java/us/q3q/fido2/ResidentKeyData.java b/src/main/java/us/q3q/fido2/ResidentKeyData.java
@@ -160,6 +160,36 @@ public void setUser(AESKey key, Cipher wrapper, byte[] userIdBuffer, short userI
         this.userIdLength = userIdLength;
     }
 
+    public void unpackUserID(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
+        unwrapper.init(key, Cipher.MODE_DECRYPT, userIV, (short) 0, (short) userIV.length);
+        unwrapper.doFinal(userId, (short) 0, (short) userId.length,
+                targetBuffer, targetOffset);
+    }
+
+    public void unpackPublicKey(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
+        unwrapper.init(key, Cipher.MODE_DECRYPT, pubKeyIV, (short) 0, (short) pubKeyIV.length);
+        unwrapper.doFinal(publicKey, (short) 0, (short) publicKey.length,
+                targetBuffer, targetOffset);
+    }
+
+    public void unpackRpId(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
+        unwrapper.init(key, Cipher.MODE_DECRYPT, RPIV, (short) 0, (short) RPIV.length);
+        unwrapper.doFinal(rpId, (short) 0, (short) rpId.length,
+                targetBuffer, targetOffset);
+    }
+
+    public void unpackCredBlob(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
+        unwrapper.init(key, Cipher.MODE_DECRYPT, credBlobIV, (short) 0, (short) credBlobIV.length);
+        unwrapper.doFinal(credBlob, (short) 0, (short) credBlob.length,
+                targetBuffer, targetOffset);
+    }
+
+    public void emitLargeBlobKey(AESKey key, Cipher wrapper, byte[] targetBuffer, short targetOffset) {
+        wrapper.init(key, Cipher.MODE_ENCRYPT, largeBlobIV, (short) 0, (short) largeBlobIV.length);
+        wrapper.doFinal(publicKey, (short) 0, (short) 32,
+                targetBuffer, targetOffset);
+    }
+
     public byte[] getCounter() {
         return counter;
     }
@@ -196,36 +226,6 @@ public byte getRpIdLength() {
         return rpIdLength;
     }
 
-    public void unpackUserID(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
-        unwrapper.init(key, Cipher.MODE_DECRYPT, userIV, (short) 0, (short) userIV.length);
-        unwrapper.doFinal(userId, (short) 0, (short) userId.length,
-                targetBuffer, targetOffset);
-    }
-
-    public void unpackPublicKey(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
-        unwrapper.init(key, Cipher.MODE_DECRYPT, pubKeyIV, (short) 0, (short) pubKeyIV.length);
-        unwrapper.doFinal(publicKey, (short) 0, (short) publicKey.length,
-                targetBuffer, targetOffset);
-    }
-
-    public void unpackRpId(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
-        unwrapper.init(key, Cipher.MODE_DECRYPT, RPIV, (short) 0, (short) RPIV.length);
-        unwrapper.doFinal(rpId, (short) 0, (short) rpId.length,
-                targetBuffer, targetOffset);
-    }
-
-    public void unpackCredBlob(AESKey key, Cipher unwrapper, byte[] targetBuffer, short targetOffset) {
-        unwrapper.init(key, Cipher.MODE_DECRYPT, credBlobIV, (short) 0, (short) credBlobIV.length);
-        unwrapper.doFinal(credBlob, (short) 0, (short) credBlob.length,
-                targetBuffer, targetOffset);
-    }
-
-    public void emitLargeBlobKey(AESKey key, Cipher wrapper, byte[] targetBuffer, short targetOffset) {
-        wrapper.init(key, Cipher.MODE_ENCRYPT, largeBlobIV, (short) 0, (short) largeBlobIV.length);
-        wrapper.doFinal(publicKey, (short) 0, (short) 32,
-                targetBuffer, targetOffset);
-    }
-
     public byte getCredBlobLen() {
         return this.credBlobLen;
     }
