com.ibm.crypto.fips.provider

Class JITFullHardwareCrypt

  • java.lang.Object
    • com.ibm.crypto.fips.provider.JITFullHardwareCrypt

  • public final class JITFullHardwareCrypt
extends java.lang.Object
    The class provides a fast implementation backed by hardware, optimized by JIT, of several encryption algorithms. 
    .                        START                                                      
                            |<--------------------------------------------------+   
            |---------------V----------------|                                  |   
            | AlgorithmSupportedByHardware() | (false)                New Algorithm 
            |   or isSupportedByHardware()   | ------> softwareOnly        New MODE 
            |---------------|----------------|                       New Key Length 
                            | (true)                                            |   
                      |-----V-----| (null)                                      |   
                      | getCrypto | -----> softwareOnly                         |   
                      |-----|-----|                                             |   
                            |<---------------------------------------------+    |   
       |--------------------V-----------------------|                      |    |   
       | init() (three versions, depending on mode) |         New Init. Vector  |   
       |--------------------|-----------------------|                  New Key  |   
                            |<--------------------------+       New isEncipher  |   
       |--------------------V-----------------------|   |                  |    |   
       | cipher() (two versions, depending on mode) |  More data (slower!) |    |   
       |--------------------|-----------------------|   |                  |    |   
                            +---------------------------+                  |    |   
                            +----------------------------------------------+    |   
                            +---------------------------------------------------+   
                            |                                                       
                            V                                                       
                          DONE

    • Method Summary

      Methods 
      Modifier and Type Method and Description
      void cipher(byte[] in, int inputLength, int inputOffset, byte[] out, int outputOffset)
      Will encipher the data in in[] and output to out[] using the {algorithm, mode, key} previously selected by calls to getCrypto() and init().
      void cipher(byte[] in, int inputLength, int inputOffset, byte[] out, int outputOffset, byte[] ctr, int ctrOffset)
      Will encipher the data in in[] and output to out[] using the {algorithm, mode, key} previously selected by calls to getCrypto() and init().
      int getBlockSize()
      Once instance of the Crypto object was obtained (via getCrypto), this returns the block-size length (in bytes) the selected algorithm will use.
      byte[] getIV()
      Provides direct access to the chaining value used by the algorithm.
      int getIVSize()
      Once instance of the Crypto object was obtained (via getCrypto), this returns the Initialization Vector length (in bytes) the selected algorithm will need.
      void init(boolean isEncrypt, byte[] key)
      To be called before cipher() can be used.
      void init(boolean isEncrypt, byte[] key, byte[] IV)
      To be called before cipher() can be used.
      void init(boolean isEncrypt, byte[] key, byte[] IV, int size)
      To be called before cipher() can be used.
      static boolean isSupportedByHardware(java.lang.String algorithm, java.lang.String mode)
      Returns false if hardware does not support encryption for the particular algorithm.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Method Detail

      • cipher

        public void cipher(byte[] in,
          int inputLength,
          int inputOffset,
          byte[] out,
          int outputOffset)
        Will encipher the data in in[] and output to out[] using the {algorithm, mode, key} previously selected by calls to getCrypto() and init(). Assumes correct init() function has already been called (Modes: ECB, CBC, OFB, CFB) Will not do any padding; assumes enough blocks has been provided in in[] and out[]. For best performance, provide as much data as is available (that is single cipher() invocation is much faster then several repeated ones).
        Parameters:
        in - input byte array
        inputLength - number of bytes to process, MUST be multiple of blockSize
        inputOffset - starting point in in[]
        out - output byte array, with enough memory allocated to process inputLength bytes
        outputOffset - starting point in out[]

      • cipher

        public void cipher(byte[] in,
          int inputLength,
          int inputOffset,
          byte[] out,
          int outputOffset,
          byte[] ctr,
          int ctrOffset)
        Will encipher the data in in[] and output to out[] using the {algorithm, mode, key} previously selected by calls to getCrypto() and init(). Assumes correct init() function has already been called (Modes: CTR) Will not do any padding; assumes enough blocks has been provided in in[] and out[]. For best performance, provide as much data as is available (that is single cipher() invocation is much faster then several repeated ones).
        Parameters:
        in - input byte array
        inputLength - number of bytes to process, MUST be multiple of blockSize
        inputOffset - starting point in in[]
        out - output byte array, with enough memory allocated
        outputOffset - starting point in out[]
        ctr -
        ctrOffset -

      • init

        public void init(boolean isEncrypt,
        byte[] key)
        To be called before cipher() can be used. This function is to be used for mode "ECB", "CTR" for hardwareOuter. This function is to be used for all modes for hardwarePartial.
        Parameters:
        isEncrypt - true for encryption, false for decryption
        key - Secret key to be used, usually either 128bit, 192bit or 256bit (16,24,32 bytes respectively)

      • init

        public void init(boolean isEncrypt,
        byte[] key,
        byte[] IV)
        To be called before cipher() can be used. This init is to be used for mode "CBC", "OFB".
        Parameters:
        isEncrypt - true for encryption, false for decryption
        key - Secret key to be used, usually either 128bit, 192bit or 256bit (16,24,32 bytes respectively)
        IV - Initialization vector (sometimes also called chaining value) to be used (to start ciphering).

      • init

        public void init(boolean isEncrypt,
        byte[] key,
        byte[] IV,
        int size)
        To be called before cipher() can be used. This init is to be used for mode "CFB".
        Parameters:
        isEncrypt - true for encryption, false for decryption
        key - Secret key to be used, usually either 128bit, 192bit or 256bit (16,24,32 bytes respectively)
        IV - Initialization vector (sometimes also called chaining value) to be used (to start ciphering).
        size - Length of cipher feedback (LCFB) in bytes

      • isSupportedByHardware

        public static boolean isSupportedByHardware(java.lang.String algorithm,
                            java.lang.String mode)
        Returns false if hardware does not support encryption for the particular algorithm. This is a hint if getCrypto() will fail. Even if true is returned, it still could fail if keyLength is not supported by hardware).
        Parameters:
        algorithm - Name of algorithm (i.e. AES)
        mode - Name of mode (i.e. CBC)
        Returns:
        false if hardware is known not to support this algorithm.

      • getBlockSize

        public int getBlockSize()
        Once instance of the Crypto object was obtained (via getCrypto), this returns the block-size length (in bytes) the selected algorithm will use. cipher() will process multiple block-size chunks of data at a time, do not break data into block-size pieces.
        Returns:
        block size in bytes

      • getIV

        public byte[] getIV()
        Provides direct access to the chaining value used by the algorithm. THIS IS A COPY of the memory, so changing its value will not affect subsequent invocations of the cipher()!
        Returns:
        Intermediate initialization vector (or chaining value).

      • getIVSize

        public int getIVSize()
        Once instance of the Crypto object was obtained (via getCrypto), this returns the Initialization Vector length (in bytes) the selected algorithm will need.
        Returns:
        the length of initialization vector that the appropriate init() function expects.
© Portions Copyright 2003, 2014, 2015, 2016 IBM Corporation. All rights reserved.
© Portions Copyright 2003, 2014 Oracle and/or its affiliates. All rights reserved.
  • Summary: 
  • Nested | 
  • Field | 
  • Constr | 
  • Method
  • Detail: 
  • Field | 
  • Constr | 
  • Method