- java.lang.Object
-
- javax.crypto.CipherSpi
-
- com.ibm.crypto.hdwrCCA.provider.DESedeKeyWrap
-
public final class DESedeKeyWrap extends javax.crypto.CipherSpi
This class implements hardware DESede key wrapping. It allows a DESede key encrypting key to wrap other hardware DES and Triple-DES keys.
-
-
Constructor Summary
Constructors Constructor Description DESedeKeyWrap()
Creates an instance of hardware DESede key wrap.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected byte[]
engineDoFinal(byte[] input, int inputOffset, int inputLen)
Encrypting or decrypting data in a single-part operation, or finishing a multiple-part operation is not supported.protected int
engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Encrypting or decrypting data in a single-part operation, or finishing a multiple-part operation is not supported.protected int
engineGetBlockSize()
Returns cipher block size in bytes.protected byte[]
engineGetIV()
Returns the initialization vector (IV) used with this cipher.protected int
engineGetKeySize(java.security.Key key)
Returns the key size of the given key object.protected int
engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need.protected java.security.AlgorithmParameters
engineGetParameters()
Returns the parameters used with this cipher.protected void
engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
protected void
engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
Initializes this cipher with a key and a source of randomness.protected void
engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
Initializes this cipher with a key and a source of randomness.protected void
engineSetMode(java.lang.String mode)
Setting the cipher mode is not supported.protected void
engineSetPadding(java.lang.String paddingScheme)
Setting the cipher padding mechanism is not supported.protected java.security.Key
engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
Unwrap a previously wrapped CCA hardware DES or DESede key.protected byte[]
engineUpdate(byte[] input, int inputOffset, int inputLen)
Continuing a multiple-part encryption or decryption operation is not supported.protected int
engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Continuing a multiple-part encryption or decryption operation is not supported.protected byte[]
engineWrap(java.security.Key key)
Wrap a CCA hardware DES or DESede key.
-
-
-
Method Detail
-
engineGetBlockSize
protected int engineGetBlockSize()
Returns cipher block size in bytes.- Specified by:
engineGetBlockSize
in classjavax.crypto.CipherSpi
- Returns:
- cipher block size in bytes.
-
engineGetOutputSize
protected int engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need.- Specified by:
engineGetOutputSize
in classjavax.crypto.CipherSpi
- Parameters:
inputLen
- the input length in bytes, which will be ignored- Returns:
- the required output buffer size in bytes.
-
engineGetKeySize
protected int engineGetKeySize(java.security.Key key)
Returns the key size of the given key object. This method is called by the JCE framework to ensure that the size of the key to be used does not exceed the maximum allowable key size specified in the Java restricted policy files.Cipher operations done at the hardware level should bypass the Java restricted policy files check because the cryptographic hardware enforces the US export restrictions relating to cryptographic keys. If a hardware key is used for a DES or DESede cipher operation, we can bypass the restricted policy files checking by returning a key size that conforms to the policy files.
- Overrides:
engineGetKeySize
in classjavax.crypto.CipherSpi
- Parameters:
key
- the key object- Returns:
- a key size that will pass the restricted policy files check done by the JCE framework.
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random) throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness. This cipher may be initialized for key wrapping or key unwrapping operations only, depending on the value ofopmode
. Encryption and decryption operations are not supported by this cipher.This cipher does not require an initialization vector (IV), so the source of randomness provided by
random
must be null. This method resets any existing state information.By default, keys are unwrapped as
SymmetricKeyConstants.KeyType.CKDS
keys.- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Parameters:
opmode
- the operation mode of this cipher. This is one ofWRAP_MODE
orUNWRAP_MODE
. Please note thatENCRYPT_MODE
andDECRYPT_MODE
operation modes are not supportedkey
- the CCA hardware DESede key encrypting keyrandom
- the source of randomness, which must be null- Throws:
java.lang.UnsupportedOperationException
- if theopmode
is eitherENCRYPT_MODE
orDECRYPT_MODE
, which is not supported by this cipher.java.security.InvalidParameterException
- if theopmode
is not a valid cipher operation mode or if a source of randomness is specified.java.lang.NullPointerException
- if the key is null.java.security.InvalidKeyException
- if the given key not a CCA hardware DESede key.
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key and a source of randomness. This cipher may be initialized for key wrapping or key unwrapping operations only, depending on the value ofopmode
. Encryption and decryption operations are not supported by this cipher.This cipher does not require an initialization vector (IV), so the source of randomness provided by
random
must be null. This method resets any existing state information.By default, keys are unwrapped as
SymmetricKeyConstants.KeyType.CKDS
keys.- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Parameters:
opmode
- the operation mode of this cipher. This is one ofWRAP_MODE
orUNWRAP_MODE
. Please note thatENCRYPT_MODE
andDECRYPT_MODE
operation modes are not supportedkey
- the CCA hardware DESede key encrypting keyparams
- algorithm parameters that specify whether to unwrap keys asSymmetricKeyConstants.KeyType.SECURE_INTERNAL_TOKEN
keys or asSymmetricKeyConstants.KeyType.CKDS
keys. Unwrapping toSymmetricKeyConstants.KeyType.CLEAR
keys is not supported. This algorithm parameters is only supported inUNWRAP_MODE
random
- the source of randomness, which must be null- Throws:
java.lang.UnsupportedOperationException
- if theopmode
is eitherENCRYPT_MODE
orDECRYPT_MODE
, which is not supported by this cipher.java.security.InvalidParameterException
- if theopmode
is not a valid cipher operation mode or if a source of randomness is specified.java.lang.NullPointerException
- if the key is null.java.security.InvalidKeyException
- if the given key not a CCA hardware DESede key.java.security.InvalidAlgorithmParameterException
- ifparams
is not null andopmode
isWRAP_MODE
, or ifparams
is not an instance ofCCAAlgorithmParameterSpec
, or if the algorithm parameters specify to unwrap keys asCLEAR
keys.
-
engineInit
protected void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
- Specified by:
engineInit
in classjavax.crypto.CipherSpi
- Throws:
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
- See Also:
engineInit(int, Key, AlgorithmParameterSpec, SecureRandom)
-
engineWrap
protected byte[] engineWrap(java.security.Key key) throws java.security.InvalidKeyException
Wrap a CCA hardware DES or DESede key. The wrapped key will be formatted as a CCA external key token. The wrapped key will use the same key wrapping method as the originalkey
. This can be either the original ECB wrapping method or the enhanced CBC wrapping method which is ANSI X9.24 compliant.- Overrides:
engineWrap
in classjavax.crypto.CipherSpi
- Parameters:
key
- the CCA hardware DES or DESede key to be wrapped- Returns:
- the wrapped key formatted as a CCA external key token.
- Throws:
java.lang.NullPointerException
- ifkey
is null.java.security.InvalidKeyException
- if the provided key is not a CCA hardware DES or DESede key.java.lang.IllegalStateException
- if this cipher is not initialized for theWRAP_MODE
operational mode.
-
engineUnwrap
protected java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType) throws java.security.InvalidKeyException
Unwrap a previously wrapped CCA hardware DES or DESede key. The unwrapped key will use the default wrapping method that ICSF has been setup to use for internal key tokens. This can be either the original ECB wrapping method or the enhanced CBC wrapping method which is ANSI X9.24 compliant. By default, all unwrapped keys will be CKDS keys stored in the CKDS, unless otherwise specified through algorithm parameter specs during cipher initialization.- Overrides:
engineUnwrap
in classjavax.crypto.CipherSpi
- Parameters:
wrappedKey
- the previously wrapped CCA hardware DES or DESede key to be unwrappedwrappedKeyAlgorithm
- the key algorithm of the original keywrappedKeyType
- the type of wrapped key, this must beCipher.SECRET_KEY
- Returns:
- the unwrapped CCA hardware DES or DESede key.
- Throws:
java.lang.NullPointerException
- ifwrappedKey
is null.java.security.InvalidKeyException
- ifwrappedKeyAlgorithm
is not"DES"
,"DESede"
,"TripleDES"
, or"3DES"
. Or ifwrappedKey
is not 64 bytes in length,wrappedKeyType
is notCipher.SECRET_KEY
, or there is an issue creating the unwrapped CCA hardware key.java.lang.IllegalStateException
- if this cipher is not initialized for theUNWRAP_MODE
operational mode.
-
engineSetMode
protected void engineSetMode(java.lang.String mode)
Setting the cipher mode is not supported.- Specified by:
engineSetMode
in classjavax.crypto.CipherSpi
- Parameters:
mode
- the cipher mode- Throws:
java.lang.UnsupportedOperationException
- always.
-
engineSetPadding
protected void engineSetPadding(java.lang.String paddingScheme)
Setting the cipher padding mechanism is not supported.- Specified by:
engineSetPadding
in classjavax.crypto.CipherSpi
- Parameters:
paddingScheme
- the padding mechanism- Throws:
java.lang.UnsupportedOperationException
- always.
-
engineGetIV
protected byte[] engineGetIV()
Returns the initialization vector (IV) used with this cipher.- Specified by:
engineGetIV
in classjavax.crypto.CipherSpi
- Returns:
- null, because this cipher does not use any IV.
-
engineGetParameters
protected java.security.AlgorithmParameters engineGetParameters()
Returns the parameters used with this cipher.- Specified by:
engineGetParameters
in classjavax.crypto.CipherSpi
- Returns:
- null, because this cipher does not return any parameters.
-
engineUpdate
protected byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
Continuing a multiple-part encryption or decryption operation is not supported.- Specified by:
engineUpdate
in classjavax.crypto.CipherSpi
- Throws:
java.lang.UnsupportedOperationException
- always.
-
engineUpdate
protected int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Continuing a multiple-part encryption or decryption operation is not supported.- Specified by:
engineUpdate
in classjavax.crypto.CipherSpi
- Throws:
java.lang.UnsupportedOperationException
- always.
-
engineDoFinal
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
Encrypting or decrypting data in a single-part operation, or finishing a multiple-part operation is not supported.- Specified by:
engineDoFinal
in classjavax.crypto.CipherSpi
- Throws:
java.lang.UnsupportedOperationException
- always.
-
engineDoFinal
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
Encrypting or decrypting data in a single-part operation, or finishing a multiple-part operation is not supported.- Specified by:
engineDoFinal
in classjavax.crypto.CipherSpi
- Throws:
java.lang.UnsupportedOperationException
- always.
-
-