com.ibm.crypto.fips.provider

Class AESCipherInSoftware

  • java.lang.Object
    • javax.crypto.CipherSpi
      • com.ibm.crypto.fips.provider.AESCipherInSoftware
  • All Implemented Interfaces:
    AESConstants

    public final class AESCipherInSoftware
extends javax.crypto.CipherSpi
implements AESConstants
    This class implements the AES algorithm in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding).

    AES is a 128-bit block cipher with 128, 192, or 256-bit key.

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] engineGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int engineGetKeySize(java.security.Key key)
      Returns the key size of the given key object.
      protected int engineGetOutputSize(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters engineGetParameters()
      Returns the parameters used with this cipher.
      protected void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with a key and a source of randomness.
      protected void engineSetMode(java.lang.String mode)
      Sets the mode of this cipher.
      protected void engineSetPadding(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] engineWrap(java.security.Key key)
      Wrap a key.
      protected java.lang.String getAlgorithmName() 
      protected static int getNumOfUnit(java.lang.String mode, int offset, int blockSize) 
      protected byte[] internalDoFinal(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int internalDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int internalGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] internalGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int internalGetKeySize(java.security.Key key)
      Returns the key size of the given key object.
      protected int internalGetOutputSize(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters internalGetParameters()
      Returns the parameters used with this cipher.
      protected void internalInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void internalInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void internalInit(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with a key and a source of randomness.
      protected void internalSetMode(java.lang.String mode)
      Sets the mode of this cipher.
      protected void internalSetPadding(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key internalUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] internalUpdate(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int internalUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] internalWrap(java.security.Key key)
      Wrap a key.
      protected void setRawAlg()
      Sets the raw algorithm to AES.

      • Methods inherited from class javax.crypto.CipherSpi

        engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • unitBytes

        protected int unitBytes

      • cipher

        protected com.ibm.crypto.fips.provider.SymmetricCipher cipher

      • cipherMode

        protected int cipherMode

      • rawAlg

        protected com.ibm.crypto.fips.provider.RawBlockCipher rawAlg

    • Constructor Detail

      • AESCipherInSoftware

        public AESCipherInSoftware()

      • AESCipherInSoftware

        public AESCipherInSoftware(java.lang.String mode,
                   java.lang.String padding)
                    throws java.security.NoSuchAlgorithmException,
                           javax.crypto.NoSuchPaddingException
        Throws:
        java.security.NoSuchAlgorithmException
        javax.crypto.NoSuchPaddingException

    • Method Detail

      • setRawAlg

        protected void setRawAlg()
        Sets the raw algorithm to AES. This method is called by the constructor.

      • engineGetBlockSize

        protected int engineGetBlockSize()
        Returns the block size (in bytes).
        Returns:
        the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

      • internalGetBlockSize

        protected int internalGetBlockSize()
        Returns the block size (in bytes).
        Returns:
        the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

      • engineGetKeySize

        protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
        Returns the key size of the given key object.
        Parameters:
        key - the key object.
        Returns:
        the key size of the given key object.
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException - if key is invalid.

      • internalGetKeySize

        protected int internalGetKeySize(java.security.Key key)
                          throws java.security.InvalidKeyException
        Returns the key size of the given key object.
        Parameters:
        key - the key object.
        Returns:
        the key size of the given key object.
        Throws:
        java.security.InvalidKeyException - if key is invalid.

      • getAlgorithmName

        protected java.lang.String getAlgorithmName()

      • engineSetMode

        protected void engineSetMode(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
        Specified by:
        engineSetMode in class javax.crypto.CipherSpi
        Parameters:
        mode - the cipher mode
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.NoSuchAlgorithmException

      • internalSetMode

        protected void internalSetMode(java.lang.String mode)
                        throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
        Parameters:
        mode - the cipher mode
        Throws:
        java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

      • getNumOfUnit

        protected static int getNumOfUnit(java.lang.String mode,
               int offset,
               int blockSize)
                           throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException

      • engineSetPadding

        protected void engineSetPadding(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher.
        Specified by:
        engineSetPadding in class javax.crypto.CipherSpi
        Parameters:
        padding - the padding mechanism
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.NoSuchPaddingException

      • internalSetPadding

        protected void internalSetPadding(java.lang.String paddingScheme)
                           throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher.
        Parameters:
        padding - the padding mechanism
        Throws:
        javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

      • engineGetOutputSize

        protected int engineGetOutputSize(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Specified by:
        engineGetOutputSize in class javax.crypto.CipherSpi
        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes)

      • internalGetOutputSize

        protected int internalGetOutputSize(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes)

      • engineGetIV

        protected byte[] engineGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

        Specified by:
        engineGetIV in class javax.crypto.CipherSpi
        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

      • internalGetIV

        protected byte[] internalGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

      • engineGetParameters

        protected java.security.AlgorithmParameters engineGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Specified by:
        engineGetParameters in class javax.crypto.CipherSpi
        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.

      • internalGetParameters

        protected java.security.AlgorithmParameters internalGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
        Initializes this cipher with a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the secret key
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException
        Initializes this cipher with a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the secret key
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.spec.AlgorithmParameterSpec params,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.AlgorithmParameters params,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

        Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.AlgorithmParameters params,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

        Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.

      • engineUpdate

        protected byte[] engineUpdate(byte[] input,
                  int inputOffset,
                  int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

      • internalUpdate

        protected byte[] internalUpdate(byte[] input,
                    int inputOffset,
                    int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

      • engineUpdate

        protected int engineUpdate(byte[] input,
               int inputOffset,
               int inputLen,
               byte[] output,
               int outputOffset)
                    throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.ShortBufferException

      • internalUpdate

        protected int internalUpdate(byte[] input,
                 int inputOffset,
                 int inputLen,
                 byte[] output,
                 int outputOffset)
                      throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

      • engineDoFinal

        protected byte[] engineDoFinal(byte[] input,
                   int inputOffset,
                   int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • internalDoFinal

        protected byte[] internalDoFinal(byte[] input,
                     int inputOffset,
                     int inputLen)
                          throws javax.crypto.IllegalBlockSizeException,
                                 javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

      • engineDoFinal

        protected int engineDoFinal(byte[] input,
                int inputOffset,
                int inputLen,
                byte[] output,
                int outputOffset)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

        If the output buffer is too small to hold the result, a ShortBufferException is thrown.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.ShortBufferException
        javax.crypto.BadPaddingException

      • internalDoFinal

        protected int internalDoFinal(byte[] input,
                  int inputOffset,
                  int inputLen,
                  byte[] output,
                  int outputOffset)
                       throws javax.crypto.IllegalBlockSizeException,
                              javax.crypto.ShortBufferException,
                              javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

        If the output buffer is too small to hold the result, a ShortBufferException is thrown.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.ShortBufferException
        javax.crypto.BadPaddingException

      • engineWrap

        protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
        Wrap a key.
        Overrides:
        engineWrap in class javax.crypto.CipherSpi
        Parameters:
        key - the key to be wrapped.
        Returns:
        the wrapped key.
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        java.security.InvalidKeyException

      • internalWrap

        protected byte[] internalWrap(java.security.Key key)
                       throws javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidKeyException
        Wrap a key.
        Parameters:
        key - the key to be wrapped.
        Returns:
        the wrapped key.
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
        java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

      • engineUnwrap

        protected java.security.Key engineUnwrap(byte[] wrappedKey,
                             java.lang.String wrappedKeyAlgorithm,
                             int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key.
        Overrides:
        engineUnwrap in class javax.crypto.CipherSpi
        Parameters:
        wrappedKey - the key to be unwrapped.
        wrappedKeyAlgorithm - the algorithm the wrapped key is for.
        wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
        Returns:
        the unwrapped key.
        Throws:
        java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType .
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.NoSuchAlgorithmException

      • internalUnwrap

        protected java.security.Key internalUnwrap(byte[] wrappedKey,
                               java.lang.String wrappedKeyAlgorithm,
                               int wrappedKeyType)
                                    throws java.security.InvalidKeyException,
                                           java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key.
        Parameters:
        wrappedKey - the key to be unwrapped.
        wrappedKeyAlgorithm - the algorithm the wrapped key is for.
        wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
        Returns:
        the unwrapped key.
        Throws:
        java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType .
        java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
© Portions Copyright 2003, 2014, 2015, 2016 IBM Corporation. All rights reserved.
© Portions Copyright 2003, 2014 Oracle and/or its affiliates. All rights reserved.