Cipher.java revision 0
0N/A * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved. 0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 0N/A * This code is free software; you can redistribute it and/or modify it 0N/A * under the terms of the GNU General Public License version 2 only, as 0N/A * published by the Free Software Foundation. Sun designates this 0N/A * particular file as subject to the "Classpath" exception as provided 0N/A * by Sun in the LICENSE file that accompanied this code. 0N/A * This code is distributed in the hope that it will be useful, but WITHOUT 0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 0N/A * version 2 for more details (a copy is included in the LICENSE file that 0N/A * accompanied this code). 0N/A * You should have received a copy of the GNU General Public License version 0N/A * 2 along with this work; if not, write to the Free Software Foundation, 0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 0N/A * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, 0N/A * CA 95054 USA or visit www.sun.com if you need additional information or 0N/A * have any questions. 0N/A * This class provides the functionality of a cryptographic cipher for 0N/A * encryption and decryption. It forms the core of the Java Cryptographic 0N/A * Extension (JCE) framework. 0N/A * <p>In order to create a Cipher object, the application calls the 0N/A * Cipher's <code>getInstance</code> method, and passes the name of the 0N/A * requested <i>transformation</i> to it. Optionally, the name of a provider 0N/A * <p>A <i>transformation</i> is a string that describes the operation (or 0N/A * set of operations) to be performed on the given input, to produce some 0N/A * output. A transformation always includes the name of a cryptographic 0N/A * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and 0N/A * <p> A transformation is of the form:<p> 0N/A * <li>"<i>algorithm</i>" 0N/A * <P> (in the latter case, 0N/A * provider-specific default values for the mode and padding scheme are used). 0N/A * For example, the following is a valid transformation:<p> 0N/A * Using modes such as <code>CFB</code> and <code>OFB<code>, block 0N/A * ciphers can encrypt data in units smaller than the cipher's actual 0N/A * block size. When requesting such a mode, you may optionally specify 0N/A * the number of bits to be processed at a time by appending this number 0N/A * number is specified, a provider-specific default is used. (For 0N/A * example, the SunJCE provider uses a default of 64 bits for DES.) 0N/A * Thus, block ciphers can be turned into byte-oriented stream ciphers by 0N/A * using an 8 bit mode such as CFB8 or OFB8. 0N/A * Constant used to initialize cipher to encryption mode. 0N/A * Constant used to initialize cipher to decryption mode. 0N/A * Constant used to initialize cipher to key-wrapping mode. 0N/A * Constant used to initialize cipher to key-unwrapping mode. 0N/A * Constant used to indicate the to-be-unwrapped key is a "public key". 0N/A * Constant used to indicate the to-be-unwrapped key is a "private key". 0N/A * Constant used to indicate the to-be-unwrapped key is a "secret key". 0N/A // The provider implementation (delegate) 0N/A // The transformation 0N/A // Crypto permission representing the maximum allowable cryptographic 0N/A // strength that this Cipher object can be used for. (The cryptographic 0N/A // strength is a function of the keysize and algorithm parameters encoded 0N/A // in the crypto permission.) 0N/A // The exemption mechanism that needs to be enforced 0N/A // Flag which indicates whether or not this cipher has been initialized 0N/A // The operation mode - store the operation mode after the 0N/A // cipher has been initialized. 0N/A // The OID for the KeyUsage extension in an X.509 v3 certificate 0N/A // next SPI to try in provider selection 0N/A // null once provider is selected 0N/A // next service to try in provider selection 0N/A // null once provider is selected 0N/A // remaining services to try in provider selection 0N/A // null once provider is selected 0N/A // list of transform Strings to lookup in the provider 0N/A * Creates a Cipher object. 0N/A * @param cipherSpi the delegate 0N/A * @param provider the provider 0N/A * @param transformation the transformation 0N/A // See bug 4341369 & 4334690 for more info. 0N/A // If the caller is trusted, then okey. 0N/A // Otherwise throw a NullPointerException. 0N/A * Creates a Cipher object. Called internally and by NullCipher. 0N/A * @param cipherSpi the delegate 0N/A * @param transformation the transformation 0N/A * array containing the components of a Cipher transformation: 0N/A * index 0: algorithm component (e.g., DES) 0N/A * index 1: feedback component (e.g., CFB) 0N/A * index 2: padding component (e.g., PKCS5Padding) 0N/A "algorithm not specified-" 0N/A // Provider attribute name for supported chaining mode 0N/A // Provider attribute name for supported padding names 0N/A // constants indicating whether the provider supports 0N/A // a given mode or padding 0N/A private final static int S_NO =
0;
// does not support 0N/A private final static int S_MAYBE =
1;
// unable to determine 0N/A private final static int S_YES =
2;
// does support 0N/A * Nested class to deal with modes and paddings. 0N/A // transform string to lookup in the provider 0N/A // the mode/padding suffix in upper case. for example, if the algorithm 0N/A // if loopup is "DES", suffix is the empty string 0N/A // needed because aliases prevent straight transform.equals() 0N/A // value to pass to setMode() or null if no such call required 0N/A // value to pass to setPadding() or null if no such call required 0N/A // set mode and padding for the given SPI 0N/A // check whether the given services supports the mode and 0N/A // padding described by this Transform 0N/A // our constants are defined so that Math.min() is a tri-valued AND 0N/A // separate methods for mode and padding 0N/A // called directly by Cipher only to throw the correct exception 0N/A // Map<String,Pattern> for previously compiled patterns 0N/A // XXX use ConcurrentHashMap once available 0N/A }
else {
// if ((mode != null) && (pad != null)) { 0N/A // get the transform matching the specified service 0N/A * Returns a <code>Cipher</code> object that implements the specified 0N/A * <p> This method traverses the list of registered security Providers, 0N/A * starting with the most preferred Provider. 0N/A * A new Cipher object encapsulating the 0N/A * CipherSpi implementation from the first 0N/A * Provider that supports the specified algorithm is returned. 0N/A * <p> Note that the list of registered providers may be retrieved via 0N/A * the {@link Security#getProviders() Security.getProviders()} method. 0N/A * @param transformation the name of the transformation, e.g., 0N/A * See Appendix A in the 0N/A * Java Cryptography Architecture Reference Guide</a> 0N/A * for information about standard transformation names. 0N/A * @return a cipher that implements the requested transformation. 0N/A * @exception NoSuchAlgorithmException if <code>transformation</code> 0N/A * is null, empty, in an invalid format, 0N/A * or if no Provider supports a CipherSpi implementation for the 0N/A * specified algorithm. 0N/A * @exception NoSuchPaddingException if <code>transformation</code> 0N/A * contains a padding scheme that is not available. 0N/A * @see java.security.Provider 0N/A // make sure there is at least one service from a signed provider 0N/A // and that it can use the specified mode and padding 0N/A // should never happen 0N/A // does not support mode or padding we need, ignore 0N/A }
else {
// S_MAYBE, try out if it works 0N/A * Returns a <code>Cipher</code> object that implements the specified 0N/A * <p> A new Cipher object encapsulating the 0N/A * CipherSpi implementation from the specified provider 0N/A * is returned. The specified provider must be registered 0N/A * in the security provider list. 0N/A * <p> Note that the list of registered providers may be retrieved via 0N/A * the {@link Security#getProviders() Security.getProviders()} method. 0N/A * @param transformation the name of the transformation, 0N/A * See Appendix A in the 0N/A * Java Cryptography Architecture Reference Guide</a> 0N/A * for information about standard transformation names. 0N/A * @param provider the name of the provider. 0N/A * @return a cipher that implements the requested transformation. 0N/A * @exception NoSuchAlgorithmException if <code>transformation</code> 0N/A * is null, empty, in an invalid format, 0N/A * or if a CipherSpi implementation for the specified algorithm 0N/A * is not available from the specified provider. 0N/A * @exception NoSuchProviderException if the specified provider is not 0N/A * registered in the security provider list. 0N/A * @exception NoSuchPaddingException if <code>transformation</code> 0N/A * contains a padding scheme that is not available. 0N/A * @exception IllegalArgumentException if the <code>provider</code> 0N/A * @see java.security.Provider 0N/A * Returns a <code>Cipher</code> object that implements the specified 0N/A * <p> A new Cipher object encapsulating the 0N/A * CipherSpi implementation from the specified Provider 0N/A * object is returned. Note that the specified Provider object 0N/A * does not have to be registered in the provider list. 0N/A * @param transformation the name of the transformation, 0N/A * See Appendix A in the 0N/A * Java Cryptography Architecture Reference Guide</a> 0N/A * for information about standard transformation names. 0N/A * @param provider the provider. 0N/A * @return a cipher that implements the requested transformation. 0N/A * @exception NoSuchAlgorithmException if <code>transformation</code> 0N/A * is null, empty, in an invalid format, 0N/A * or if a CipherSpi implementation for the specified algorithm 0N/A * is not available from the specified Provider object. 0N/A * @exception NoSuchPaddingException if <code>transformation</code> 0N/A * contains a padding scheme that is not available. 0N/A * @exception IllegalArgumentException if the <code>provider</code> 0N/A * @see java.security.Provider 0N/A // for compatibility, first do the lookup and then verify 0N/A // the provider. this makes the difference between a NSAE 0N/A // and a SecurityException if the 0N/A // provider does not support the algorithm. 0N/A // throw NoSuchPaddingException if the problem is with padding 0N/A // If the requested crypto service is export-controlled, 0N/A // determine the maximum allowable keysize. 0N/A // Instantiate the exemption mechanism (if required) 0N/A // max number of debug warnings to print from chooseFirstProvider() 0N/A * Choose the Spi from the first provider available. Used if 0N/A * delayed provider selection is not possible because init() 0N/A * is not the first method called. 0N/A +
"called, disabling delayed provider selection");
0N/A // should never happen 0N/A // not needed any more 0N/A (
"Could not construct CipherSpi instance");
0N/A // if provider says it does not support this key, ignore it 0N/A // should never happen 0N/A // NoSuchAlgorithmException from newInstance() 0N/A // InvalidKeyException from init() 0N/A // RuntimeException (ProviderException) from init() 0N/A // SecurityException from crypto permission check 0N/A // no working provider found, fail 0N/A (
"No installed provider supports this key: " 0N/A * Returns the provider of this <code>Cipher</code> object. 0N/A * @return the provider of this <code>Cipher</code> object 0N/A * Returns the algorithm name of this <code>Cipher</code> object. 0N/A * <p>This is the same name that was specified in one of the 0N/A * <code>getInstance</code> calls that created this <code>Cipher</code> 0N/A * @return the algorithm name of this <code>Cipher</code> object. 0N/A * Returns the block size (in bytes). 0N/A * @return the block size (in bytes), or 0 if the underlying algorithm is 0N/A * not a block cipher 0N/A * Returns the length in bytes that an output buffer would need to be in 0N/A * order to hold the result of the next <code>update</code> or 0N/A * <code>doFinal</code> operation, given the input length 0N/A * <code>inputLen</code> (in bytes). 0N/A * <p>This call takes into account any unprocessed (buffered) data from a 0N/A * previous <code>update</code> call, and padding. 0N/A * <p>The actual output length of the next <code>update</code> or 0N/A * <code>doFinal</code> call may be smaller than the length returned by 0N/A * @param inputLen the input length (in bytes) 0N/A * @return the required output buffer size (in bytes) 0N/A * @exception IllegalStateException if this cipher is in a wrong state 0N/A * (e.g., has not yet been initialized) 0N/A "to or greater than zero");
0N/A * Returns the initialization vector (IV) in a new buffer. 0N/A * <p>This is useful in the case where a random IV was created, 0N/A * or in the context of password-based encryption or 0N/A * decryption, where the IV is derived from a user-supplied password. 0N/A * @return the initialization vector in a new buffer, or null if the 0N/A * underlying algorithm does not use an IV, or if the IV has not yet 0N/A * Returns the parameters used with this cipher. 0N/A * <p>The returned parameters may be the same that were used to initialize 0N/A * this cipher, or may contain a combination of default and random 0N/A * parameter values used by the underlying cipher implementation if this 0N/A * cipher requires algorithm parameters but was not initialized with any. 0N/A * @return the parameters used with this cipher, or null if this cipher 0N/A * does not use any parameters. 0N/A * Returns the exemption mechanism object used with this cipher. 0N/A * @return the exemption mechanism object used with this cipher, or 0N/A * null if this cipher does not use any exemption mechanism. 0N/A // Crypto permission check code below 0N/A // Check if key size and default parameters are within legal limits 0N/A (
"Unsupported default algorithm parameters");
0N/A "Illegal key size or default parameters");
0N/A // Determine keysize and check if it is within legal limits 0N/A // Convert the specified parameters into specs and then delegate. 0N/A (
"Failed to retrieve algorithm parameter specification");
0N/A // Use the "algorithm" component of the cipher 0N/A // transformation so that the perm check would 0N/A // work when the key has the "aliased" algo. 0N/A // check if opmode is one of the defined constants 0N/A // throw InvalidParameterExeption if not 0N/A * Initializes this cipher with a key. 0N/A * <p>The cipher is initialized for one of the following four operations: 0N/A * encryption, decryption, key wrapping or key unwrapping, depending 0N/A * on the value of <code>opmode</code>. 0N/A * <p>If this cipher requires any algorithm parameters that cannot be 0N/A * derived from the given <code>key</code>, the underlying cipher 0N/A * implementation is supposed to generate the required parameters itself 0N/A * (using provider-specific default or random values) if it is being 0N/A * initialized for encryption or key wrapping, and raise an 0N/A * <code>InvalidKeyException</code> if it is being 0N/A * initialized for decryption or key unwrapping. 0N/A * The generated parameters can be retrieved using 0N/A * {@link #getParameters() getParameters} or 0N/A * {@link #getIV() getIV} (if the parameter is an IV). 0N/A * <p>If this cipher (including its underlying feedback or padding scheme) 0N/A * requires any random bytes (e.g., for parameter generation), it will get 0N/A * them using the {@link SecureRandom <code>SecureRandom</code>} 0N/A * implementation of the highest-priority 0N/A * installed provider as the source of randomness. 0N/A * (If none of the installed providers supply an implementation of 0N/A * SecureRandom, a system-provided source of randomness will be used.) 0N/A * <p>Note that when a Cipher object is initialized, it loses all 0N/A * previously-acquired state. In other words, initializing a Cipher is 0N/A * equivalent to creating a new instance of that Cipher and initializing 0N/A * @param opmode the operation mode of this cipher (this is one of 0N/A * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 0N/A * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 0N/A * @param key the key 0N/A * @exception InvalidKeyException if the given key is inappropriate for 0N/A * initializing this cipher, or if this cipher is being initialized for 0N/A * decryption and requires algorithm parameters that cannot be 0N/A * determined from the given key, or if the given key has a keysize that 0N/A * exceeds the maximum allowable keysize (as determined from the 0N/A * configured jurisdiction policy files). 0N/A * Initializes this cipher with a key and a source of randomness. 0N/A * <p>The cipher is initialized for one of the following four operations: 0N/A * encryption, decryption, key wrapping or key unwrapping, depending 0N/A * on the value of <code>opmode</code>. 0N/A * <p>If this cipher requires any algorithm parameters that cannot be 0N/A * derived from the given <code>key</code>, the underlying cipher 0N/A * implementation is supposed to generate the required parameters itself 0N/A * (using provider-specific default or random values) if it is being 0N/A * initialized for encryption or key wrapping, and raise an 0N/A * <code>InvalidKeyException</code> if it is being 0N/A * initialized for decryption or key unwrapping. 0N/A * The generated parameters can be retrieved using 0N/A * {@link #getParameters() getParameters} or 0N/A * {@link #getIV() getIV} (if the parameter is an IV). 0N/A * <p>If this cipher (including its underlying feedback or padding scheme) 0N/A * requires any random bytes (e.g., for parameter generation), it will get 0N/A * them from <code>random</code>. 0N/A * <p>Note that when a Cipher object is initialized, it loses all 0N/A * previously-acquired state. In other words, initializing a Cipher is 0N/A * equivalent to creating a new instance of that Cipher and initializing 0N/A * @param opmode the operation mode of this cipher (this is one of the 0N/A * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 0N/A * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 0N/A * @param key the encryption key 0N/A * @param random the source of randomness 0N/A * @exception InvalidKeyException if the given key is inappropriate for 0N/A * initializing this cipher, or if this cipher is being initialized for 0N/A * decryption and requires algorithm parameters that cannot be 0N/A * determined from the given key, or if the given key has a keysize that 0N/A * exceeds the maximum allowable keysize (as determined from the 0N/A * configured jurisdiction policy files). 0N/A // should never occur 0N/A * Initializes this cipher with a key and a set of algorithm 0N/A * <p>The cipher is initialized for one of the following four operations: 0N/A * encryption, decryption, key wrapping or key unwrapping, depending 0N/A * on the value of <code>opmode</code>. 0N/A * <p>If this cipher requires any algorithm parameters and 0N/A * <code>params</code> is null, the underlying cipher implementation is 0N/A * supposed to generate the required parameters itself (using 0N/A * provider-specific default or random values) if it is being 0N/A * initialized for encryption or key wrapping, and raise an 0N/A * <code>InvalidAlgorithmParameterException</code> if it is being 0N/A * initialized for decryption or key unwrapping. 0N/A * The generated parameters can be retrieved using 0N/A * {@link #getParameters() getParameters} or 0N/A * {@link #getIV() getIV} (if the parameter is an IV). 0N/A * <p>If this cipher (including its underlying feedback or padding scheme) 0N/A * requires any random bytes (e.g., for parameter generation), it will get 0N/A * them using the {@link SecureRandom <code>SecureRandom</code>} 0N/A * implementation of the highest-priority 0N/A * installed provider as the source of randomness. 0N/A * (If none of the installed providers supply an implementation of 0N/A * SecureRandom, a system-provided source of randomness will be used.) 0N/A * <p>Note that when a Cipher object is initialized, it loses all 0N/A * previously-acquired state. In other words, initializing a Cipher is 0N/A * equivalent to creating a new instance of that Cipher and initializing 0N/A * @param opmode the operation mode of this cipher (this is one of the 0N/A * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 0N/A * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 0N/A * @param key the encryption key 0N/A * @param params the algorithm parameters 0N/A * @exception InvalidKeyException if the given key is inappropriate for 0N/A * initializing this cipher, or its keysize exceeds the maximum allowable 0N/A * keysize (as determined from the configured jurisdiction policy files). 0N/A * @exception InvalidAlgorithmParameterException if the given algorithm 0N/A * parameters are inappropriate for this cipher, 0N/A * or this cipher is being initialized for decryption and requires 0N/A * algorithm parameters and <code>params</code> is null, or the given 0N/A * algorithm parameters imply a cryptographic strength that would exceed 0N/A * the legal limits (as determined from the configured jurisdiction 0N/A * Initializes this cipher with a key, a set of algorithm 0N/A * parameters, and a source of randomness. 0N/A * <p>The cipher is initialized for one of the following four operations: 0N/A * encryption, decryption, key wrapping or key unwrapping, depending 0N/A * on the value of <code>opmode</code>. 0N/A * <p>If this cipher requires any algorithm parameters and 0N/A * <code>params</code> is null, the underlying cipher implementation is 0N/A * supposed to generate the required parameters itself (using 0N/A * provider-specific default or random values) if it is being 0N/A * initialized for encryption or key wrapping, and raise an 0N/A * <code>InvalidAlgorithmParameterException</code> if it is being 0N/A * initialized for decryption or key unwrapping. 0N/A * The generated parameters can be retrieved using 0N/A * {@link #getParameters() getParameters} or 0N/A * {@link #getIV() getIV} (if the parameter is an IV). 0N/A * <p>If this cipher (including its underlying feedback or padding scheme) 0N/A * requires any random bytes (e.g., for parameter generation), it will get 0N/A * them from <code>random</code>. 0N/A * <p>Note that when a Cipher object is initialized, it loses all 0N/A * previously-acquired state. In other words, initializing a Cipher is 0N/A * equivalent to creating a new instance of that Cipher and initializing 0N/A * @param opmode the operation mode of this cipher (this is one of the 0N/A * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 0N/A * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 0N/A * @param key the encryption key 0N/A * @param params the algorithm parameters 0N/A * @param random the source of randomness 0N/A * @exception InvalidKeyException if the given key is inappropriate for 0N/A * initializing this cipher, or its keysize exceeds the maximum allowable 0N/A * keysize (as determined from the configured jurisdiction policy files). 0N/A * @exception InvalidAlgorithmParameterException if the given algorithm 0N/A * parameters are inappropriate for this cipher, 0N/A * or this cipher is being initialized for decryption and requires 0N/A * algorithm parameters and <code>params</code> is null, or the given 0N/A * algorithm parameters imply a cryptographic strength that would exceed 0N/A * the legal limits (as determined from the configured jurisdiction 0N/A * Initializes this cipher with a key and a set of algorithm 0N/A * <p>The cipher is initialized for one of the following four operations: 0N/A * encryption, decryption, key wrapping or key unwrapping, depending 0N/A * on the value of <code>opmode</code>. 0N/A * <p>If this cipher requires any algorithm parameters and 0N/A * <code>params</code> is null, the underlying cipher implementation is 0N/A * supposed to generate the required parameters itself (using 0N/A * provider-specific default or random values) if it is being 0N/A * initialized for encryption or key wrapping, and raise an 0N/A * <code>InvalidAlgorithmParameterException</code> if it is being 0N/A * initialized for decryption or key unwrapping. 0N/A * The generated parameters can be retrieved using 0N/A * {@link #getParameters() getParameters} or 0N/A * {@link #getIV() getIV} (if the parameter is an IV). 0N/A * <p>If this cipher (including its underlying feedback or padding scheme) 0N/A * requires any random bytes (e.g., for parameter generation), it will get 0N/A * them using the {@link SecureRandom <code>SecureRandom</code>} 0N/A * implementation of the highest-priority 0N/A * installed provider as the source of randomness. 0N/A * (If none of the installed providers supply an implementation of 0N/A * SecureRandom, a system-provided source of randomness will be used.) 0N/A * <p>Note that when a Cipher object is initialized, it loses all 0N/A * previously-acquired state. In other words, initializing a Cipher is 0N/A * equivalent to creating a new instance of that Cipher and initializing 0N/A * @param opmode the operation mode of this cipher (this is one of the 0N/A * following: <code>ENCRYPT_MODE</code>, 0N/A * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> 0N/A * or <code>UNWRAP_MODE</code>) 0N/A * @param key the encryption key 0N/A * @param params the algorithm parameters * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher, or its keysize exceeds the maximum allowable * keysize (as determined from the configured jurisdiction policy files). * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this cipher, * or this cipher is being initialized for decryption and requires * algorithm parameters and <code>params</code> is null, or the given * algorithm parameters imply a cryptographic strength that would exceed * the legal limits (as determined from the configured jurisdiction * Initializes this cipher with a key, a set of algorithm * parameters, and a source of randomness. * <p>The cipher is initialized for one of the following four operations: * encryption, decryption, key wrapping or key unwrapping, depending * on the value of <code>opmode</code>. * <p>If this cipher requires any algorithm parameters and * <code>params</code> is null, the underlying cipher implementation is * supposed to generate the required parameters itself (using * provider-specific default or random values) if it is being * initialized for encryption or key wrapping, and raise an * <code>InvalidAlgorithmParameterException</code> if it is being * initialized for decryption or key unwrapping. * The generated parameters can be retrieved using * {@link #getParameters() getParameters} or * {@link #getIV() getIV} (if the parameter is an IV). * <p>If this cipher (including its underlying feedback or padding scheme) * requires any random bytes (e.g., for parameter generation), it will get * them from <code>random</code>. * <p>Note that when a Cipher object is initialized, it loses all * previously-acquired state. In other words, initializing a Cipher is * equivalent to creating a new instance of that Cipher and initializing * @param opmode the operation mode of this cipher (this is one of the * following: <code>ENCRYPT_MODE</code>, * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> * or <code>UNWRAP_MODE</code>) * @param key the encryption key * @param params the algorithm parameters * @param random the source of randomness * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher, or its keysize exceeds the maximum allowable * keysize (as determined from the configured jurisdiction policy files). * @exception InvalidAlgorithmParameterException if the given algorithm * parameters are inappropriate for this cipher, * or this cipher is being initialized for decryption and requires * algorithm parameters and <code>params</code> is null, or the given * algorithm parameters imply a cryptographic strength that would exceed * the legal limits (as determined from the configured jurisdiction * Initializes this cipher with the public key from the given certificate. * <p> The cipher is initialized for one of the following four operations: * encryption, decryption, key wrapping or key unwrapping, depending * on the value of <code>opmode</code>. * <p>If the certificate is of type X.509 and has a <i>key usage</i> * extension field marked as critical, and the value of the <i>key usage</i> * extension field implies that the public key in * the certificate and its corresponding private key are not * supposed to be used for the operation represented by the value * of <code>opmode</code>, * an <code>InvalidKeyException</code> * <p> If this cipher requires any algorithm parameters that cannot be * derived from the public key in the given certificate, the underlying * implementation is supposed to generate the required parameters itself * (using provider-specific default or ramdom values) if it is being * initialized for encryption or key wrapping, and raise an <code> * InvalidKeyException</code> if it is being initialized for decryption or * The generated parameters can be retrieved using * {@link #getParameters() getParameters} or * {@link #getIV() getIV} (if the parameter is an IV). * <p>If this cipher (including its underlying feedback or padding scheme) * requires any random bytes (e.g., for parameter generation), it will get * <code>SecureRandom</code> * implementation of the highest-priority * installed provider as the source of randomness. * (If none of the installed providers supply an implementation of * SecureRandom, a system-provided source of randomness will be used.) * <p>Note that when a Cipher object is initialized, it loses all * previously-acquired state. In other words, initializing a Cipher is * equivalent to creating a new instance of that Cipher and initializing * @param opmode the operation mode of this cipher (this is one of the * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) * @param certificate the certificate * @exception InvalidKeyException if the public key in the given * certificate is inappropriate for initializing this cipher, or this * cipher is being initialized for decryption or unwrapping keys and * requires algorithm parameters that cannot be determined from the * public key in the given certificate, or the keysize of the public key * in the given certificate has a keysize that exceeds the maximum * allowable keysize (as determined by the configured jurisdiction policy * Initializes this cipher with the public key from the given certificate * a source of randomness. * <p>The cipher is initialized for one of the following four operations: * encryption, decryption, key wrapping * or key unwrapping, depending on * the value of <code>opmode</code>. * <p>If the certificate is of type X.509 and has a <i>key usage</i> * extension field marked as critical, and the value of the <i>key usage</i> * extension field implies that the public key in * the certificate and its corresponding private key are not * supposed to be used for the operation represented by the value of * an <code>InvalidKeyException</code> * <p>If this cipher requires any algorithm parameters that cannot be * derived from the public key in the given <code>certificate</code>, * implementation is supposed to generate the required parameters itself * (using provider-specific default or random values) if it is being * initialized for encryption or key wrapping, and raise an * <code>InvalidKeyException</code> if it is being * initialized for decryption or key unwrapping. * The generated parameters can be retrieved using * {@link #getParameters() getParameters} or * {@link #getIV() getIV} (if the parameter is an IV). * <p>If this cipher (including its underlying feedback or padding scheme) * requires any random bytes (e.g., for parameter generation), it will get * them from <code>random</code>. * <p>Note that when a Cipher object is initialized, it loses all * previously-acquired state. In other words, initializing a Cipher is * equivalent to creating a new instance of that Cipher and initializing * @param opmode the operation mode of this cipher (this is one of the * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) * @param certificate the certificate * @param random the source of randomness * @exception InvalidKeyException if the public key in the given * certificate is inappropriate for initializing this cipher, or this * cipher is being initialized for decryption or unwrapping keys and * requires algorithm parameters that cannot be determined from the * public key in the given certificate, or the keysize of the public key * in the given certificate has a keysize that exceeds the maximum * allowable keysize (as determined by the configured jurisdiction policy // Check key usage if the certificate is of // Check whether the cert has a key usage extension // marked as a critical extension. // keyUsageInfo[2] is for keyEncipherment; // keyUsageInfo[3] is for dataEncipherment. * Ensures that Cipher is in a valid state for update() and doFinal() * calls - should be initialized and in ENCRYPT_MODE or DECRYPT_MODE. * @throws IllegalStateException if Cipher object is not in valid state. * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * <p>The bytes in the <code>input</code> buffer are processed, and the * result is stored in a new buffer. * <p>If <code>input</code> has a length of zero, this method returns * @param input the input buffer * @return the new buffer with the result, or null if the underlying * cipher is a block cipher and the input data is too short to result in a * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, are processed, * and the result is stored in a new buffer. * <p>If <code>inputLen</code> is zero, this method returns * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @return the new buffer with the result, or null if the underlying * cipher is a block cipher and the input data is too short to result in a * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, are processed, * and the result is stored in the <code>output</code> buffer. * <p>If the <code>output</code> buffer is too small to hold the result, * a <code>ShortBufferException</code> is thrown. In this case, repeat this * call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>If <code>inputLen</code> is zero, this method returns * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same byte array and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @param output the buffer for the result * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception ShortBufferException if the given output buffer is too small * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, are processed, * and the result is stored in the <code>output</code> buffer, starting at * <code>outputOffset</code> inclusive. * <p>If the <code>output</code> buffer is too small to hold the result, * a <code>ShortBufferException</code> is thrown. In this case, repeat this * call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>If <code>inputLen</code> is zero, this method returns * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same byte array and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in <code>output</code> where the result * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception ShortBufferException if the given output buffer is too small * Continues a multiple-part encryption or decryption operation * (depending on how this cipher was initialized), processing another data * <p>All <code>input.remaining()</code> bytes starting at * <code>input.position()</code> are processed. The result is stored * Upon return, the input buffer's position will be equal * to its limit; its limit will not have changed. The output buffer's * position will have advanced by n, where n is the value returned * by this method; the output buffer's limit will not have changed. * <p>If <code>output.remaining()</code> bytes are insufficient to * hold the result, a <code>ShortBufferException</code> is thrown. * In this case, repeat this call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same block of memory and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input ByteBuffer * @param output the output ByteByffer * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalArgumentException if input and output are the * @exception ReadOnlyBufferException if the output buffer is read-only * @exception ShortBufferException if there is insufficient space in the +
"not be the same object, consider using buffer.duplicate()");
* Finishes a multiple-part encryption or decryption operation, depending * on how this cipher was initialized. * <p>Input data that may have been buffered during a previous * <code>update</code> operation is processed, with padding (if requested) * The result is stored in a new buffer. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * @return the new buffer with the result * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Finishes a multiple-part encryption or decryption operation, depending * on how this cipher was initialized. * <p>Input data that may have been buffered during a previous * <code>update</code> operation is processed, with padding (if requested) * The result is stored in the <code>output</code> buffer, starting at * <code>outputOffset</code> inclusive. * <p>If the <code>output</code> buffer is too small to hold the result, * a <code>ShortBufferException</code> is thrown. In this case, repeat this * call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * @param output the buffer for the result * @param outputOffset the offset in <code>output</code> where the result * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception ShortBufferException if the given output buffer is too small * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * <p>The bytes in the <code>input</code> buffer, and any input bytes that * may have been buffered during a previous <code>update</code> operation, * are processed, with padding (if requested) being applied. * The result is stored in a new buffer. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * @param input the input buffer * @return the new buffer with the result * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, and any input * bytes that may have been buffered during a previous <code>update</code> * operation, are processed, with padding (if requested) being applied. * The result is stored in a new buffer. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @return the new buffer with the result * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, and any input * bytes that may have been buffered during a previous <code>update</code> * operation, are processed, with padding (if requested) being applied. * The result is stored in the <code>output</code> buffer. * <p>If the <code>output</code> buffer is too small to hold the result, * a <code>ShortBufferException</code> is thrown. In this case, repeat this * call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same byte array and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @param output the buffer for the result * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception ShortBufferException if the given output buffer is too small * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * <p>The first <code>inputLen</code> bytes in the <code>input</code> * buffer, starting at <code>inputOffset</code> inclusive, and any input * bytes that may have been buffered during a previous * <code>update</code> operation, are processed, with padding * (if requested) being applied. * The result is stored in the <code>output</code> buffer, starting at * <code>outputOffset</code> inclusive. * <p>If the <code>output</code> buffer is too small to hold the result, * a <code>ShortBufferException</code> is thrown. In this case, repeat this * call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same byte array and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input buffer * @param inputOffset the offset in <code>input</code> where the input * @param inputLen the input length * @param output the buffer for the result * @param outputOffset the offset in <code>output</code> where the result * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception ShortBufferException if the given output buffer is too small * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * <p>All <code>input.remaining()</code> bytes starting at * <code>input.position()</code> are processed. The result is stored * Upon return, the input buffer's position will be equal * to its limit; its limit will not have changed. The output buffer's * position will have advanced by n, where n is the value returned * by this method; the output buffer's limit will not have changed. * <p>If <code>output.remaining()</code> bytes are insufficient to * hold the result, a <code>ShortBufferException</code> is thrown. * In this case, repeat this call with a larger output buffer. Use * {@link #getOutputSize(int) getOutputSize} to determine how big * the output buffer should be. * <p>Upon finishing, this method resets this cipher object to the state * it was in when previously initialized via a call to <code>init</code>. * That is, the object is reset and available to encrypt or decrypt * (depending on the operation mode that was specified in the call to * <code>init</code>) more data. * <p>Note: if any exception is thrown, this cipher object may need to * be reset before it can be used again. * <p>Note: this method should be copy-safe, which means the * <code>input</code> and <code>output</code> buffers can reference * the same byte array and no unprocessed input data is overwritten * when the result is copied into the output buffer. * @param input the input ByteBuffer * @param output the output ByteBuffer * @return the number of bytes stored in <code>output</code> * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized) * @exception IllegalArgumentException if input and output are the * @exception ReadOnlyBufferException if the output buffer is read-only * @exception IllegalBlockSizeException if this cipher is a block cipher, * no padding has been requested (only in encryption mode), and the total * input length of the data processed by this cipher is not a multiple of * block size; or if this encryption algorithm is unable to * process the input data provided. * @exception ShortBufferException if there is insufficient space in the * @exception BadPaddingException if this cipher is in decryption mode, * and (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes +
"not be the same object, consider using buffer.duplicate()");
* @param key the key to be wrapped. * @return the wrapped key. * @exception IllegalStateException if this cipher is in a wrong * state (e.g., has not been initialized). * @exception IllegalBlockSizeException if this cipher is a block * cipher, no padding has been requested, and the length of the * encoding of the key to be wrapped is not a * multiple of the block size. * @exception InvalidKeyException if it is impossible or unsafe to * wrap the key with this cipher (e.g., a hardware protected key is * being passed to a software-only cipher). * Unwrap a previously wrapped key. * @param wrappedKey the key to be unwrapped. * @param wrappedKeyAlgorithm the algorithm associated with the wrapped * @param wrappedKeyType the type of the wrapped key. This must be one of * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or * <code>PUBLIC_KEY</code>. * @return the unwrapped key. * @exception IllegalStateException if this cipher is in a wrong state * (e.g., has not been initialized). * @exception NoSuchAlgorithmException if no installed providers * can create keys of type <code>wrappedKeyType</code> for the * <code>wrappedKeyAlgorithm</code>. * @exception InvalidKeyException if <code>wrappedKey</code> does not * represent a wrapped key of type <code>wrappedKeyType</code> for * the <code>wrappedKeyAlgorithm</code>. * Returns the maximum key length for the specified transformation * according to the installed JCE jurisdiction policy files. If * JCE unlimited strength jurisdiction policy files are installed, * Integer.MAX_VALUE will be returned. * For more information on default key size in JCE jurisdiction * policy files, please see Appendix E in the * Java Cryptography Architecture Reference Guide</a>. * @param transformation the cipher transformation. * @return the maximum key length in bits or Integer.MAX_VALUE. * @exception NullPointerException if <code>transformation</code> is null. * @exception NoSuchAlgorithmException if <code>transformation</code> * is not a valid transformation, i.e. in the form of "algorithm" or * Returns an AlgorithmParameterSpec object which contains * the maximum cipher parameter value according to the * jurisdiction policy file. If JCE unlimited strength jurisdiction * policy files are installed or there is no maximum limit on the * parameters for the specified transformation in the policy file, * @param transformation the cipher transformation. * @return an AlgorithmParameterSpec which holds the maximum * @exception NullPointerException if <code>transformation</code> * @exception NoSuchAlgorithmException if <code>transformation</code> * is not a valid transformation, i.e. in the form of "algorithm" or