< prev index next >
src/java.base/share/classes/javax/crypto/Cipher.java
Print this page
*** 50,60 ****
* This class provides the functionality of a cryptographic cipher for
* encryption and decryption. It forms the core of the Java Cryptographic
* Extension (JCE) framework.
*
* <p>In order to create a Cipher object, the application calls the
! * Cipher's <code>getInstance</code> method, and passes the name of the
* requested <i>transformation</i> to it. Optionally, the name of a provider
* may be specified.
*
* <p>A <i>transformation</i> is a string that describes the operation (or
* set of operations) to be performed on the given input, to produce some
--- 50,60 ----
* This class provides the functionality of a cryptographic cipher for
* encryption and decryption. It forms the core of the Java Cryptographic
* Extension (JCE) framework.
*
* <p>In order to create a Cipher object, the application calls the
! * Cipher's {@code getInstance} method, and passes the name of the
* requested <i>transformation</i> to it. Optionally, the name of a provider
* may be specified.
*
* <p>A <i>transformation</i> is a string that describes the operation (or
* set of operations) to be performed on the given input, to produce some
*** 76,91 ****
*
* <pre>
* Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>");
* </pre>
*
! * Using modes such as <code>CFB</code> and <code>OFB</code>, block
* ciphers can encrypt data in units smaller than the cipher's actual
* block size. When requesting such a mode, you may optionally specify
* the number of bits to be processed at a time by appending this number
! * to the mode name as shown in the "<code>DES/CFB8/NoPadding</code>" and
! * "<code>DES/OFB32/PKCS5Padding</code>" transformations. If no such
* number is specified, a provider-specific default is used. (For
* example, the SunJCE provider uses a default of 64 bits for DES.)
* Thus, block ciphers can be turned into byte-oriented stream ciphers by
* using an 8 bit mode such as CFB8 or OFB8.
* <p>
--- 76,91 ----
*
* <pre>
* Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>");
* </pre>
*
! * Using modes such as {@code CFB} and {@code OFB}, block
* ciphers can encrypt data in units smaller than the cipher's actual
* block size. When requesting such a mode, you may optionally specify
* the number of bits to be processed at a time by appending this number
! * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and
! * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such
* number is specified, a provider-specific default is used. (For
* example, the SunJCE provider uses a default of 64 bits for DES.)
* Thus, block ciphers can be turned into byte-oriented stream ciphers by
* using an 8 bit mode such as CFB8 or OFB8.
* <p>
*** 99,110 ****
* to the ciphertext during encryption, and is verified on decryption.
* <p>
* AEAD modes such as GCM/CCM perform all AAD authenticity calculations
* before starting the ciphertext authenticity calculations. To avoid
* implementations having to internally buffer ciphertext, all AAD data
! * must be supplied to GCM/CCM implementations (via the {@code
! * updateAAD} methods) <b>before</b> the ciphertext is processed (via
* the {@code update} and {@code doFinal} methods).
* <p>
* Note that GCM mode has a uniqueness requirement on IVs used in
* encryption with a given key. When IVs are repeated for GCM
* encryption, such usages are subject to forgery attacks. Thus, after
--- 99,110 ----
* to the ciphertext during encryption, and is verified on decryption.
* <p>
* AEAD modes such as GCM/CCM perform all AAD authenticity calculations
* before starting the ciphertext authenticity calculations. To avoid
* implementations having to internally buffer ciphertext, all AAD data
! * must be supplied to GCM/CCM implementations (via the {@code updateAAD}
! * methods) <b>before</b> the ciphertext is processed (via
* the {@code update} and {@code doFinal} methods).
* <p>
* Note that GCM mode has a uniqueness requirement on IVs used in
* encryption with a given key. When IVs are repeated for GCM
* encryption, such usages are subject to forgery attacks. Thus, after
*** 128,155 ****
* cipher.init(..., s);
* ...
*
* </pre>
* Every implementation of the Java platform is required to support
! * the following standard <code>Cipher</code> transformations with the keysizes
* in parentheses:
* <ul>
! * <li><tt>AES/CBC/NoPadding</tt> (128)</li>
! * <li><tt>AES/CBC/PKCS5Padding</tt> (128)</li>
! * <li><tt>AES/ECB/NoPadding</tt> (128)</li>
! * <li><tt>AES/ECB/PKCS5Padding</tt> (128)</li>
! * <li><tt>DES/CBC/NoPadding</tt> (56)</li>
! * <li><tt>DES/CBC/PKCS5Padding</tt> (56)</li>
! * <li><tt>DES/ECB/NoPadding</tt> (56)</li>
! * <li><tt>DES/ECB/PKCS5Padding</tt> (56)</li>
! * <li><tt>DESede/CBC/NoPadding</tt> (168)</li>
! * <li><tt>DESede/CBC/PKCS5Padding</tt> (168)</li>
! * <li><tt>DESede/ECB/NoPadding</tt> (168)</li>
! * <li><tt>DESede/ECB/PKCS5Padding</tt> (168)</li>
! * <li><tt>RSA/ECB/PKCS1Padding</tt> (1024, 2048)</li>
! * <li><tt>RSA/ECB/OAEPWithSHA-1AndMGF1Padding</tt> (1024, 2048)</li>
! * <li><tt>RSA/ECB/OAEPWithSHA-256AndMGF1Padding</tt> (1024, 2048)</li>
* </ul>
* These transformations are described in the
* <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher">
* Cipher section</a> of the
* Java Cryptography Architecture Standard Algorithm Name Documentation.
--- 128,155 ----
* cipher.init(..., s);
* ...
*
* </pre>
* Every implementation of the Java platform is required to support
! * the following standard {@code Cipher} transformations with the keysizes
* in parentheses:
* <ul>
! * <li>{@code AES/CBC/NoPadding} (128)</li>
! * <li>{@code AES/CBC/PKCS5Padding} (128)</li>
! * <li>{@code AES/ECB/NoPadding} (128)</li>
! * <li>{@code AES/ECB/PKCS5Padding} (128)</li>
! * <li>{@code DES/CBC/NoPadding} (56)</li>
! * <li>{@code DES/CBC/PKCS5Padding} (56)</li>
! * <li>{@code DES/ECB/NoPadding} (56)</li>
! * <li>{@code DES/ECB/PKCS5Padding} (56)</li>
! * <li>{@code DESede/CBC/NoPadding} (168)</li>
! * <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
! * <li>{@code DESede/ECB/NoPadding} (168)</li>
! * <li>{@code DESede/ECB/PKCS5Padding} (168)</li>
! * <li>{@code RSA/ECB/PKCS1Padding} (1024, 2048)</li>
! * <li>{@code RSA/ECB/OAEPWithSHA-1AndMGF1Padding} (1024, 2048)</li>
! * <li>{@code RSA/ECB/OAEPWithSHA-256AndMGF1Padding} (1024, 2048)</li>
* </ul>
* These transformations are described in the
* <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher">
* Cipher section</a> of the
* Java Cryptography Architecture Standard Algorithm Name Documentation.
*** 464,474 ****
}
return null;
}
/**
! * Returns a <code>Cipher</code> object that implements the specified
* transformation.
*
* <p> This method traverses the list of registered security Providers,
* starting with the most preferred Provider.
* A new Cipher object encapsulating the
--- 464,474 ----
}
return null;
}
/**
! * Returns a {@code Cipher} object that implements the specified
* transformation.
*
* <p> This method traverses the list of registered security Providers,
* starting with the most preferred Provider.
* A new Cipher object encapsulating the
*** 485,500 ****
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard transformation names.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if <code>transformation</code>
* is null, empty, in an invalid format,
* or if no Provider supports a CipherSpi implementation for the
* specified algorithm.
*
! * @exception NoSuchPaddingException if <code>transformation</code>
* contains a padding scheme that is not available.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation)
--- 485,500 ----
* Java Cryptography Architecture Standard Algorithm Name Documentation</a>
* for information about standard transformation names.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if {@code transformation}
* is null, empty, in an invalid format,
* or if no Provider supports a CipherSpi implementation for the
* specified algorithm.
*
! * @exception NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation)
*** 540,550 ****
throw new NoSuchAlgorithmException
("Cannot find any provider supporting " + transformation, failure);
}
/**
! * Returns a <code>Cipher</code> object that implements the specified
* transformation.
*
* <p> A new Cipher object encapsulating the
* CipherSpi implementation from the specified provider
* is returned. The specified provider must be registered
--- 540,550 ----
throw new NoSuchAlgorithmException
("Cannot find any provider supporting " + transformation, failure);
}
/**
! * Returns a {@code Cipher} object that implements the specified
* transformation.
*
* <p> A new Cipher object encapsulating the
* CipherSpi implementation from the specified provider
* is returned. The specified provider must be registered
*** 562,583 ****
*
* @param provider the name of the provider.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if <code>transformation</code>
* is null, empty, in an invalid format,
* or if a CipherSpi implementation for the specified algorithm
* is not available from the specified provider.
*
* @exception NoSuchProviderException if the specified provider is not
* registered in the security provider list.
*
! * @exception NoSuchPaddingException if <code>transformation</code>
* contains a padding scheme that is not available.
*
! * @exception IllegalArgumentException if the <code>provider</code>
* is null or empty.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation,
--- 562,583 ----
*
* @param provider the name of the provider.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if {@code transformation}
* is null, empty, in an invalid format,
* or if a CipherSpi implementation for the specified algorithm
* is not available from the specified provider.
*
* @exception NoSuchProviderException if the specified provider is not
* registered in the security provider list.
*
! * @exception NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available.
*
! * @exception IllegalArgumentException if the {@code provider}
* is null or empty.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation,
*** 595,605 ****
}
return getInstance(transformation, p);
}
/**
! * Returns a <code>Cipher</code> object that implements the specified
* transformation.
*
* <p> A new Cipher object encapsulating the
* CipherSpi implementation from the specified Provider
* object is returned. Note that the specified Provider object
--- 595,605 ----
}
return getInstance(transformation, p);
}
/**
! * Returns a {@code Cipher} object that implements the specified
* transformation.
*
* <p> A new Cipher object encapsulating the
* CipherSpi implementation from the specified Provider
* object is returned. Note that the specified Provider object
*** 614,632 ****
*
* @param provider the provider.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if <code>transformation</code>
* is null, empty, in an invalid format,
* or if a CipherSpi implementation for the specified algorithm
* is not available from the specified Provider object.
*
! * @exception NoSuchPaddingException if <code>transformation</code>
* contains a padding scheme that is not available.
*
! * @exception IllegalArgumentException if the <code>provider</code>
* is null.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation,
--- 614,632 ----
*
* @param provider the provider.
*
* @return a cipher that implements the requested transformation.
*
! * @exception NoSuchAlgorithmException if {@code transformation}
* is null, empty, in an invalid format,
* or if a CipherSpi implementation for the specified algorithm
* is not available from the specified Provider object.
*
! * @exception NoSuchPaddingException if {@code transformation}
* contains a padding scheme that is not available.
*
! * @exception IllegalArgumentException if the {@code provider}
* is null.
*
* @see java.security.Provider
*/
public static final Cipher getInstance(String transformation,
*** 895,921 ****
+ kName, lastException);
}
}
/**
! * Returns the provider of this <code>Cipher</code> object.
*
! * @return the provider of this <code>Cipher</code> object
*/
public final Provider getProvider() {
chooseFirstProvider();
return this.provider;
}
/**
! * Returns the algorithm name of this <code>Cipher</code> object.
*
* <p>This is the same name that was specified in one of the
! * <code>getInstance</code> calls that created this <code>Cipher</code>
* object..
*
! * @return the algorithm name of this <code>Cipher</code> object.
*/
public final String getAlgorithm() {
return this.transformation;
}
--- 895,921 ----
+ kName, lastException);
}
}
/**
! * Returns the provider of this {@code Cipher} object.
*
! * @return the provider of this {@code Cipher} object
*/
public final Provider getProvider() {
chooseFirstProvider();
return this.provider;
}
/**
! * Returns the algorithm name of this {@code Cipher} object.
*
* <p>This is the same name that was specified in one of the
! * {@code getInstance} calls that created this {@code Cipher}
* object..
*
! * @return the algorithm name of this {@code Cipher} object.
*/
public final String getAlgorithm() {
return this.transformation;
}
*** 930,948 ****
return spi.engineGetBlockSize();
}
/**
* Returns the length in bytes that an output buffer would need to be in
! * order to hold the result of the next <code>update</code> or
! * <code>doFinal</code> operation, given the input length
! * <code>inputLen</code> (in bytes).
*
* <p>This call takes into account any unprocessed (buffered) data from a
! * previous <code>update</code> call, padding, and AEAD tagging.
*
! * <p>The actual output length of the next <code>update</code> or
! * <code>doFinal</code> call may be smaller than the length returned by
* this method.
*
* @param inputLen the input length (in bytes)
*
* @return the required output buffer size (in bytes)
--- 930,948 ----
return spi.engineGetBlockSize();
}
/**
* Returns the length in bytes that an output buffer would need to be in
! * order to hold the result of the next {@code update} or
! * {@code doFinal} operation, given the input length
! * {@code inputLen} (in bytes).
*
* <p>This call takes into account any unprocessed (buffered) data from a
! * previous {@code update} call, padding, and AEAD tagging.
*
! * <p>The actual output length of the next {@code update} or
! * {@code doFinal} call may be smaller than the length returned by
* this method.
*
* @param inputLen the input length (in bytes)
*
* @return the required output buffer size (in bytes)
*** 1133,1150 ****
/**
* Initializes this cipher with a key.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the given <code>key</code>, the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidKeyException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1133,1150 ----
/**
* Initializes this cipher with a key.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the given {@code key}, the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidKeyException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1166,1177 ****
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of
* the following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param key the key
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or requires
* algorithm parameters that cannot be
--- 1166,1177 ----
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of
* the following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param key the key
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or requires
* algorithm parameters that cannot be
*** 1189,1206 ****
/**
* Initializes this cipher with a key and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the given <code>key</code>, the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidKeyException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1189,1206 ----
/**
* Initializes this cipher with a key and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the given {@code key}, the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidKeyException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1209,1229 ****
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from <code>random</code>.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or requires
--- 1209,1229 ----
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from {@code random}.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param key the encryption key
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or requires
*** 1267,1284 ****
* Initializes this cipher with a key and a set of algorithm
* parameters.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters and
! * <code>params</code> is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidAlgorithmParameterException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1267,1284 ----
* Initializes this cipher with a key and a set of algorithm
* parameters.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters and
! * {@code params} is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidAlgorithmParameterException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1300,1321 ****
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param params the algorithm parameters
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and <code>params</code> is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
--- 1300,1321 ----
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param key the encryption key
* @param params the algorithm parameters
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and {@code params} is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
*** 1331,1348 ****
* Initializes this cipher with a key, a set of algorithm
* parameters, and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters and
! * <code>params</code> is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidAlgorithmParameterException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1331,1348 ----
* Initializes this cipher with a key, a set of algorithm
* parameters, and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters and
! * {@code params} is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidAlgorithmParameterException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1351,1382 ****
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from <code>random</code>.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param params the algorithm parameters
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and <code>params</code> is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
--- 1351,1382 ----
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from {@code random}.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param key the encryption key
* @param params the algorithm parameters
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and {@code params} is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
*** 1410,1427 ****
* Initializes this cipher with a key and a set of algorithm
* parameters.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters and
! * <code>params</code> is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidAlgorithmParameterException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1410,1427 ----
* Initializes this cipher with a key and a set of algorithm
* parameters.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters and
! * {@code params} is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidAlgorithmParameterException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1442,1464 ****
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
! * following: <code>ENCRYPT_MODE</code>,
! * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
! * or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param params the algorithm parameters
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and <code>params</code> is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
--- 1442,1464 ----
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
! * following: {@code ENCRYPT_MODE},
! * {@code DECRYPT_MODE}, {@code WRAP_MODE}
! * or {@code UNWRAP_MODE})
* @param key the encryption key
* @param params the algorithm parameters
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and {@code params} is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
*** 1474,1491 ****
* Initializes this cipher with a key, a set of algorithm
* parameters, and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If this cipher requires any algorithm parameters and
! * <code>params</code> is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidAlgorithmParameterException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1474,1491 ----
* Initializes this cipher with a key, a set of algorithm
* parameters, and a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If this cipher requires any algorithm parameters and
! * {@code params} is null, the underlying cipher implementation is
* supposed to generate the required parameters itself (using
* provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidAlgorithmParameterException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1494,1525 ****
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from <code>random</code>.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
! * following: <code>ENCRYPT_MODE</code>,
! * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code>
! * or <code>UNWRAP_MODE</code>)
* @param key the encryption key
* @param params the algorithm parameters
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and <code>params</code> is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
--- 1494,1525 ----
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from {@code random}.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
! * following: {@code ENCRYPT_MODE},
! * {@code DECRYPT_MODE}, {@code WRAP_MODE}
! * or {@code UNWRAP_MODE})
* @param key the encryption key
* @param params the algorithm parameters
* @param random the source of randomness
*
* @exception InvalidKeyException if the given key is inappropriate for
* initializing this cipher, or its keysize exceeds the maximum allowable
* keysize (as determined from the configured jurisdiction policy files).
* @exception InvalidAlgorithmParameterException if the given algorithm
* parameters are inappropriate for this cipher,
* or this cipher requires
! * algorithm parameters and {@code params} is null, or the given
* algorithm parameters imply a cryptographic strength that would exceed
* the legal limits (as determined from the configured jurisdiction
* policy files).
* @throws UnsupportedOperationException if (@code opmode} is
* {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
*** 1551,1578 ****
/**
* Initializes this cipher with the public key from the given certificate.
* <p> The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of <code>opmode</code>.
*
* <p>If the certificate is of type X.509 and has a <i>key usage</i>
* extension field marked as critical, and the value of the <i>key usage</i>
* extension field implies that the public key in
* the certificate and its corresponding private key are not
* supposed to be used for the operation represented by the value
! * of <code>opmode</code>,
! * an <code>InvalidKeyException</code>
* is thrown.
*
* <p> If this cipher requires any algorithm parameters that cannot be
* derived from the public key in the given certificate, the underlying
* cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
! * initialized for encryption or key wrapping, and raise an <code>
! * InvalidKeyException</code> if it is being initialized for decryption or
* key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1551,1578 ----
/**
* Initializes this cipher with the public key from the given certificate.
* <p> The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping or key unwrapping, depending
! * on the value of {@code opmode}.
*
* <p>If the certificate is of type X.509 and has a <i>key usage</i>
* extension field marked as critical, and the value of the <i>key usage</i>
* extension field implies that the public key in
* the certificate and its corresponding private key are not
* supposed to be used for the operation represented by the value
! * of {@code opmode},
! * an {@code InvalidKeyException}
* is thrown.
*
* <p> If this cipher requires any algorithm parameters that cannot be
* derived from the public key in the given certificate, the underlying
* cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
! * initialized for encryption or key wrapping, and raise an
! * {@code InvalidKeyException} if it is being initialized for decryption or
* key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1582,1592 ****
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
* them using the
! * <code>SecureRandom</code>
* implementation of the highest-priority
* installed provider as the source of randomness.
* (If none of the installed providers supply an implementation of
* SecureRandom, a system-provided source of randomness will be used.)
*
--- 1582,1592 ----
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
* them using the
! * {@code SecureRandom}
* implementation of the highest-priority
* installed provider as the source of randomness.
* (If none of the installed providers supply an implementation of
* SecureRandom, a system-provided source of randomness will be used.)
*
*** 1595,1606 ****
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param certificate the certificate
*
* @exception InvalidKeyException if the public key in the given
* certificate is inappropriate for initializing this cipher, or this
* cipher requires algorithm parameters that cannot be determined from the
--- 1595,1606 ----
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param certificate the certificate
*
* @exception InvalidKeyException if the public key in the given
* certificate is inappropriate for initializing this cipher, or this
* cipher requires algorithm parameters that cannot be determined from the
*** 1624,1651 ****
* a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping
* or key unwrapping, depending on
! * the value of <code>opmode</code>.
*
* <p>If the certificate is of type X.509 and has a <i>key usage</i>
* extension field marked as critical, and the value of the <i>key usage</i>
* extension field implies that the public key in
* the certificate and its corresponding private key are not
* supposed to be used for the operation represented by the value of
! * <code>opmode</code>,
! * an <code>InvalidKeyException</code>
* is thrown.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the public key in the given <code>certificate</code>,
* the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * <code>InvalidKeyException</code> if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
--- 1624,1651 ----
* a source of randomness.
*
* <p>The cipher is initialized for one of the following four operations:
* encryption, decryption, key wrapping
* or key unwrapping, depending on
! * the value of {@code opmode}.
*
* <p>If the certificate is of type X.509 and has a <i>key usage</i>
* extension field marked as critical, and the value of the <i>key usage</i>
* extension field implies that the public key in
* the certificate and its corresponding private key are not
* supposed to be used for the operation represented by the value of
! * {@code opmode},
! * an {@code InvalidKeyException}
* is thrown.
*
* <p>If this cipher requires any algorithm parameters that cannot be
! * derived from the public key in the given {@code certificate},
* the underlying cipher
* implementation is supposed to generate the required parameters itself
* (using provider-specific default or random values) if it is being
* initialized for encryption or key wrapping, and raise an
! * {@code InvalidKeyException} if it is being
* initialized for decryption or key unwrapping.
* The generated parameters can be retrieved using
* {@link #getParameters() getParameters} or
* {@link #getIV() getIV} (if the parameter is an IV).
*
*** 1654,1674 ****
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from <code>random</code>.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>,
! * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>)
* @param certificate the certificate
* @param random the source of randomness
*
* @exception InvalidKeyException if the public key in the given
* certificate is inappropriate for initializing this cipher, or this
--- 1654,1674 ----
* provider-specific default values, initialization will
* necessarily fail.
*
* <p>If this cipher (including its underlying feedback or padding scheme)
* requires any random bytes (e.g., for parameter generation), it will get
! * them from {@code random}.
*
* <p>Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing
* it.
*
* @param opmode the operation mode of this cipher (this is one of the
* following:
! * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
! * {@code WRAP_MODE} or {@code UNWRAP_MODE})
* @param certificate the certificate
* @param random the source of randomness
*
* @exception InvalidKeyException if the public key in the given
* certificate is inappropriate for initializing this cipher, or this
*** 1760,1774 ****
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The bytes in the <code>input</code> buffer are processed, and the
* result is stored in a new buffer.
*
! * <p>If <code>input</code> has a length of zero, this method returns
! * <code>null</code>.
*
* @param input the input buffer
*
* @return the new buffer with the result, or null if the underlying
* cipher is a block cipher and the input data is too short to result in a
--- 1760,1774 ----
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The bytes in the {@code input} buffer are processed, and the
* result is stored in a new buffer.
*
! * <p>If {@code input} has a length of zero, this method returns
! * {@code null}.
*
* @param input the input buffer
*
* @return the new buffer with the result, or null if the underlying
* cipher is a block cipher and the input data is too short to result in a
*** 1795,1813 ****
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, are processed,
* and the result is stored in a new buffer.
*
! * <p>If <code>inputLen</code> is zero, this method returns
! * <code>null</code>.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result, or null if the underlying
* cipher is a block cipher and the input data is too short to result in a
--- 1795,1813 ----
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, are processed,
* and the result is stored in a new buffer.
*
! * <p>If {@code inputLen} is zero, this method returns
! * {@code null}.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result, or null if the underlying
* cipher is a block cipher and the input data is too short to result in a
*** 1835,1869 ****
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, are processed,
! * and the result is stored in the <code>output</code> buffer.
*
! * <p>If the <code>output</code> buffer is too small to hold the result,
! * a <code>ShortBufferException</code> is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
! * <p>If <code>inputLen</code> is zero, this method returns
* a length of zero.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
--- 1835,1869 ----
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, are processed,
! * and the result is stored in the {@code output} buffer.
*
! * <p>If the {@code output} buffer is too small to hold the result,
! * a {@code ShortBufferException} is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
! * <p>If {@code inputLen} is zero, this method returns
* a length of zero.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
*** 1890,1927 ****
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, are processed,
! * and the result is stored in the <code>output</code> buffer, starting at
! * <code>outputOffset</code> inclusive.
*
! * <p>If the <code>output</code> buffer is too small to hold the result,
! * a <code>ShortBufferException</code> is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
! * <p>If <code>inputLen</code> is zero, this method returns
* a length of zero.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
! * @param outputOffset the offset in <code>output</code> where the result
* is stored
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
--- 1890,1927 ----
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, are processed,
! * and the result is stored in the {@code output} buffer, starting at
! * {@code outputOffset} inclusive.
*
! * <p>If the {@code output} buffer is too small to hold the result,
! * a {@code ShortBufferException} is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
! * <p>If {@code inputLen} is zero, this method returns
* a length of zero.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
! * @param outputOffset the offset in {@code output} where the result
* is stored
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception ShortBufferException if the given output buffer is too small
* to hold the result
*** 1949,1981 ****
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>All <code>input.remaining()</code> bytes starting at
! * <code>input.position()</code> are processed. The result is stored
* in the output buffer.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed. The output buffer's
* position will have advanced by n, where n is the value returned
* by this method; the output buffer's limit will not have changed.
*
! * <p>If <code>output.remaining()</code> bytes are insufficient to
! * hold the result, a <code>ShortBufferException</code> is thrown.
* In this case, repeat this call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same block of memory and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input ByteBuffer
* @param output the output ByteByffer
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalArgumentException if input and output are the
* same object
--- 1949,1981 ----
/**
* Continues a multiple-part encryption or decryption operation
* (depending on how this cipher was initialized), processing another data
* part.
*
! * <p>All {@code input.remaining()} bytes starting at
! * {@code input.position()} are processed. The result is stored
* in the output buffer.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed. The output buffer's
* position will have advanced by n, where n is the value returned
* by this method; the output buffer's limit will not have changed.
*
! * <p>If {@code output.remaining()} bytes are insufficient to
! * hold the result, a {@code ShortBufferException} is thrown.
* In this case, repeat this call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same block of memory and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input ByteBuffer
* @param output the output ByteByffer
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalArgumentException if input and output are the
* same object
*** 2006,2027 ****
/**
* Finishes a multiple-part encryption or decryption operation, depending
* on how this cipher was initialized.
*
* <p>Input data that may have been buffered during a previous
! * <code>update</code> operation is processed, with padding (if requested)
* being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @return the new buffer with the result
--- 2006,2027 ----
/**
* Finishes a multiple-part encryption or decryption operation, depending
* on how this cipher was initialized.
*
* <p>Input data that may have been buffered during a previous
! * {@code update} operation is processed, with padding (if requested)
* being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @return the new buffer with the result
*** 2051,2088 ****
/**
* Finishes a multiple-part encryption or decryption operation, depending
* on how this cipher was initialized.
*
* <p>Input data that may have been buffered during a previous
! * <code>update</code> operation is processed, with padding (if requested)
* being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the <code>output</code> buffer, starting at
! * <code>outputOffset</code> inclusive.
*
! * <p>If the <code>output</code> buffer is too small to hold the result,
! * a <code>ShortBufferException</code> is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param output the buffer for the result
! * @param outputOffset the offset in <code>output</code> where the result
* is stored
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
--- 2051,2088 ----
/**
* Finishes a multiple-part encryption or decryption operation, depending
* on how this cipher was initialized.
*
* <p>Input data that may have been buffered during a previous
! * {@code update} operation is processed, with padding (if requested)
* being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the {@code output} buffer, starting at
! * {@code outputOffset} inclusive.
*
! * <p>If the {@code output} buffer is too small to hold the result,
! * a {@code ShortBufferException} is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param output the buffer for the result
! * @param outputOffset the offset in {@code output} where the result
* is stored
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
*** 2115,2137 ****
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The bytes in the <code>input</code> buffer, and any input bytes that
! * may have been buffered during a previous <code>update</code> operation,
* are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param input the input buffer
--- 2115,2137 ----
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The bytes in the {@code input} buffer, and any input bytes that
! * may have been buffered during a previous {@code update} operation,
* are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param input the input buffer
*** 2168,2197 ****
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, and any input
! * bytes that may have been buffered during a previous <code>update</code>
* operation, are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result
*
--- 2168,2197 ----
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, and any input
! * bytes that may have been buffered during a previous {@code update}
* operation, are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in a new buffer.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
*
* @return the new buffer with the result
*
*** 2226,2271 ****
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, and any input
! * bytes that may have been buffered during a previous <code>update</code>
* operation, are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the <code>output</code> buffer.
*
! * <p>If the <code>output</code> buffer is too small to hold the result,
! * a <code>ShortBufferException</code> is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
--- 2226,2271 ----
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, and any input
! * bytes that may have been buffered during a previous {@code update}
* operation, are processed, with padding (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the {@code output} buffer.
*
! * <p>If the {@code output} buffer is too small to hold the result,
! * a {@code ShortBufferException} is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
*** 2301,2350 ****
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first <code>inputLen</code> bytes in the <code>input</code>
! * buffer, starting at <code>inputOffset</code> inclusive, and any input
* bytes that may have been buffered during a previous
! * <code>update</code> operation, are processed, with padding
* (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the <code>output</code> buffer, starting at
! * <code>outputOffset</code> inclusive.
*
! * <p>If the <code>output</code> buffer is too small to hold the result,
! * a <code>ShortBufferException</code> is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in <code>input</code> where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
! * @param outputOffset the offset in <code>output</code> where the result
* is stored
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
--- 2301,2350 ----
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>The first {@code inputLen} bytes in the {@code input}
! * buffer, starting at {@code inputOffset} inclusive, and any input
* bytes that may have been buffered during a previous
! * {@code update} operation, are processed, with padding
* (if requested) being applied.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
! * The result is stored in the {@code output} buffer, starting at
! * {@code outputOffset} inclusive.
*
! * <p>If the {@code output} buffer is too small to hold the result,
! * a {@code ShortBufferException} is thrown. In this case, repeat this
* call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input buffer
! * @param inputOffset the offset in {@code input} where the input
* starts
* @param inputLen the input length
* @param output the buffer for the result
! * @param outputOffset the offset in {@code output} where the result
* is stored
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalBlockSizeException if this cipher is a block cipher,
* no padding has been requested (only in encryption mode), and the total
*** 2381,2425 ****
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>All <code>input.remaining()</code> bytes starting at
! * <code>input.position()</code> are processed.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in the output buffer.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed. The output buffer's
* position will have advanced by n, where n is the value returned
* by this method; the output buffer's limit will not have changed.
*
! * <p>If <code>output.remaining()</code> bytes are insufficient to
! * hold the result, a <code>ShortBufferException</code> is thrown.
* In this case, repeat this call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to <code>init</code>.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * <code>init</code>) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * <code>input</code> and <code>output</code> buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input ByteBuffer
* @param output the output ByteBuffer
*
! * @return the number of bytes stored in <code>output</code>
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalArgumentException if input and output are the
* same object
--- 2381,2425 ----
/**
* Encrypts or decrypts data in a single-part operation, or finishes a
* multiple-part operation. The data is encrypted or decrypted,
* depending on how this cipher was initialized.
*
! * <p>All {@code input.remaining()} bytes starting at
! * {@code input.position()} are processed.
* If an AEAD mode such as GCM/CCM is being used, the authentication
* tag is appended in the case of encryption, or verified in the
* case of decryption.
* The result is stored in the output buffer.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed. The output buffer's
* position will have advanced by n, where n is the value returned
* by this method; the output buffer's limit will not have changed.
*
! * <p>If {@code output.remaining()} bytes are insufficient to
! * hold the result, a {@code ShortBufferException} is thrown.
* In this case, repeat this call with a larger output buffer. Use
* {@link #getOutputSize(int) getOutputSize} to determine how big
* the output buffer should be.
*
* <p>Upon finishing, this method resets this cipher object to the state
! * it was in when previously initialized via a call to {@code init}.
* That is, the object is reset and available to encrypt or decrypt
* (depending on the operation mode that was specified in the call to
! * {@code init}) more data.
*
* <p>Note: if any exception is thrown, this cipher object may need to
* be reset before it can be used again.
*
* <p>Note: this method should be copy-safe, which means the
! * {@code input} and {@code output} buffers can reference
* the same byte array and no unprocessed input data is overwritten
* when the result is copied into the output buffer.
*
* @param input the input ByteBuffer
* @param output the output ByteBuffer
*
! * @return the number of bytes stored in {@code output}
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized)
* @exception IllegalArgumentException if input and output are the
* same object
*** 2505,2529 ****
*
* @param wrappedKeyAlgorithm the algorithm associated with the wrapped
* key.
*
* @param wrappedKeyType the type of the wrapped key. This must be one of
! * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or
! * <code>PUBLIC_KEY</code>.
*
* @return the unwrapped key.
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized).
*
* @exception NoSuchAlgorithmException if no installed providers
! * can create keys of type <code>wrappedKeyType</code> for the
! * <code>wrappedKeyAlgorithm</code>.
*
! * @exception InvalidKeyException if <code>wrappedKey</code> does not
! * represent a wrapped key of type <code>wrappedKeyType</code> for
! * the <code>wrappedKeyAlgorithm</code>.
*
* @throws UnsupportedOperationException if the corresponding method in the
* {@code CipherSpi} is not supported.
*/
public final Key unwrap(byte[] wrappedKey,
--- 2505,2529 ----
*
* @param wrappedKeyAlgorithm the algorithm associated with the wrapped
* key.
*
* @param wrappedKeyType the type of the wrapped key. This must be one of
! * {@code SECRET_KEY}, {@code PRIVATE_KEY}, or
! * {@code PUBLIC_KEY}.
*
* @return the unwrapped key.
*
* @exception IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized).
*
* @exception NoSuchAlgorithmException if no installed providers
! * can create keys of type {@code wrappedKeyType} for the
! * {@code wrappedKeyAlgorithm}.
*
! * @exception InvalidKeyException if {@code wrappedKey} does not
! * represent a wrapped key of type {@code wrappedKeyType} for
! * the {@code wrappedKeyAlgorithm}.
*
* @throws UnsupportedOperationException if the corresponding method in the
* {@code CipherSpi} is not supported.
*/
public final Key unwrap(byte[] wrappedKey,
*** 2598,2609 ****
* "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppC">
* Java Cryptography Architecture Reference Guide</a>.
*
* @param transformation the cipher transformation.
* @return the maximum key length in bits or Integer.MAX_VALUE.
! * @exception NullPointerException if <code>transformation</code> is null.
! * @exception NoSuchAlgorithmException if <code>transformation</code>
* is not a valid transformation, i.e. in the form of "algorithm" or
* "algorithm/mode/padding".
* @since 1.5
*/
public static final int getMaxAllowedKeyLength(String transformation)
--- 2598,2609 ----
* "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppC">
* Java Cryptography Architecture Reference Guide</a>.
*
* @param transformation the cipher transformation.
* @return the maximum key length in bits or Integer.MAX_VALUE.
! * @exception NullPointerException if {@code transformation} is null.
! * @exception NoSuchAlgorithmException if {@code transformation}
* is not a valid transformation, i.e. in the form of "algorithm" or
* "algorithm/mode/padding".
* @since 1.5
*/
public static final int getMaxAllowedKeyLength(String transformation)
*** 2621,2633 ****
* null will be returned.
*
* @param transformation the cipher transformation.
* @return an AlgorithmParameterSpec which holds the maximum
* value or null.
! * @exception NullPointerException if <code>transformation</code>
* is null.
! * @exception NoSuchAlgorithmException if <code>transformation</code>
* is not a valid transformation, i.e. in the form of "algorithm" or
* "algorithm/mode/padding".
* @since 1.5
*/
public static final AlgorithmParameterSpec getMaxAllowedParameterSpec(
--- 2621,2633 ----
* null will be returned.
*
* @param transformation the cipher transformation.
* @return an AlgorithmParameterSpec which holds the maximum
* value or null.
! * @exception NullPointerException if {@code transformation}
* is null.
! * @exception NoSuchAlgorithmException if {@code transformation}
* is not a valid transformation, i.e. in the form of "algorithm" or
* "algorithm/mode/padding".
* @since 1.5
*/
public static final AlgorithmParameterSpec getMaxAllowedParameterSpec(
*** 2641,2652 ****
* Data (AAD).
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update} and {@code
! * doFinal} methods).
*
* @param src the buffer containing the Additional Authentication Data
*
* @throws IllegalArgumentException if the {@code src}
* byte array is null
--- 2641,2652 ----
* Data (AAD).
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update} and
! * {@code doFinal} methods).
*
* @param src the buffer containing the Additional Authentication Data
*
* @throws IllegalArgumentException if the {@code src}
* byte array is null
*** 2674,2685 ****
* Data (AAD), using a subset of the provided buffer.
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update} and {@code
! * doFinal} methods).
*
* @param src the buffer containing the AAD
* @param offset the offset in {@code src} where the AAD input starts
* @param len the number of AAD bytes
*
--- 2674,2685 ----
* Data (AAD), using a subset of the provided buffer.
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update}
! * and {@code doFinal} methods).
*
* @param src the buffer containing the AAD
* @param offset the offset in {@code src} where the AAD input starts
* @param len the number of AAD bytes
*
*** 2720,2731 ****
* Data (AAD).
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update} and {@code
! * doFinal} methods).
* <p>
* All {@code src.remaining()} bytes starting at
* {@code src.position()} are processed.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed.
--- 2720,2731 ----
* Data (AAD).
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
! * operations on the ciphertext (via the {@code update}
! * and {@code doFinal} methods).
* <p>
* All {@code src.remaining()} bytes starting at
* {@code src.position()} are processed.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed.
< prev index next >