Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class AESCipher

java.lang.Object
javax.crypto.CipherSpi
com.ibm.crypto.hdwrCCA.provider.AESCipher
public final class AESCipher extends CipherSpi
This class implements the AES algorithm in its various modes (ECB, CBC, CFB, OFB, GCM) and padding schemes (PKCS5Padding, NoPadding). AES hardware supports these modes. If AES hardware is not available, then if ICSF and DESede hardware are available, the ICSF software implementation will be used.

If the following are true:

then the authentication tag length (TLen) specified in the GCMParameterSpec must be a value accepted by the z/OS component that will perform the encryption/decryption operation. See the z/OS ICSF Application Programmer's Guide (SA22-7522), for more information. In particular, see the sections on CSNBSYE and CSNBSYD where you will find the allowed authentication tag lengths in the description of parameter key_parms_length. Note that, although the tag length specified in the GCMParameterSpec is in bits, the valid tag lengths listed in the ICSF Application Programmer's Guide are in bytes. (For example, a GCMParameterSpec TLen value of 112 corresponds to an ICSF tag length of 14.)

This documentation describes a Service Provider Interface. It is provided for implementation insight only. This class is not intended to be called directly by application developers. Please consult the 'Java Cryptography Architecture Standard' for details on how to use this interface through a public standard class.

Note:
Certain operations may require specific hardware or software, or specific key types. See the rest of this document and the z/OS Unique Considerations Hardware Crypto Reference Guide for more details. Unsupported operations and/or combinations may result in a RuntimeException Hardware Error.
For public interface details, consult the JCE API documentation for javax.crypto.Cipher.

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected static final int
    CBC_MODE
    CBC mode encryption.
    protected static final int
    CFB_MODE
    CFB mode encryption.
    protected int
    cipherMode
    The cipher mode.
    static final int
    DEFAULT_TAG_LENGTH
    Default value for tLen, used for GCM mode if no GCMParameterSpec is passed to init().
    protected static final int
    ECB_MODE
    ECB mode encryption.
    protected static final int
    GCM_MODE
    GCM mode encryption.
    protected static final int
    OFB_MODE
    OFB mode encryption.
    protected com.ibm.crypto.hdwrCCA.provider.AESCrypt
    rawAlg
    The (raw) algorithm.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AESCipher()
    Creates an instance of AES cipher with default CBC mode and PKCS5Padding.
    AESCipher(String mode, String paddingScheme)
    Creates an instance of AES cipher with the requested mode and padding.

  • Method Summary

    Modifier and Type
    Method
    Description
    protected byte[]
    engineDoFinal(byte[] input, int inputOffset, int inputLen)
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
    protected int
    engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
    protected int
    engineGetBlockSize()
    Returns the block size (in bytes).
    protected byte[]
    engineGetIV()
    Returns the initialization vector (IV) in a new buffer.
    protected int
    engineGetKeySize(Key key)
    Returns the key size of the given key object.
    protected int
    engineGetOutputSize(int inputLen)
    Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
    protected AlgorithmParameters
    engineGetParameters()
    Returns the parameters used with this cipher.
    protected void
    engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random)
    Initializes this cipher with an opmode, a key, a set of algorithm parameters, and a source of randomness.
    protected void
    engineInit(int opmode, Key key, SecureRandom random)
    Initializes this cipher with an opmode, a key and a source of randomness.
    protected void
    engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random)
    Initializes this cipher with an opmode, a key, a set of algorithm parameters, and a source of randomness.
    protected void
    engineSetMode(String mode)
    Sets the mode of this cipher.
    protected void
    engineSetPadding(String paddingScheme)
    Sets the padding mechanism of this cipher.
    protected Key
    engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType)
    Unwrap a previously wrapped key.
    protected byte[]
    engineUpdate(byte[] input, int inputOffset, int inputLen)
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
    protected int
    engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
    protected void
    engineUpdateAAD(byte[] src)
    Begins or continues a multi-part update of the Additional Authentication Data (AAD) for GCM mode only.
    protected void
    engineUpdateAAD(byte[] src, int offset, int len)
    Begins or continues a multi-part update of the Additional Authentication Data (AAD) for GCM mode only.
    protected byte[]
    engineWrap(Key key)
    Wrap a key.
    protected void
    setRawAlg()
    Sets the raw algorithm to AES.

    Methods inherited from class javax.crypto.CipherSpi

    engineDoFinal, engineUpdate, engineUpdateAAD

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Field Details

    • cipherMode

      protected int cipherMode
      The cipher mode. One of ECB, CBC, GCM, CFB, CFBnn or OFB.

    • ECB_MODE

      protected static final int ECB_MODE
      ECB mode encryption. ECB mode encryption can be performed with CLEAR keys (also known as RAW keys), with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys), with SECURE_INTERNAL_TOKEN keys (also known as ICSFToken keys).
      See Also:

    • CBC_MODE

      protected static final int CBC_MODE
      CBC mode encryption. CBC mode encryption can be performed with CLEAR keys (also known as RAW keys), with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys), with SECURE_INTERNAL_TOKEN keys (also known as ICSFToken keys).
      See Also:

    • CFB_MODE

      protected static final int CFB_MODE
      CFB mode encryption. CFB mode encryption can be performed with CLEAR keys (also known as RAW keys) and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys).
      See Also:

    • OFB_MODE

      protected static final int OFB_MODE
      OFB mode encryption. OFB mode encryption can be performed with CLEAR keys (also known as RAW keys) and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys).
      See Also:

    • GCM_MODE

      protected static final int GCM_MODE
      GCM mode encryption. GCM mode encryption can be performed with CLEAR keys (also known as RAW keys) and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys).
      See Also:

    • DEFAULT_TAG_LENGTH

      public static final int DEFAULT_TAG_LENGTH
      Default value for tLen, used for GCM mode if no GCMParameterSpec is passed to init().
      See Also:

    • rawAlg

      protected com.ibm.crypto.hdwrCCA.provider.AESCrypt rawAlg
      The (raw) algorithm. This is the implementation of the raw AES algorithm, which can be plugged (via setEmbeddedCipher) into one of the cipher mode classes CipherBlockChaining, CipherFeedback, ElectronicCodeBook, or OutputFeedback.

  • Constructor Details

    • AESCipher

      public AESCipher() throws NoSuchAlgorithmException, NoSuchPaddingException
      Creates an instance of AES cipher with default CBC mode and PKCS5Padding.
      NOTE:
      The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
      Throws:
      SecurityException - if this constructor fails to authenticate the JCE framework.
      NoSuchAlgorithmException
      NoSuchPaddingException

    • AESCipher

      public AESCipher(String mode, String paddingScheme) throws NoSuchAlgorithmException, NoSuchPaddingException
      Creates an instance of AES cipher with the requested mode and padding.
      NOTE:
      The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
      Parameters:
      mode - the cipher mode
      paddingScheme - the padding mechanism
      Throws:
      NoSuchAlgorithmException - if the required cipher mode is unavailable
      NoSuchPaddingException - if the required padding mechanism is unavailable
      SecurityException - if this constructor fails to authenticate the JCE framework.

  • Method Details

    • setRawAlg

      protected void setRawAlg()
      Sets the raw algorithm to AES. This method is not a supported customer interface.

    • engineSetMode

      protected void engineSetMode(String mode) throws NoSuchAlgorithmException
      Sets the mode of this cipher. This method is not a supported customer interface.
      Specified by:
      engineSetMode in class CipherSpi
      Parameters:
      mode - the cipher mode
      Throws:
      NoSuchAlgorithmException - if the requested cipher mode does not exist

    • engineSetPadding

      protected void engineSetPadding(String paddingScheme) throws NoSuchPaddingException
      Sets the padding mechanism of this cipher. This method is not a supported customer interface.
      Specified by:
      engineSetPadding in class CipherSpi
      Parameters:
      paddingScheme - the padding mechanism
      Throws:
      NoSuchPaddingException - if the requested padding mechanism does not exist

    • engineGetBlockSize

      protected int engineGetBlockSize()
      Returns the block size (in bytes).
      Specified by:
      engineGetBlockSize in class CipherSpi
      Returns:
      the block size (in bytes).

    • engineGetOutputSize

      protected int engineGetOutputSize(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

      This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

      The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

      Specified by:
      engineGetOutputSize in class CipherSpi
      Parameters:
      inputLen - the input length (in bytes)
      Returns:
      the required output buffer size (in bytes).
      Throws:
      IllegalStateException - if this method is called in GCM mode and no GCMParameterSpec has yet been passed to engineInit(int, Key, AlgorithmParameterSpec, SecureRandom).

    • engineGetIV

      protected byte[] engineGetIV()
      Returns the initialization vector (IV) in a new buffer.

      This is useful in the case where a random IV has been created (see engineInit(int, Key, SecureRandom)), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

      Specified by:
      engineGetIV in class CipherSpi
      Returns:
      the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

    • engineInit

      protected void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException
      Initializes this cipher with an opmode, a key and a source of randomness.

      The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

      If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

      This method also cleans existing buffer and other related state information.

      Specified by:
      engineInit in class CipherSpi
      Parameters:
      opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
      key - the secret key
      random - the source of randomness
      Throws:
      InvalidKeyException - if the given key is inappropriate for initializing this cipher.

    • engineInit

      protected void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
      Initializes this cipher with an opmode, a key, a set of algorithm parameters, and a source of randomness.

      The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

      If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

      Specified by:
      engineInit in class CipherSpi
      Parameters:
      opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
      key - the encryption key.
      params - the algorithm parameter spec. See the class description for information regarding this parameter when using GCM mode.
      random - the source of randomness
      Throws:
      InvalidKeyException - if the given key is inappropriate for initializing this cipher
      InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

    • engineInit

      protected void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
      Initializes this cipher with an opmode, a key, a set of algorithm parameters, and a source of randomness.

      The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

      If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

      Specified by:
      engineInit in class CipherSpi
      Parameters:
      opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
      key - the encryption key
      params - the algorithm parameters
      random - the source of randomness
      Throws:
      InvalidKeyException - if the given key is inappropriate for initializing this cipher
      InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

    • engineUpdateAAD

      protected void engineUpdateAAD(byte[] src) throws IllegalArgumentException, IllegalStateException, UnsupportedOperationException
      Begins or continues a multi-part update of the Additional Authentication Data (AAD) for GCM mode only. Calls to this method provide AAD to the cipher when operating in GCM mode. If this cipher is operating in GCM mode, all AAD must be supplied before beginning operations on the text/cipherText.
      Parameters:
      src - the buffer containing the AAD
      Throws:
      IllegalArgumentException - if the src byte array is empty
      IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized) or if this method is called when not in GCM mode.
      UnsupportedOperationException - is not thrown by this method but is required by the specification.

    • engineUpdateAAD

      protected void engineUpdateAAD(byte[] src, int offset, int len) throws IllegalArgumentException, IllegalStateException, UnsupportedOperationException
      Begins or continues a multi-part update of the Additional Authentication Data (AAD) for GCM mode only. Calls to this method provide AAD to the cipher when operating in GCM mode. If this cipher is operating in GCM mode, all AAD must be supplied before beginning operations on the text/cipherText.
      Overrides:
      engineUpdateAAD in class CipherSpi
      Parameters:
      src - the buffer containing the AAD
      offset - the offset in src where the AAD input starts
      len - the number of AAD bytes
      Throws:
      IllegalArgumentException - if the src byte array is null or empty
      IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized) or if this method is called when not in GCM mode.
      UnsupportedOperationException - is not thrown by this method but is required by the specification.

    • engineUpdate

      protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

      The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

      This method is not supported in GCM mode.

      Specified by:
      engineUpdate in class CipherSpi
      Parameters:
      input - the input buffer
      inputOffset - the offset in input where the input starts
      inputLen - the input length
      Returns:
      the new buffer with the result.
      Throws:
      IllegalStateException -
      • if this cipher is in a wrong state (e.g., has not been initialized).
      • if this method is called in GCM mode.

    • engineUpdate

      protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

      The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

      This method is not supported in GCM mode.

      Specified by:
      engineUpdate in class CipherSpi
      Parameters:
      input - the input buffer
      inputOffset - the offset in input where the input starts
      inputLen - the input length
      output - the buffer for the result
      outputOffset - the offset in output where the result is stored
      Returns:
      the number of bytes stored in output.
      Throws:
      ShortBufferException - if the given output buffer is too small to hold the result
      IllegalStateException - if this method is called in GCM mode.

    • engineDoFinal

      protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

      The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

      The cipher is reset to its initial state (uninitialized) after this call.

      Specified by:
      engineDoFinal in class CipherSpi
      Parameters:
      input - the input buffer
      inputOffset - the offset in input where the input starts
      inputLen - the input length
      Returns:
      the new buffer with the result.
      Throws:
      IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.
      BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
      IllegalArgumentException - if this method is called for decryption in GCM mode and the input buffer is not large enough to contain the authentication tag.

    • engineDoFinal

      protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws IllegalBlockSizeException, ShortBufferException, BadPaddingException
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

      The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

      The cipher is reset to its initial state (uninitialized) after this call.

      Specified by:
      engineDoFinal in class CipherSpi
      Parameters:
      input - the input buffer
      inputOffset - the offset in input where the input starts
      inputLen - the input length
      output - the buffer for the result
      outputOffset - the offset in output where the result is stored
      Returns:
      the number of bytes stored in output.
      Throws:
      IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.
      ShortBufferException - if the given output buffer is too small to hold the result.
      BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
      AEADBadTagException - if this cipher is in GCM decryption mode, and the AuthenticationTag was not verified correct.
      JCECCARuntimeException - if the native API reports an error. If using GCM mode and the message indicates that CSNBSYE or CSNBSYD returned (8,11000), this can be caused by an invalid authentication tag length specified in the GCMParameterSpec passed to engineInit(int, Key, AlgorithmParameterSpec, SecureRandom). For more information, see the class description.
      IllegalArgumentException -
      • if the cipher is in GCM mode and if both the AdditionalAuthenticationData (AAD) and the input text have length of zero.
      • if the cipher is in GCM mode and if decrypting, and the input text length is less than that AuthenticationTagLength (Tlen).
      • if the cipher is in GCM mode and if length specified for the AuthenticationTagLength (Tlen) is not supported by ICSF.

    • engineGetParameters

      protected AlgorithmParameters engineGetParameters()
      Returns the parameters used with this cipher.

      The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

      Specified by:
      engineGetParameters in class CipherSpi
      Returns:
      the parameters used with this cipher, null if this cipher does not use any parameters, or null if this cipher has not been initialized.

    • engineGetKeySize

      protected int engineGetKeySize(Key key)
      Returns the key size of the given key object.

      This method is called by the JCE framework to ensure that the size of the key to be used does not exceed the maximum allowable key size specified in the Java restricted policy files.

      Since cryptographic operations using AES ciphers are always done at the cryptographic hardware level, and the hardware itself enforces the US export restrictions relating to cryptographic keys, we should always return a key size that will pass the restricted policy files check done by the JCE framework.

      Overrides:
      engineGetKeySize in class CipherSpi
      Parameters:
      key - the key object.
      Returns:
      a key size that will pass the restricted policy files check done by the JCE framework.

    • engineWrap

      protected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException
      Wrap a key.

      This method is not supported in GCM mode.

      Overrides:
      engineWrap in class CipherSpi
      Parameters:
      key - the key to be wrapped. This key must be a RAW Cipher.SECRET_KEY. This cipher does not support wrapping secret keys of type ICSFToken or type CKDSLabel, and does not support wrapping Cipher.PRIVATE_KEY or Cipher.PUBLIC_KEY.
      Returns:
      the wrapped key.
      Throws:
      IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
      InvalidKeyException - if any of the following is true:
      • it is impossible or unsafe to wrap the key with this cipher (for example, a hardware protected key is being passed to a software only cipher)
      • the key is a Cipher.PRIVATE_KEY
      • the key is a Cipher.PUBLIC_KEY
      • the key is a Cipher.SECRET_KEY but is not type RAW key
      IllegalStateException - if this method is called in GCM mode.

    • engineUnwrap

      protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException
      Unwrap a previously wrapped key.

      This method is not supported in GCM mode.

      Overrides:
      engineUnwrap in class CipherSpi
      Parameters:
      wrappedKey - the key to be unwrapped.
      wrappedKeyAlgorithm - the algorithm the wrapped key is for.
      wrappedKeyType - the type of the wrapped key. This must be Cipher.SECRET_KEY. This cipher does not support unwrapping a key of type Cipher.PRIVATE_KEY or Cipher.PUBLIC_KEY.
      Returns:
      the unwrapped key.
      Throws:
      InvalidKeyException - if any of the following is true:
      • wrappedKey does not represent a wrapped key
      • the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm
      • its key type is different from wrappedKeyType
      • the wrappedKeyType parameter is not Cipher.SECRET_KEY
      NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
      IllegalStateException - if this method is called in GCM mode.