com.ibm.crypto.fips.provider

Class FullHardwareAESCipher

  • java.lang.Object
    • javax.crypto.CipherSpi
      • com.ibm.crypto.fips.provider.FullHardwareAESCipher
  • All Implemented Interfaces:
    AESConstants, FeedbackCipher

    public final class FullHardwareAESCipher
extends javax.crypto.CipherSpi
implements AESConstants
    This class implements the triple-DES algorithm (DES-EDE) in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding).
    See Also:
    DESCipher

    • Constructor Summary

      Constructors 
      Constructor and Description
      FullHardwareAESCipher() 
      FullHardwareAESCipher(java.lang.String mode, java.lang.String paddingScheme)
      Creates an instance of DESede cipher with the requested mode and padding.

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] engineGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int engineGetKeySize(java.security.Key key)
      Returns the key size of the given key object.
      protected int engineGetOutputSize(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters engineGetParameters()
      Returns the parameters used with this cipher.
      protected void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with a key and a source of randomness.
      protected void engineSetMode(java.lang.String mode)
      Sets the mode of this cipher.
      protected void engineSetPadding(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] engineWrap(java.security.Key key)
      Wrap a key.
      protected java.lang.String getAlgorithmName() 
      java.lang.String getFeedback()
      Gets the name of the feedback mechanism
      byte[] getIV()
      Gets the initialization vector.
      protected static int getNumOfUnit(java.lang.String mode, int offset, int blockSize) 
      protected byte[] internalDoFinal(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int internalDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int internalGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] internalGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int internalGetKeySize(java.security.Key key)
      Returns the key size of the given key object.
      protected int internalGetOutputSize(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters internalGetParameters()
      Returns the parameters used with this cipher.
      protected void internalInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void internalInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
      protected void internalInit(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with a key and a source of randomness.
      protected void internalSetMode(java.lang.String mode)
      Sets the mode of this cipher.
      protected void internalSetPadding(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key internalUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] internalUpdate(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int internalUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] internalWrap(java.security.Key key)
      Wrap a key.
      void reset()
      Resets the iv to its original value.
      protected void setRawAlg()
      Sets the raw algorithm.

      • Methods inherited from class javax.crypto.CipherSpi

        engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • unitBytes

        protected int unitBytes

      • cipher

        protected com.ibm.crypto.fips.provider.SymmetricCipher cipher

      • cipherMode

        protected int cipherMode

      • rawAlg

        protected com.ibm.crypto.fips.provider.RawBlockCipher rawAlg

    • Constructor Detail

      • FullHardwareAESCipher

        public FullHardwareAESCipher()

      • FullHardwareAESCipher

        public FullHardwareAESCipher(java.lang.String mode,
                     java.lang.String paddingScheme)
                      throws java.security.NoSuchAlgorithmException,
                             javax.crypto.NoSuchPaddingException
        Creates an instance of DESede cipher with the requested mode and padding.
        Parameters:
        mode - the cipher mode
        paddingScheme - the padding mechanism
        Throws:
        java.security.NoSuchAlgorithmException - if the required cipher mode is unavailable
        javax.crypto.NoSuchPaddingException - if the required padding mechanism is unavailable

    • Method Detail

      • engineGetBlockSize

        protected int engineGetBlockSize()
        Returns the block size (in bytes).
        Returns:
        the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

      • internalGetBlockSize

        protected int internalGetBlockSize()
        Returns the block size (in bytes).
        Returns:
        the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

      • getAlgorithmName

        protected java.lang.String getAlgorithmName()

      • engineGetKeySize

        protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
        Returns the key size of the given key object.
        Parameters:
        key - the key object.
        Returns:
        the key size of the given key object.
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException - if key is invalid.

      • internalGetKeySize

        protected int internalGetKeySize(java.security.Key key)
                          throws java.security.InvalidKeyException
        Returns the key size of the given key object.
        Parameters:
        key - the key object.
        Returns:
        the key size of the given key object.
        Throws:
        java.security.InvalidKeyException - if key is invalid.

      • setRawAlg

        protected void setRawAlg()
        Sets the raw algorithm. This method is called by the constructor.

      • engineSetMode

        protected void engineSetMode(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
        Parameters:
        mode - the cipher mode
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.NoSuchAlgorithmException

      • internalSetMode

        protected void internalSetMode(java.lang.String mode)
                        throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
        Parameters:
        mode - the cipher mode
        Throws:
        java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

      • getFeedback

        public java.lang.String getFeedback()
        Description copied from interface: FeedbackCipher
        Gets the name of the feedback mechanism
        Specified by:
        getFeedback in interface FeedbackCipher
        Returns:
        the name of the feedback mechanism

      • getIV

        public byte[] getIV()
        Description copied from interface: FeedbackCipher
        Gets the initialization vector.
        Specified by:
        getIV in interface FeedbackCipher
        Returns:
        the initialization vector

      • reset

        public void reset()
        Description copied from interface: FeedbackCipher
        Resets the iv to its original value. This is used when doFinal is called in the Cipher class, so that the cipher can be reused (with its original iv).
        Specified by:
        reset in interface FeedbackCipher

      • getNumOfUnit

        protected static int getNumOfUnit(java.lang.String mode,
               int offset,
               int blockSize)
                           throws java.security.NoSuchAlgorithmException
        Throws:
        java.security.NoSuchAlgorithmException

      • engineSetPadding

        protected void engineSetPadding(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher.
        Specified by:
        engineSetPadding in class javax.crypto.CipherSpi
        Parameters:
        padding - the padding mechanism
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.NoSuchPaddingException

      • internalSetPadding

        protected void internalSetPadding(java.lang.String paddingScheme)
                           throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher.
        Parameters:
        padding - the padding mechanism
        Throws:
        javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

      • engineGetOutputSize

        protected int engineGetOutputSize(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Specified by:
        engineGetOutputSize in class javax.crypto.CipherSpi
        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes)

      • internalGetOutputSize

        protected int internalGetOutputSize(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes)

      • engineGetIV

        protected byte[] engineGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

        Specified by:
        engineGetIV in class javax.crypto.CipherSpi
        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

      • internalGetIV

        protected byte[] internalGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

      • engineGetParameters

        protected java.security.AlgorithmParameters engineGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Specified by:
        engineGetParameters in class javax.crypto.CipherSpi
        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.

      • internalGetParameters

        protected java.security.AlgorithmParameters internalGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
        Initializes this cipher with a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the secret key
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException
        Initializes this cipher with a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the secret key
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.spec.AlgorithmParameterSpec params,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.spec.AlgorithmParameterSpec params,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

      • engineInit

        protected void engineInit(int opmode,
              java.security.Key key,
              java.security.AlgorithmParameters params,
              java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

        Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException

      • internalInit

        protected void internalInit(int opmode,
                java.security.Key key,
                java.security.AlgorithmParameters params,
                java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
        Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

        Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.

      • engineUpdate

        protected byte[] engineUpdate(byte[] input,
                  int inputOffset,
                  int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

      • internalUpdate

        protected byte[] internalUpdate(byte[] input,
                    int inputOffset,
                    int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

      • engineUpdate

        protected int engineUpdate(byte[] input,
               int inputOffset,
               int inputLen,
               byte[] output,
               int outputOffset)
                    throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.ShortBufferException

      • internalUpdate

        protected int internalUpdate(byte[] input,
                 int inputOffset,
                 int inputLen,
                 byte[] output,
                 int outputOffset)
                      throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

      • engineDoFinal

        protected byte[] engineDoFinal(byte[] input,
                   int inputOffset,
                   int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • internalDoFinal

        protected byte[] internalDoFinal(byte[] input,
                     int inputOffset,
                     int inputLen)
                          throws javax.crypto.IllegalBlockSizeException,
                                 javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

      • engineDoFinal

        protected int engineDoFinal(byte[] input,
                int inputOffset,
                int inputLen,
                byte[] output,
                int outputOffset)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

        If the output buffer is too small to hold the result, a ShortBufferException is thrown.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.ShortBufferException
        javax.crypto.BadPaddingException

      • internalDoFinal

        protected int internalDoFinal(byte[] input,
                  int inputOffset,
                  int inputLen,
                  byte[] output,
                  int outputOffset)
                       throws javax.crypto.IllegalBlockSizeException,
                              javax.crypto.ShortBufferException,
                              javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

        If the output buffer is too small to hold the result, a ShortBufferException is thrown.

        A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        javax.crypto.ShortBufferException
        javax.crypto.BadPaddingException

      • engineWrap

        protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
        Wrap a key.
        Overrides:
        engineWrap in class javax.crypto.CipherSpi
        Parameters:
        key - the key to be wrapped.
        Returns:
        the wrapped key.
        Throws:
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        javax.crypto.IllegalBlockSizeException
        java.security.InvalidKeyException

      • internalWrap

        protected byte[] internalWrap(java.security.Key key)
                       throws javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidKeyException
        Wrap a key.
        Parameters:
        key - the key to be wrapped.
        Returns:
        the wrapped key.
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
        java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

      • engineUnwrap

        protected java.security.Key engineUnwrap(byte[] wrappedKey,
                             java.lang.String wrappedKeyAlgorithm,
                             int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key.
        Overrides:
        engineUnwrap in class javax.crypto.CipherSpi
        Parameters:
        wrappedKey - the key to be unwrapped.
        wrappedKeyAlgorithm - the algorithm the wrapped key is for.
        wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
        Returns:
        the unwrapped key.
        Throws:
        java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType .
        FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.
        java.security.NoSuchAlgorithmException

      • internalUnwrap

        protected java.security.Key internalUnwrap(byte[] wrappedKey,
                               java.lang.String wrappedKeyAlgorithm,
                               int wrappedKeyType)
                                    throws java.security.InvalidKeyException,
                                           java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key.
        Parameters:
        wrappedKey - the key to be unwrapped.
        wrappedKeyAlgorithm - the algorithm the wrapped key is for.
        wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
        Returns:
        the unwrapped key.
        Throws:
        java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType .
        java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
© Portions Copyright 2003, 2014, 2015, 2016 IBM Corporation. All rights reserved.
© Portions Copyright 2003, 2014 Oracle and/or its affiliates. All rights reserved.