com.ibm.crypto.fips.provider

Class AESCipher

  1. java.lang.Object
  2. extended byjavax.crypto.CipherSpi
  3. extended bycom.ibm.crypto.fips.provider.AESCipher
All implemented interfaces:
AlgorithmStatus

  1. public final class AESCipher
  2. extends javax.crypto.CipherSpi
  3. implements AlgorithmStatus
This class implements the AES algorithm in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding).

AES is a 128-bit block cipher with 128, 192, or 256-bit key.

Version:
1.00 18/09/01
Author:
Paschalis Kaltsatis

Field Summary

Modifier and Type Field and Description
  1. static
  2. int
AES_BLOCK_SIZE
  1. static
  2. int[]
AES_KEYSIZES

Constructor Summary

Constructor and Description
AESCipher()
Creates an instance of AES cipher with default ECB mode and PKCS5Padding.
AESCipher(java.lang.String mode,java.lang.String paddingScheme)
Creates an instance of AES cipher with the requested mode and padding.

Method Summary

Modifier and Type Method and Description
  1. protected
  2. byte[]
engineDoFinal(byte[] input,int inputOffset,int inputLen)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
  1. protected
  2. int
engineDoFinal(byte[] input,int inputOffset,int inputLen,byte[] output,int outputOffset)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
  1. protected
  2. int
engineGetBlockSize()
Returns the block size (in bytes).
  1. protected
  2. byte[]
engineGetIV()
Returns the initialization vector (IV) in a new buffer.
  1. protected
  2. int
engineGetKeySize(java.security.Key key)
Returns the key size of the given key object.
  1. protected
  2. int
engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
  1. protected
  2. java.security.AlgorithmParameters
engineGetParameters()
Returns the parameters used with this cipher.
  1. protected
  2. void
engineInit(int opmode,java.security.Key key,java.security.spec.AlgorithmParameterSpec params,java.security.SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
  1. protected
  2. void
engineInit(int opmode,java.security.Key key,java.security.AlgorithmParameters params,java.security.SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
  1. protected
  2. void
engineInit(int opmode,java.security.Key key,java.security.SecureRandom random)
Initializes this cipher with a key and a source of randomness.
  1. protected
  2. void
engineSetMode(java.lang.String mode)
Sets the mode of this cipher.
  1. protected
  2. void
engineSetPadding(java.lang.String paddingScheme)
Sets the padding mechanism of this cipher.
  1. protected
  2. java.security.Key
engineUnwrap(byte[] wrappedKey,java.lang.String wrappedKeyAlgorithm,int wrappedKeyType)
Unwrap a previously wrapped key.
  1. protected
  2. byte[]
engineUpdate(byte[] input,int inputOffset,int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
  1. protected
  2. int
engineUpdate(byte[] input,int inputOffset,int inputLen,byte[] output,int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
  1. protected
  2. byte[]
engineWrap(java.security.Key key)
Wrap a key.
  1. protected
  2. byte[]
internalDoFinal(byte[] input,int inputOffset,int inputLen)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
  1. protected
  2. int
internalDoFinal(byte[] input,int inputOffset,int inputLen,byte[] output,int outputOffset)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
  1. protected
  2. int
internalGetBlockSize()
Returns the block size (in bytes).
  1. protected
  2. byte[]
internalGetIV()
Returns the initialization vector (IV) in a new buffer.
  1. protected
  2. int
internalGetKeySize(java.security.Key key)
Returns the key size of the given key object.
  1. protected
  2. int
internalGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
  1. protected
  2. java.security.AlgorithmParameters
internalGetParameters()
Returns the parameters used with this cipher.
  1. protected
  2. void
internalInit(int opmode,java.security.Key key,java.security.spec.AlgorithmParameterSpec params,java.security.SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
  1. protected
  2. void
internalInit(int opmode,java.security.Key key,java.security.AlgorithmParameters params,java.security.SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
  1. protected
  2. void
internalInit(int opmode,java.security.Key key,java.security.SecureRandom random)
Initializes this cipher with a key and a source of randomness.
  1. protected
  2. void
internalSetMode(java.lang.String mode)
Sets the mode of this cipher.
  1. protected
  2. void
internalSetPadding(java.lang.String paddingScheme)
Sets the padding mechanism of this cipher.
  1. protected
  2. java.security.Key
internalUnwrap(byte[] wrappedKey,java.lang.String wrappedKeyAlgorithm,int wrappedKeyType)
Unwrap a previously wrapped key.
  1. protected
  2. byte[]
internalUpdate(byte[] input,int inputOffset,int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
  1. protected
  2. int
internalUpdate(byte[] input,int inputOffset,int inputLen,byte[] output,int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
  1. protected
  2. byte[]
internalWrap(java.security.Key key)
Wrap a key.
  1. boolean
isFipsApproved()
Methods inherited from class javax.crypto.CipherSpi
engineDoFinal, engineUpdate
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AES_BLOCK_SIZE

  1. public static final int AES_BLOCK_SIZE
See Also:

AES_KEYSIZES

  1. public static final int[] AES_KEYSIZES

Constructor Detail

AESCipher

  1. public AESCipher()
Creates an instance of AES cipher with default ECB mode and PKCS5Padding.
Throws:
java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.

AESCipher

  1. public AESCipher(java.lang.String mode,
  2. java.lang.String paddingScheme)
  3. throws java.security.NoSuchAlgorithmException
  4. javax.crypto.NoSuchPaddingException
Creates an instance of AES cipher with the requested mode and padding.
Parameters:
mode - the cipher mode
paddingScheme - the padding mechanism
Throws:
java.security.NoSuchAlgorithmException - if the required cipher mode is unavailable
javax.crypto.NoSuchPaddingException - if the required padding mechanism is unavailable

Method Detail

isFipsApproved

  1. public boolean isFipsApproved()
Description copied from interface: AlgorithmStatus
Module identifies if the cryptographic operation (algorithm) is FIPS certified
Specified by:
See Also:

engineSetMode

  1. protected void engineSetMode(java.lang.String mode)
  2. throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
Specified by:
engineSetMode in class javax.crypto.CipherSpi
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetMode

  1. protected void internalSetMode( java.lang.String mode)
  2. throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

engineSetPadding

  1. protected void engineSetPadding( java.lang.String paddingScheme)
  2. throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Specified by:
engineSetPadding in class javax.crypto.CipherSpi
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetPadding

  1. protected void internalSetPadding( java.lang.String paddingScheme)
  2. throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

engineGetBlockSize

  1. protected int engineGetBlockSize( )
Returns the block size (in bytes).
Specified by:
engineGetBlockSize in class javax.crypto.CipherSpi
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetBlockSize

  1. protected int internalGetBlockSize( )
Returns the block size (in bytes).
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

engineGetOutputSize

  1. protected int engineGetOutputSize( int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Specified by:
engineGetOutputSize in class javax.crypto.CipherSpi
Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetOutputSize

  1. protected int internalGetOutputSize( int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)

engineGetIV

  1. protected byte[] engineGetIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

Specified by:
engineGetIV in class javax.crypto.CipherSpi
Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetIV

  1. protected byte[] internalGetIV( )
Returns the initialization vector (IV) in a new buffer.

This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

engineGetParameters

  1. protected java.security.AlgorithmParameters engineGetParameters( )
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

Specified by:
engineGetParameters in class javax.crypto.CipherSpi
Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetParameters

  1. protected java.security.AlgorithmParameters internalGetParameters( )
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.

engineInit

  1. protected void engineInit(int opmode,
  2. java.security.Key key,
  3. java.security.SecureRandom random)
  4. throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Specified by:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

  1. protected void internalInit(int opmode,
  2. java.security.Key key,
  3. java.security.SecureRandom random)
  4. throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

engineInit

  1. protected void engineInit(int opmode,
  2. java.security.Key key,
  3. java.security.spec.AlgorithmParameterSpec params,
  4. java.security.SecureRandom random)
  5. throws java.security.InvalidKeyException
  6. java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Specified by:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

  1. protected void internalInit(int opmode,
  2. java.security.Key key,
  3. java.security.spec.AlgorithmParameterSpec params,
  4. java.security.SecureRandom random)
  5. throws java.security.InvalidKeyException
  6. java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

engineInit

  1. protected void engineInit(int opmode,
  2. java.security.Key key,
  3. java.security.AlgorithmParameters params,
  4. java.security.SecureRandom random)
  5. throws java.security.InvalidKeyException
  6. java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Specified by:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

  1. protected void internalInit(int opmode,
  2. java.security.Key key,
  3. java.security.AlgorithmParameters params,
  4. java.security.SecureRandom random)
  5. throws java.security.InvalidKeyException
  6. java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.

engineUpdate

  1. protected byte[] engineUpdate(byte[] input,
  2. int inputOffset,
  3. int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Specified by:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

  1. protected byte[] internalUpdate( byte[] input,
  2. int inputOffset,
  3. int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

engineUpdate

  1. protected int engineUpdate(byte[] input,
  2. int inputOffset,
  3. int inputLen,
  4. byte[] output,
  5. int outputOffset)
  6. throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Specified by:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

  1. protected int internalUpdate(byte[] input,
  2. int inputOffset,
  3. int inputLen,
  4. byte[] output,
  5. int outputOffset)
  6. throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

engineDoFinal

  1. protected byte[] engineDoFinal( byte[] input,
  2. int inputOffset,
  3. int inputLen)
  4. throws javax.crypto.IllegalBlockSizeException
  5. javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Specified by:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

  1. protected byte[] internalDoFinal( byte[] input,
  2. int inputOffset,
  3. int inputLen)
  4. throws javax.crypto.IllegalBlockSizeException
  5. javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineDoFinal

  1. protected int engineDoFinal(byte[] input,
  2. int inputOffset,
  3. int inputLen,
  4. byte[] output,
  5. int outputOffset)
  6. throws javax.crypto.ShortBufferException
  7. javax.crypto.IllegalBlockSizeException
  8. javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Specified by:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

  1. protected int internalDoFinal(byte[] input,
  2. int inputOffset,
  3. int inputLen,
  4. byte[] output,
  5. int outputOffset)
  6. throws javax.crypto.ShortBufferException
  7. javax.crypto.IllegalBlockSizeException
  8. javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineWrap

  1. protected byte[] engineWrap(java.security.Key key)
  2. throws javax.crypto.IllegalBlockSizeException
  3. java.security.InvalidKeyException
Wrap a key.
Overrides:
engineWrap in class javax.crypto.CipherSpi
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

internalWrap

  1. protected byte[] internalWrap(java.security.Key key)
  2. throws javax.crypto.IllegalBlockSizeException
  3. java.security.InvalidKeyException
Wrap a key.
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

engineUnwrap

  1. protected java.security.Key engineUnwrap( byte[] wrappedKey,
  2. java.lang.String wrappedKeyAlgorithm,
  3. int wrappedKeyType)
  4. throws java.security.InvalidKeyException
  5. java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Overrides:
engineUnwrap in class javax.crypto.CipherSpi
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUnwrap

  1. protected java.security.Key internalUnwrap( byte[] wrappedKey,
  2. java.lang.String wrappedKeyAlgorithm,
  3. int wrappedKeyType)
  4. throws java.security.InvalidKeyException
  5. java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.

engineGetKeySize

  1. protected int engineGetKeySize( java.security.Key key)
  2. throws java.security.InvalidKeyException
Returns the key size of the given key object.

This concrete method has been added to this previously-defined abstract class. It throws an UnsupportedOperationException if it is not overridden by the provider.

Overrides:
engineGetKeySize in class javax.crypto.CipherSpi
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key is invalid.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetKeySize

  1. protected int internalGetKeySize( java.security.Key key)
  2. throws java.security.InvalidKeyException
Returns the key size of the given key object.

This concrete method has been added to this previously-defined abstract class. It throws an UnsupportedOperationException if it is not overridden by the provider.

Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key is invalid.