- java.lang.Object
-
- javax.crypto.CipherSpi
-
- com.ibm.crypto.hdwrCCA.provider.DESCipher
-
public final class DESCipher extends javax.crypto.CipherSpi
This class implements the DES algorithm in its various modes (ECB
,CFB
,OFB
,CBC
,PCBC
) and padding schemes (PKCS5Padding
,NoPadding
). DES hardware support is for theCBC
mode only. All other modes will use software.In addition, the system property
ibm.DES.usehdwr.size
value determines whether hardware or software is used for theCBC
mode. If the size of the data to be encrypted/decrypted is greater than the value ofibm.DES.usehdwr.size
, then hardware is used. Otherwise, software is used. When the value ofibm.DES.usehdwr.size
is -1, software is always used. When the value ofibm.DES.usehdwr.size
is 0, hardware is used if it supports the specified mode.This documentation describes a Service Provider Interface. It is provided for implementation insight only. This class is not intended to be called directly by application developers. Please consult the 'Java Cryptography Architecture Standard' for details on how to use this interface through a public standard class.
- NOTE:
- Certain operations may require specific hardware or software, or specific key types. See the rest of this document and the z/OS Unique Considerations Hardware Crypto Reference Guide for more details. Unsupported operations and/or combinations may result in a RuntimeException Hardware Error.
javax.crypto.Cipher
.
-
-
Field Summary
Fields Modifier and Type Field Description protected static int
CBC_MODE
CBC mode encryption.protected static int
CFB_MODE
CFB mode encryption.protected int
cipherMode
The cipher mode.static int
DES_BLOCK_SIZE
Default DES block size in number of bytes.protected static int
ECB_MODE
ECB mode encryption.static int[]
initPermLeft0
Intended for internal use only.static int[]
initPermLeft1
Intended for internal use only.static int[]
initPermLeft2
Intended for internal use only.static int[]
initPermLeft3
Intended for internal use only.static int[]
initPermLeft4
Intended for internal use only.static int[]
initPermLeft5
Intended for internal use only.static int[]
initPermLeft6
Intended for internal use only.static int[]
initPermLeft7
Intended for internal use only.static int[]
initPermLeft8
Intended for internal use only.static int[]
initPermLeft9
Intended for internal use only.static int[]
initPermLeftA
Intended for internal use only.static int[]
initPermLeftB
Intended for internal use only.static int[]
initPermLeftC
Intended for internal use only.static int[]
initPermLeftD
Intended for internal use only.static int[]
initPermLeftE
Intended for internal use only.static int[]
initPermLeftF
Intended for internal use only.static int[]
initPermRight0
Intended for internal use only.static int[]
initPermRight1
Intended for internal use only.static int[]
initPermRight2
Intended for internal use only.static int[]
initPermRight3
Intended for internal use only.static int[]
initPermRight4
Intended for internal use only.static int[]
initPermRight5
Intended for internal use only.static int[]
initPermRight6
Intended for internal use only.static int[]
initPermRight7
Intended for internal use only.static int[]
initPermRight8
Intended for internal use only.static int[]
initPermRight9
Intended for internal use only.static int[]
initPermRightA
Intended for internal use only.static int[]
initPermRightB
Intended for internal use only.static int[]
initPermRightC
Intended for internal use only.static int[]
initPermRightD
Intended for internal use only.static int[]
initPermRightE
Intended for internal use only.static int[]
initPermRightF
Intended for internal use only.protected static int
OFB_MODE
OFB mode encryption.protected static int
PCBC_MODE
PCBC mode encryption.static int[]
permLeft1
Intended for internal use only.static int[]
permLeft3
Intended for internal use only.static int[]
permLeft5
Intended for internal use only.static int[]
permLeft7
Intended for internal use only.static int[]
permLeft9
Intended for internal use only.static int[]
permLeftB
Intended for internal use only.static int[]
permLeftD
Intended for internal use only.static int[]
permLeftF
Intended for internal use only.static int[]
permRight0
Intended for internal use only.static int[]
permRight2
Intended for internal use only.static int[]
permRight4
Intended for internal use only.static int[]
permRight6
Intended for internal use only.static int[]
permRight8
Intended for internal use only.static int[]
permRightA
Intended for internal use only.static int[]
permRightC
Intended for internal use only.static int[]
permRightE
Intended for internal use only.protected com.ibm.crypto.hdwrCCA.provider.DESCrypt
rawAlg
The (raw) algorithm.static int[]
s0p
Intended for internal use only.static int[]
s1p
Intended for internal use only.static int[]
s2p
Intended for internal use only.static int[]
s3p
Intended for internal use only.static int[]
s4p
Intended for internal use only.static int[]
s5p
Intended for internal use only.static int[]
s6p
Intended for internal use only.static int[]
s7p
Intended for internal use only.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected byte[]
engineDoFinal(byte[] input, int inputOffset, int inputLen)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.protected int
engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.protected int
engineGetBlockSize()
Returns the block size (in bytes).protected byte[]
engineGetIV()
Returns the initialization vector (IV) in a new buffer.protected int
engineGetKeySize(java.security.Key key)
Returns the key size of the given key object.protected int
engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the nextupdate
ordoFinal
operation, given the input lengthinputLen
(in bytes).protected java.security.AlgorithmParameters
engineGetParameters()
Returns the parameters used with this cipher.protected void
engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.protected void
engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
Initializes this cipher with an operation mode, a key and a source of randomness.protected void
engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.protected void
engineSetMode(java.lang.String mode)
Sets the mode of this cipher.protected void
engineSetPadding(java.lang.String paddingScheme)
Sets the padding mechanism of this cipher.protected java.security.Key
engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
Unwrap a previously wrapped key.protected byte[]
engineUpdate(byte[] input, int inputOffset, int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.protected int
engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.protected byte[]
engineWrap(java.security.Key key)
Wrap a key.protected void
setRawAlg()
Sets the raw algorithm to DES.
-
-
-
Field Detail
-
cipherMode
protected int cipherMode
The cipher mode. One of ECB, CBC, PCBC, CFB, CFBnn, OFB, or OFBnn.
-
ECB_MODE
protected static final int ECB_MODE
ECB mode encryption. ECB mode encryption can be performed with CLEAR keys (also known as RAW keys), and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys).- See Also:
- Constant Field Values
-
CBC_MODE
protected static final int CBC_MODE
CBC mode encryption. CBC mode encryption can be performed with CLEAR keys (also known as RAW keys), with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys), and with SECURE_INTERNAL_TOKEN keys (also known as ICSFToken keys).- See Also:
- Constant Field Values
-
CFB_MODE
protected static final int CFB_MODE
CFB mode encryption. CFB mode encryption can be performed with CLEAR keys (also known as RAW keys) and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys). LCFB (specified as CFBnn) encryption can be performed with CLEAR keys (also known as RAW keys).- See Also:
- Constant Field Values
-
OFB_MODE
protected static final int OFB_MODE
OFB mode encryption. OFB mode encryption can be performed with CLEAR keys (also known as RAW keys). LOFB (specified as OFBnn) can be performed with CLEAR keys (also known as RAW keys).- See Also:
- Constant Field Values
-
PCBC_MODE
protected static final int PCBC_MODE
PCBC mode encryption. PCBC mode encryption can be performed with CLEAR keys (also known as RAW keys).- See Also:
- Constant Field Values
-
rawAlg
protected com.ibm.crypto.hdwrCCA.provider.DESCrypt rawAlg
The (raw) algorithm. This is the implementation of the raw DES or triple-DES algorithm, which can be plugged (viasetEmbeddedCipher
) into one of the cipher mode classesCipherBlockChaining
,CipherFeedback
,ElectronicCodeBook
, orOutputFeedback
.
-
DES_BLOCK_SIZE
public static final int DES_BLOCK_SIZE
Default DES block size in number of bytes.- See Also:
- Constant Field Values
-
s0p
public static final int[] s0p
Intended for internal use only.
-
s1p
public static final int[] s1p
Intended for internal use only.
-
s2p
public static final int[] s2p
Intended for internal use only.
-
s3p
public static final int[] s3p
Intended for internal use only.
-
s4p
public static final int[] s4p
Intended for internal use only.
-
s5p
public static final int[] s5p
Intended for internal use only.
-
s6p
public static final int[] s6p
Intended for internal use only.
-
s7p
public static final int[] s7p
Intended for internal use only.
-
permRight0
public static final int[] permRight0
Intended for internal use only.
-
permLeft1
public static final int[] permLeft1
Intended for internal use only.
-
permRight2
public static final int[] permRight2
Intended for internal use only.
-
permLeft3
public static final int[] permLeft3
Intended for internal use only.
-
permRight4
public static final int[] permRight4
Intended for internal use only.
-
permLeft5
public static final int[] permLeft5
Intended for internal use only.
-
permRight6
public static final int[] permRight6
Intended for internal use only.
-
permLeft7
public static final int[] permLeft7
Intended for internal use only.
-
permRight8
public static final int[] permRight8
Intended for internal use only.
-
permLeft9
public static final int[] permLeft9
Intended for internal use only.
-
permRightA
public static final int[] permRightA
Intended for internal use only.
-
permLeftB
public static final int[] permLeftB
Intended for internal use only.
-
permRightC
public static final int[] permRightC
Intended for internal use only.
-
permLeftD
public static final int[] permLeftD
Intended for internal use only.
-
permRightE
public static final int[] permRightE
Intended for internal use only.
-
permLeftF
public static final int[] permLeftF
Intended for internal use only.
-
initPermLeft0
public static final int[] initPermLeft0
Intended for internal use only.
-
initPermRight0
public static final int[] initPermRight0
Intended for internal use only.
-
initPermLeft1
public static final int[] initPermLeft1
Intended for internal use only.
-
initPermRight1
public static final int[] initPermRight1
Intended for internal use only.
-
initPermLeft2
public static final int[] initPermLeft2
Intended for internal use only.
-
initPermRight2
public static final int[] initPermRight2
Intended for internal use only.
-
initPermLeft3
public static final int[] initPermLeft3
Intended for internal use only.
-
initPermRight3
public static final int[] initPermRight3
Intended for internal use only.
-
initPermLeft4
public static final int[] initPermLeft4
Intended for internal use only.
-
initPermRight4
public static final int[] initPermRight4
Intended for internal use only.
-
initPermLeft5
public static final int[] initPermLeft5
Intended for internal use only.
-
initPermRight5
public static final int[] initPermRight5
Intended for internal use only.
-
initPermLeft6
public static final int[] initPermLeft6
Intended for internal use only.
-
initPermRight6
public static final int[] initPermRight6
Intended for internal use only.
-
initPermLeft7
public static final int[] initPermLeft7
Intended for internal use only.
-
initPermRight7
public static final int[] initPermRight7
Intended for internal use only.
-
initPermLeft8
public static final int[] initPermLeft8
Intended for internal use only.
-
initPermRight8
public static final int[] initPermRight8
Intended for internal use only.
-
initPermLeft9
public static final int[] initPermLeft9
Intended for internal use only.
-
initPermRight9
public static final int[] initPermRight9
Intended for internal use only.
-
initPermLeftA
public static final int[] initPermLeftA
Intended for internal use only.
-
initPermRightA
public static final int[] initPermRightA
Intended for internal use only.
-
initPermLeftB
public static final int[] initPermLeftB
Intended for internal use only.
-
initPermRightB
public static final int[] initPermRightB
Intended for internal use only.
-
initPermLeftC
public static final int[] initPermLeftC
Intended for internal use only.
-
initPermRightC
public static final int[] initPermRightC
Intended for internal use only.
-
initPermLeftD
public static final int[] initPermLeftD
Intended for internal use only.
-
initPermRightD
public static final int[] initPermRightD
Intended for internal use only.
-
initPermLeftE
public static final int[] initPermLeftE
Intended for internal use only.
-
initPermRightE
public static final int[] initPermRightE
Intended for internal use only.
-
initPermLeftF
public static final int[] initPermLeftF
Intended for internal use only.
-
initPermRightF
public static final int[] initPermRightF
Intended for internal use only.
-
-
Constructor Detail
-
DESCipher
public DESCipher() throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException
Creates an instance of DES cipher with default ECB mode and PKCS5Padding.- NOTE:
- The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
- Throws:
java.lang.SecurityException
- if this constructor fails to authenticate the JCE framework.java.security.NoSuchAlgorithmException
javax.crypto.NoSuchPaddingException
-
DESCipher
public DESCipher(java.lang.String mode, java.lang.String paddingScheme) throws java.security.NoSuchAlgorithmException, javax.crypto.NoSuchPaddingException
Creates an instance of DES cipher with the requested mode and padding.- NOTE:
- The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
- Parameters:
mode
- the cipher modepaddingScheme
- the padding mechanism- Throws:
java.security.NoSuchAlgorithmException
- if the required cipher mode is unavailable.javax.crypto.NoSuchPaddingException
- if the required padding mechanism is unavailable.java.lang.SecurityException
- if this constructor fails to authenticate the JCE framework.
-
-
Method Detail
-
setRawAlg
protected void setRawAlg()
Sets the raw algorithm to DES. This method is not a supported customer interface.
-
engineSetMode
protected void engineSetMode(java.lang.String mode) throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher. This method is not a supported customer interface.- Specified by:
engineSetMode
in classjavax.crypto.CipherSpi
- Parameters:
mode
- the cipher mode- Throws:
java.security.NoSuchAlgorithmException
- if the requested cipher mode does not exist.
-
engineSetPadding
protected void engineSetPadding(java.lang.String paddingScheme) throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher. This method is not a supported customer interface.- Specified by:
engineSetPadding
in classjavax.crypto.CipherSpi
- Parameters:
paddingScheme
- the padding mechanism- Throws:
javax.crypto.NoSuchPaddingException
- if the requested padding mechanism does not exist.
-
engineGetBlockSize
protected int engineGetBlockSize()
Returns the block size (in bytes).- Specified by:
engineGetBlockSize
in classjavax.crypto.CipherSpi
- Returns:
- the block size (in bytes) or 0 if the underlying algorithm is not a block cipher.
-
engineGetOutputSize
protected int engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the nextupdate
ordoFinal
operation, given the input lengthinputLen
(in bytes).This call takes into account any unprocessed (buffered) data from a previous
update
call, and padding.The actual output length of the next
update
ordoFinal
call may be smaller than the length returned by this method.- Specified by:
engineGetOutputSize
in classjavax.crypto.CipherSpi
- Parameters:
inputLen
- the input length (in bytes)- Returns:
- the required output buffer size (in bytes).
-
engineGetIV
protected byte[] engineGetIV()
Returns the initialization vector (IV) in a new buffer.This is useful in the case where a random IV has been created (see
engineInit(int, Key, SecureRandom)
), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.- Specified by:
engineGetIV
in classjavax.crypto.CipherSpi
- Returns:
- the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
-
engineGetParameters
protected java.security.AlgorithmParameters engineGetParameters()
Returns the parameters used with this cipher.The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).
- Specified by:
engineGetParameters
in classjavax.crypto.CipherSpi
- Returns:
- the parameters used with this cipher, or null if this cipher does not use any parameters.
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random) throws java.security.InvalidKeyException
Initializes this cipher with an operation mode, a key and a source of randomness.The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of
opmode
.If this cipher requires an initialization vector (IV), it will get it from
random
. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.This method also cleans existing buffer and other related state information.
- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Parameters:
opmode
- the operation mode of this cipher (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
orUNWRAP_MODE
)key
- the secret keyrandom
- the source of randomness- Throws:
java.security.InvalidKeyException
- if the given key is inappropriate for initializing this cipher
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of
opmode
.If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from
random
.- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Parameters:
opmode
- the operation mode of this cipher (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
orUNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parameter specificationrandom
- the source of randomness- Throws:
java.security.InvalidKeyException
- if the given key is inappropriate for initializing this cipher.java.security.InvalidAlgorithmParameterException
- if the given algorithm parameters are inappropriate for this cipher.
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of
opmode
.If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from
random
.- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Parameters:
opmode
- the operation mode of this cipher (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
orUNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parametersrandom
- the source of randomness- Throws:
java.security.InvalidKeyException
- if the given key is inappropriate for initializing this cipher.java.security.InvalidAlgorithmParameterException
- if the given algorithm parameters are inappropriate for this cipher.
-
engineUpdate
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
, are processed, and the result is stored in a new buffer.- Specified by:
engineUpdate
in classjavax.crypto.CipherSpi
- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input length- Returns:
- the new buffer with the result
-
engineUpdate
protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
, are processed, and the result is stored in theoutput
buffer, starting atoutputOffset
.- Specified by:
engineUpdate
in classjavax.crypto.CipherSpi
- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset inoutput
where the result is stored- Returns:
- the number of bytes stored in
output
. - Throws:
javax.crypto.ShortBufferException
- if the given output buffer is too small to hold the result.
-
engineDoFinal
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
, and any input bytes that may have been buffered during a previousupdate
operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.The cipher is reset to its initial state (uninitialized) after this call.
- Specified by:
engineDoFinal
in classjavax.crypto.CipherSpi
- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input length- Returns:
- the new buffer with the result.
- Throws:
javax.crypto.IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.javax.crypto.BadPaddingException
- if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
-
engineDoFinal
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws javax.crypto.IllegalBlockSizeException, javax.crypto.ShortBufferException, javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
, and any input bytes that may have been buffered during a previousupdate
operation, are processed, with padding (if requested) being applied. The result is stored in theoutput
buffer, starting atoutputOffset
.The cipher is reset to its initial state (uninitialized) after this call.
- Specified by:
engineDoFinal
in classjavax.crypto.CipherSpi
- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset inoutput
where the result is stored- Returns:
- the number of bytes stored in
output
. - Throws:
javax.crypto.IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.javax.crypto.ShortBufferException
- if the given output buffer is too small to hold the result.javax.crypto.BadPaddingException
- if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
-
engineGetKeySize
protected int engineGetKeySize(java.security.Key key)
Returns the key size of the given key object.This method is called by the JCE framework to ensure that the size of the key to be used does not exceed the maximum allowable key size specified in the Java restricted policy files.
Cipher operations done at the hardware level should bypass the Java restricted policy files check because the cryptographic hardware enforces the US export restrictions relating to cryptographic keys.
If a hardware key is used for a DES or DESede cipher operation, we can bypass the restricted policy files checking by returning a key size that conforms to the policy files.
If a clear key in RAW format is used for a DES or DESede cipher operation, the operation may or may not be done at the hardware level. The operation may be passed to the IBMJCE software cryptographic implementation. Since the software implementation does not enforce US export restrictions, we must return the correct key size in order for JCE framework to enforce the Java restricted policy files.
- Overrides:
engineGetKeySize
in classjavax.crypto.CipherSpi
- Parameters:
key
- the key object.- Returns:
- the actual key size if the key is in RAW format. Otherwise, a key size that will pass the restricted policy files check done by the JCE framework.
-
engineWrap
protected byte[] engineWrap(java.security.Key key) throws javax.crypto.IllegalBlockSizeException, java.security.InvalidKeyException
Wrap a key.- Overrides:
engineWrap
in classjavax.crypto.CipherSpi
- Parameters:
key
- the key to be wrapped. This key must be aRAW
Cipher.SECRET_KEY
. This cipher does not support wrapping secret keys of typeICSFToken
or typeCKDSLabel
, and does not support wrappingCipher.PRIVATE_KEY
orCipher.PUBLIC_KEY
.- Returns:
- the wrapped key.
- Throws:
javax.crypto.IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.java.security.InvalidKeyException
- if any of the following is true:- it is impossible or unsafe to wrap the key with this cipher (for example, a hardware protected key is being passed to a software only cipher)
- the key is a
Cipher.PRIVATE_KEY
- the key is a
Cipher.PUBLIC_KEY
- the key is a
Cipher.SECRET_KEY
but is not typeRAW
key
-
engineUnwrap
protected java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType) throws java.security.InvalidKeyException, java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.- Overrides:
engineUnwrap
in classjavax.crypto.CipherSpi
- Parameters:
wrappedKey
- the key to be unwrappedwrappedKeyAlgorithm
- the algorithm the wrapped key is forwrappedKeyType
- the type of the wrapped key. This must beCipher.SECRET_KEY
. This cipher does not support unwrapping a key of typeCipher.PRIVATE_KEY
orCipher.PUBLIC_KEY
.- Returns:
- the unwrapped key.
- Throws:
java.security.InvalidKeyException
- if any of the following is true:wrappedKey
does not represent a wrapped key- the algorithm associated with the wrapped key is different from
wrappedKeyAlgorithm
- its key type is different from
wrappedKeyType
- the wrappedKeyType parameter is not
Cipher.SECRET_KEY
java.security.NoSuchAlgorithmException
- if no installed providers can create keys for thewrappedKeyAlgorithm
.
-
-