Class DESCipher


  • public final class DESCipher
    extends javax.crypto.CipherSpi
    This class implements the DES algorithm in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding). DES hardware support is for the CBC mode only. All other modes will use software.

    In addition, the system property ibm.DES.usehdwr.size value determines whether hardware or software is used for the CBC mode. If the size of the data to be encrypted/decrypted is greater than the value of ibm.DES.usehdwr.size, then hardware is used. Otherwise, software is used. When the value of ibm.DES.usehdwr.size is -1, software is always used. When the value of ibm.DES.usehdwr.size is 0, hardware is used if it supports the specified mode.

    This documentation describes a Service Provider Interface. It is provided for implementation insight only. This class is not intended to be called directly by application developers. Please consult the 'Java Cryptography Architecture Standard' for details on how to use this interface through a public standard class.

    NOTE:
    Certain operations may require specific hardware or software, or specific key types. See the rest of this document and the z/OS Unique Considerations Hardware Crypto Reference Guide for more details. Unsupported operations and/or combinations may result in a RuntimeException Hardware Error.
    For public interface details, consult the JCE API documentation for javax.crypto.Cipher.
    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected static int CBC_MODE
      CBC mode encryption.
      protected static int CFB_MODE
      CFB mode encryption.
      protected int cipherMode
      The cipher mode.
      static int DES_BLOCK_SIZE
      Default DES block size in number of bytes.
      protected static int ECB_MODE
      ECB mode encryption.
      static int[] initPermLeft0
      Intended for internal use only.
      static int[] initPermLeft1
      Intended for internal use only.
      static int[] initPermLeft2
      Intended for internal use only.
      static int[] initPermLeft3
      Intended for internal use only.
      static int[] initPermLeft4
      Intended for internal use only.
      static int[] initPermLeft5
      Intended for internal use only.
      static int[] initPermLeft6
      Intended for internal use only.
      static int[] initPermLeft7
      Intended for internal use only.
      static int[] initPermLeft8
      Intended for internal use only.
      static int[] initPermLeft9
      Intended for internal use only.
      static int[] initPermLeftA
      Intended for internal use only.
      static int[] initPermLeftB
      Intended for internal use only.
      static int[] initPermLeftC
      Intended for internal use only.
      static int[] initPermLeftD
      Intended for internal use only.
      static int[] initPermLeftE
      Intended for internal use only.
      static int[] initPermLeftF
      Intended for internal use only.
      static int[] initPermRight0
      Intended for internal use only.
      static int[] initPermRight1
      Intended for internal use only.
      static int[] initPermRight2
      Intended for internal use only.
      static int[] initPermRight3
      Intended for internal use only.
      static int[] initPermRight4
      Intended for internal use only.
      static int[] initPermRight5
      Intended for internal use only.
      static int[] initPermRight6
      Intended for internal use only.
      static int[] initPermRight7
      Intended for internal use only.
      static int[] initPermRight8
      Intended for internal use only.
      static int[] initPermRight9
      Intended for internal use only.
      static int[] initPermRightA
      Intended for internal use only.
      static int[] initPermRightB
      Intended for internal use only.
      static int[] initPermRightC
      Intended for internal use only.
      static int[] initPermRightD
      Intended for internal use only.
      static int[] initPermRightE
      Intended for internal use only.
      static int[] initPermRightF
      Intended for internal use only.
      protected static int OFB_MODE
      OFB mode encryption.
      protected static int PCBC_MODE
      PCBC mode encryption.
      static int[] permLeft1
      Intended for internal use only.
      static int[] permLeft3
      Intended for internal use only.
      static int[] permLeft5
      Intended for internal use only.
      static int[] permLeft7
      Intended for internal use only.
      static int[] permLeft9
      Intended for internal use only.
      static int[] permLeftB
      Intended for internal use only.
      static int[] permLeftD
      Intended for internal use only.
      static int[] permLeftF
      Intended for internal use only.
      static int[] permRight0
      Intended for internal use only.
      static int[] permRight2
      Intended for internal use only.
      static int[] permRight4
      Intended for internal use only.
      static int[] permRight6
      Intended for internal use only.
      static int[] permRight8
      Intended for internal use only.
      static int[] permRightA
      Intended for internal use only.
      static int[] permRightC
      Intended for internal use only.
      static int[] permRightE
      Intended for internal use only.
      protected com.ibm.crypto.hdwrCCA.provider.DESCrypt rawAlg
      The (raw) algorithm.
      static int[] s0p
      Intended for internal use only.
      static int[] s1p
      Intended for internal use only.
      static int[] s2p
      Intended for internal use only.
      static int[] s3p
      Intended for internal use only.
      static int[] s4p
      Intended for internal use only.
      static int[] s5p
      Intended for internal use only.
      static int[] s6p
      Intended for internal use only.
      static int[] s7p
      Intended for internal use only.
    • Constructor Summary

      Constructors 
      Constructor Description
      DESCipher()
      Creates an instance of DES cipher with default ECB mode and PKCS5Padding.
      DESCipher​(java.lang.String mode, java.lang.String paddingScheme)
      Creates an instance of DES cipher with the requested mode and padding.
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      protected byte[] engineDoFinal​(byte[] input, int inputOffset, int inputLen)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineDoFinal​(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
      protected int engineGetBlockSize()
      Returns the block size (in bytes).
      protected byte[] engineGetIV()
      Returns the initialization vector (IV) in a new buffer.
      protected int engineGetKeySize​(java.security.Key key)
      Returns the key size of the given key object.
      protected int engineGetOutputSize​(int inputLen)
      Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
      protected java.security.AlgorithmParameters engineGetParameters()
      Returns the parameters used with this cipher.
      protected void engineInit​(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
      Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.
      protected void engineInit​(int opmode, java.security.Key key, java.security.SecureRandom random)
      Initializes this cipher with an operation mode, a key and a source of randomness.
      protected void engineInit​(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
      Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.
      protected void engineSetMode​(java.lang.String mode)
      Sets the mode of this cipher.
      protected void engineSetPadding​(java.lang.String paddingScheme)
      Sets the padding mechanism of this cipher.
      protected java.security.Key engineUnwrap​(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
      Unwrap a previously wrapped key.
      protected byte[] engineUpdate​(byte[] input, int inputOffset, int inputLen)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected int engineUpdate​(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
      Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
      protected byte[] engineWrap​(java.security.Key key)
      Wrap a key.
      protected void setRawAlg()
      Sets the raw algorithm to DES.
      • Methods inherited from class javax.crypto.CipherSpi

        engineDoFinal, engineUpdate, engineUpdateAAD, engineUpdateAAD
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • cipherMode

        protected int cipherMode
        The cipher mode. One of ECB, CBC, PCBC, CFB, CFBnn, OFB, or OFBnn.
      • ECB_MODE

        protected static final int ECB_MODE
        ECB mode encryption. ECB mode encryption can be performed with CLEAR keys (also known as RAW keys), and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys).
        See Also:
        Constant Field Values
      • CBC_MODE

        protected static final int CBC_MODE
        CBC mode encryption. CBC mode encryption can be performed with CLEAR keys (also known as RAW keys), with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys), and with SECURE_INTERNAL_TOKEN keys (also known as ICSFToken keys).
        See Also:
        Constant Field Values
      • CFB_MODE

        protected static final int CFB_MODE
        CFB mode encryption. CFB mode encryption can be performed with CLEAR keys (also known as RAW keys) and with CKDS keys for clear and encrypted keys (also known as CKDSLabel keys). LCFB (specified as CFBnn) encryption can be performed with CLEAR keys (also known as RAW keys).
        See Also:
        Constant Field Values
      • OFB_MODE

        protected static final int OFB_MODE
        OFB mode encryption. OFB mode encryption can be performed with CLEAR keys (also known as RAW keys). LOFB (specified as OFBnn) can be performed with CLEAR keys (also known as RAW keys).
        See Also:
        Constant Field Values
      • PCBC_MODE

        protected static final int PCBC_MODE
        PCBC mode encryption. PCBC mode encryption can be performed with CLEAR keys (also known as RAW keys).
        See Also:
        Constant Field Values
      • rawAlg

        protected com.ibm.crypto.hdwrCCA.provider.DESCrypt rawAlg
        The (raw) algorithm. This is the implementation of the raw DES or triple-DES algorithm, which can be plugged (via setEmbeddedCipher) into one of the cipher mode classes CipherBlockChaining, CipherFeedback, ElectronicCodeBook, or OutputFeedback.
      • DES_BLOCK_SIZE

        public static final int DES_BLOCK_SIZE
        Default DES block size in number of bytes.
        See Also:
        Constant Field Values
      • s0p

        public static final int[] s0p
        Intended for internal use only.
      • s1p

        public static final int[] s1p
        Intended for internal use only.
      • s2p

        public static final int[] s2p
        Intended for internal use only.
      • s3p

        public static final int[] s3p
        Intended for internal use only.
      • s4p

        public static final int[] s4p
        Intended for internal use only.
      • s5p

        public static final int[] s5p
        Intended for internal use only.
      • s6p

        public static final int[] s6p
        Intended for internal use only.
      • s7p

        public static final int[] s7p
        Intended for internal use only.
      • permRight0

        public static final int[] permRight0
        Intended for internal use only.
      • permLeft1

        public static final int[] permLeft1
        Intended for internal use only.
      • permRight2

        public static final int[] permRight2
        Intended for internal use only.
      • permLeft3

        public static final int[] permLeft3
        Intended for internal use only.
      • permRight4

        public static final int[] permRight4
        Intended for internal use only.
      • permLeft5

        public static final int[] permLeft5
        Intended for internal use only.
      • permRight6

        public static final int[] permRight6
        Intended for internal use only.
      • permLeft7

        public static final int[] permLeft7
        Intended for internal use only.
      • permRight8

        public static final int[] permRight8
        Intended for internal use only.
      • permLeft9

        public static final int[] permLeft9
        Intended for internal use only.
      • permRightA

        public static final int[] permRightA
        Intended for internal use only.
      • permLeftB

        public static final int[] permLeftB
        Intended for internal use only.
      • permRightC

        public static final int[] permRightC
        Intended for internal use only.
      • permLeftD

        public static final int[] permLeftD
        Intended for internal use only.
      • permRightE

        public static final int[] permRightE
        Intended for internal use only.
      • permLeftF

        public static final int[] permLeftF
        Intended for internal use only.
      • initPermLeft0

        public static final int[] initPermLeft0
        Intended for internal use only.
      • initPermRight0

        public static final int[] initPermRight0
        Intended for internal use only.
      • initPermLeft1

        public static final int[] initPermLeft1
        Intended for internal use only.
      • initPermRight1

        public static final int[] initPermRight1
        Intended for internal use only.
      • initPermLeft2

        public static final int[] initPermLeft2
        Intended for internal use only.
      • initPermRight2

        public static final int[] initPermRight2
        Intended for internal use only.
      • initPermLeft3

        public static final int[] initPermLeft3
        Intended for internal use only.
      • initPermRight3

        public static final int[] initPermRight3
        Intended for internal use only.
      • initPermLeft4

        public static final int[] initPermLeft4
        Intended for internal use only.
      • initPermRight4

        public static final int[] initPermRight4
        Intended for internal use only.
      • initPermLeft5

        public static final int[] initPermLeft5
        Intended for internal use only.
      • initPermRight5

        public static final int[] initPermRight5
        Intended for internal use only.
      • initPermLeft6

        public static final int[] initPermLeft6
        Intended for internal use only.
      • initPermRight6

        public static final int[] initPermRight6
        Intended for internal use only.
      • initPermLeft7

        public static final int[] initPermLeft7
        Intended for internal use only.
      • initPermRight7

        public static final int[] initPermRight7
        Intended for internal use only.
      • initPermLeft8

        public static final int[] initPermLeft8
        Intended for internal use only.
      • initPermRight8

        public static final int[] initPermRight8
        Intended for internal use only.
      • initPermLeft9

        public static final int[] initPermLeft9
        Intended for internal use only.
      • initPermRight9

        public static final int[] initPermRight9
        Intended for internal use only.
      • initPermLeftA

        public static final int[] initPermLeftA
        Intended for internal use only.
      • initPermRightA

        public static final int[] initPermRightA
        Intended for internal use only.
      • initPermLeftB

        public static final int[] initPermLeftB
        Intended for internal use only.
      • initPermRightB

        public static final int[] initPermRightB
        Intended for internal use only.
      • initPermLeftC

        public static final int[] initPermLeftC
        Intended for internal use only.
      • initPermRightC

        public static final int[] initPermRightC
        Intended for internal use only.
      • initPermLeftD

        public static final int[] initPermLeftD
        Intended for internal use only.
      • initPermRightD

        public static final int[] initPermRightD
        Intended for internal use only.
      • initPermLeftE

        public static final int[] initPermLeftE
        Intended for internal use only.
      • initPermRightE

        public static final int[] initPermRightE
        Intended for internal use only.
      • initPermLeftF

        public static final int[] initPermLeftF
        Intended for internal use only.
      • initPermRightF

        public static final int[] initPermRightF
        Intended for internal use only.
    • Constructor Detail

      • DESCipher

        public DESCipher()
                  throws java.security.NoSuchAlgorithmException,
                         javax.crypto.NoSuchPaddingException
        Creates an instance of DES cipher with default ECB mode and PKCS5Padding.
        NOTE:
        The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
        Throws:
        java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.
        java.security.NoSuchAlgorithmException
        javax.crypto.NoSuchPaddingException
      • DESCipher

        public DESCipher​(java.lang.String mode,
                         java.lang.String paddingScheme)
                  throws java.security.NoSuchAlgorithmException,
                         javax.crypto.NoSuchPaddingException
        Creates an instance of DES cipher with the requested mode and padding.
        NOTE:
        The mode chosen may not support all key types. See the Field Summary mode documentation and the z/OS Unique Considerations Hardware Crypto Reference Guide for more information.
        Parameters:
        mode - the cipher mode
        paddingScheme - the padding mechanism
        Throws:
        java.security.NoSuchAlgorithmException - if the required cipher mode is unavailable.
        javax.crypto.NoSuchPaddingException - if the required padding mechanism is unavailable.
        java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.
    • Method Detail

      • setRawAlg

        protected void setRawAlg()
        Sets the raw algorithm to DES. This method is not a supported customer interface.
      • engineSetMode

        protected void engineSetMode​(java.lang.String mode)
                              throws java.security.NoSuchAlgorithmException
        Sets the mode of this cipher. This method is not a supported customer interface.
        Specified by:
        engineSetMode in class javax.crypto.CipherSpi
        Parameters:
        mode - the cipher mode
        Throws:
        java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist.
      • engineSetPadding

        protected void engineSetPadding​(java.lang.String paddingScheme)
                                 throws javax.crypto.NoSuchPaddingException
        Sets the padding mechanism of this cipher. This method is not a supported customer interface.
        Specified by:
        engineSetPadding in class javax.crypto.CipherSpi
        Parameters:
        paddingScheme - the padding mechanism
        Throws:
        javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist.
      • engineGetBlockSize

        protected int engineGetBlockSize()
        Returns the block size (in bytes).
        Specified by:
        engineGetBlockSize in class javax.crypto.CipherSpi
        Returns:
        the block size (in bytes) or 0 if the underlying algorithm is not a block cipher.
      • engineGetOutputSize

        protected int engineGetOutputSize​(int inputLen)
        Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

        This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

        The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

        Specified by:
        engineGetOutputSize in class javax.crypto.CipherSpi
        Parameters:
        inputLen - the input length (in bytes)
        Returns:
        the required output buffer size (in bytes).
      • engineGetIV

        protected byte[] engineGetIV()
        Returns the initialization vector (IV) in a new buffer.

        This is useful in the case where a random IV has been created (see engineInit(int, Key, SecureRandom)), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

        Specified by:
        engineGetIV in class javax.crypto.CipherSpi
        Returns:
        the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
      • engineGetParameters

        protected java.security.AlgorithmParameters engineGetParameters()
        Returns the parameters used with this cipher.

        The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

        Specified by:
        engineGetParameters in class javax.crypto.CipherSpi
        Returns:
        the parameters used with this cipher, or null if this cipher does not use any parameters.
      • engineInit

        protected void engineInit​(int opmode,
                                  java.security.Key key,
                                  java.security.SecureRandom random)
                           throws java.security.InvalidKeyException
        Initializes this cipher with an operation mode, a key and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

        This method also cleans existing buffer and other related state information.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the secret key
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
      • engineInit

        protected void engineInit​(int opmode,
                                  java.security.Key key,
                                  java.security.spec.AlgorithmParameterSpec params,
                                  java.security.SecureRandom random)
                           throws java.security.InvalidKeyException,
                                  java.security.InvalidAlgorithmParameterException
        Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameter specification
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher.
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher.
      • engineInit

        protected void engineInit​(int opmode,
                                  java.security.Key key,
                                  java.security.AlgorithmParameters params,
                                  java.security.SecureRandom random)
                           throws java.security.InvalidKeyException,
                                  java.security.InvalidAlgorithmParameterException
        Initializes this cipher with an operation mode, a key, a set of algorithm parameters, and a source of randomness.

        The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

        If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

        Specified by:
        engineInit in class javax.crypto.CipherSpi
        Parameters:
        opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
        key - the encryption key
        params - the algorithm parameters
        random - the source of randomness
        Throws:
        java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher.
        java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher.
      • engineUpdate

        protected byte[] engineUpdate​(byte[] input,
                                      int inputOffset,
                                      int inputLen)
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result
      • engineUpdate

        protected int engineUpdate​(byte[] input,
                                   int inputOffset,
                                   int inputLen,
                                   byte[] output,
                                   int outputOffset)
                            throws javax.crypto.ShortBufferException
        Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

        The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

        Specified by:
        engineUpdate in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output.
        Throws:
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result.
      • engineDoFinal

        protected byte[] engineDoFinal​(byte[] input,
                                       int inputOffset,
                                       int inputLen)
                                throws javax.crypto.IllegalBlockSizeException,
                                       javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

        The cipher is reset to its initial state (uninitialized) after this call.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        Returns:
        the new buffer with the result.
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
      • engineDoFinal

        protected int engineDoFinal​(byte[] input,
                                    int inputOffset,
                                    int inputLen,
                                    byte[] output,
                                    int outputOffset)
                             throws javax.crypto.IllegalBlockSizeException,
                                    javax.crypto.ShortBufferException,
                                    javax.crypto.BadPaddingException
        Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

        The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

        The cipher is reset to its initial state (uninitialized) after this call.

        Specified by:
        engineDoFinal in class javax.crypto.CipherSpi
        Parameters:
        input - the input buffer
        inputOffset - the offset in input where the input starts
        inputLen - the input length
        output - the buffer for the result
        outputOffset - the offset in output where the result is stored
        Returns:
        the number of bytes stored in output.
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size.
        javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result.
        javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
      • engineGetKeySize

        protected int engineGetKeySize​(java.security.Key key)
        Returns the key size of the given key object.

        This method is called by the JCE framework to ensure that the size of the key to be used does not exceed the maximum allowable key size specified in the Java restricted policy files.

        Cipher operations done at the hardware level should bypass the Java restricted policy files check because the cryptographic hardware enforces the US export restrictions relating to cryptographic keys.

        If a hardware key is used for a DES or DESede cipher operation, we can bypass the restricted policy files checking by returning a key size that conforms to the policy files.

        If a clear key in RAW format is used for a DES or DESede cipher operation, the operation may or may not be done at the hardware level. The operation may be passed to the IBMJCE software cryptographic implementation. Since the software implementation does not enforce US export restrictions, we must return the correct key size in order for JCE framework to enforce the Java restricted policy files.

        Overrides:
        engineGetKeySize in class javax.crypto.CipherSpi
        Parameters:
        key - the key object.
        Returns:
        the actual key size if the key is in RAW format. Otherwise, a key size that will pass the restricted policy files check done by the JCE framework.
      • engineWrap

        protected byte[] engineWrap​(java.security.Key key)
                             throws javax.crypto.IllegalBlockSizeException,
                                    java.security.InvalidKeyException
        Wrap a key.
        Overrides:
        engineWrap in class javax.crypto.CipherSpi
        Parameters:
        key - the key to be wrapped. This key must be a RAW Cipher.SECRET_KEY. This cipher does not support wrapping secret keys of type ICSFToken or type CKDSLabel, and does not support wrapping Cipher.PRIVATE_KEY or Cipher.PUBLIC_KEY.
        Returns:
        the wrapped key.
        Throws:
        javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
        java.security.InvalidKeyException - if any of the following is true:
        • it is impossible or unsafe to wrap the key with this cipher (for example, a hardware protected key is being passed to a software only cipher)
        • the key is a Cipher.PRIVATE_KEY
        • the key is a Cipher.PUBLIC_KEY
        • the key is a Cipher.SECRET_KEY but is not type RAW key
      • engineUnwrap

        protected java.security.Key engineUnwrap​(byte[] wrappedKey,
                                                 java.lang.String wrappedKeyAlgorithm,
                                                 int wrappedKeyType)
                                          throws java.security.InvalidKeyException,
                                                 java.security.NoSuchAlgorithmException
        Unwrap a previously wrapped key.
        Overrides:
        engineUnwrap in class javax.crypto.CipherSpi
        Parameters:
        wrappedKey - the key to be unwrapped
        wrappedKeyAlgorithm - the algorithm the wrapped key is for
        wrappedKeyType - the type of the wrapped key. This must be Cipher.SECRET_KEY. This cipher does not support unwrapping a key of type Cipher.PRIVATE_KEY or Cipher.PUBLIC_KEY.
        Returns:
        the unwrapped key.
        Throws:
        java.security.InvalidKeyException - if any of the following is true:
        • wrappedKey does not represent a wrapped key
        • the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm
        • its key type is different from wrappedKeyType
        • the wrappedKeyType parameter is not Cipher.SECRET_KEY
        java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.