1 /* 2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.crypto; 27 28 import java.util.*; 29 import java.util.concurrent.ConcurrentHashMap; 30 import java.util.concurrent.ConcurrentMap; 31 import java.util.regex.*; 32 33 34 import java.security.*; 35 import java.security.Provider.Service; 36 import java.security.spec.AlgorithmParameterSpec; 37 import java.security.spec.InvalidParameterSpecException; 38 import java.security.cert.Certificate; 39 import java.security.cert.X509Certificate; 40 41 import javax.crypto.spec.*; 42 43 import java.nio.ByteBuffer; 44 import java.nio.ReadOnlyBufferException; 45 46 import sun.security.util.Debug; 47 import sun.security.jca.*; 48 49 /** 50 * This class provides the functionality of a cryptographic cipher for 51 * encryption and decryption. It forms the core of the Java Cryptographic 52 * Extension (JCE) framework. 53 * 54 * <p>In order to create a Cipher object, the application calls the 55 * Cipher's {@code getInstance} method, and passes the name of the 56 * requested <i>transformation</i> to it. Optionally, the name of a provider 57 * may be specified. 58 * 59 * <p>A <i>transformation</i> is a string that describes the operation (or 60 * set of operations) to be performed on the given input, to produce some 61 * output. A transformation always includes the name of a cryptographic 62 * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and 63 * padding scheme. 64 * 65 * <p> A transformation is of the form: 66 * 67 * <ul> 68 * <li>"<i>algorithm/mode/padding</i>" or 69 * 70 * <li>"<i>algorithm</i>" 71 * </ul> 72 * 73 * <P> (in the latter case, 74 * provider-specific default values for the mode and padding scheme are used). 75 * For example, the following is a valid transformation: 76 * 77 * <pre> 78 * Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>"); 79 * </pre> 80 * 81 * Using modes such as {@code CFB} and {@code OFB}, block 82 * ciphers can encrypt data in units smaller than the cipher's actual 83 * block size. When requesting such a mode, you may optionally specify 84 * the number of bits to be processed at a time by appending this number 85 * to the mode name as shown in the "{@code DES/CFB8/NoPadding}" and 86 * "{@code DES/OFB32/PKCS5Padding}" transformations. If no such 87 * number is specified, a provider-specific default is used. (For 88 * example, the SunJCE provider uses a default of 64 bits for DES.) 89 * Thus, block ciphers can be turned into byte-oriented stream ciphers by 90 * using an 8 bit mode such as CFB8 or OFB8. 91 * <p> 92 * Modes such as Authenticated Encryption with Associated Data (AEAD) 93 * provide authenticity assurances for both confidential data and 94 * Additional Associated Data (AAD) that is not encrypted. (Please see 95 * <a href="http://www.ietf.org/rfc/rfc5116.txt"> RFC 5116 </a> for more 96 * information on AEAD and AEAD algorithms such as GCM/CCM.) Both 97 * confidential and AAD data can be used when calculating the 98 * authentication tag (similar to a {@link Mac}). This tag is appended 99 * to the ciphertext during encryption, and is verified on decryption. 100 * <p> 101 * AEAD modes such as GCM/CCM perform all AAD authenticity calculations 102 * before starting the ciphertext authenticity calculations. To avoid 103 * implementations having to internally buffer ciphertext, all AAD data 104 * must be supplied to GCM/CCM implementations (via the {@code updateAAD} 105 * methods) <b>before</b> the ciphertext is processed (via 106 * the {@code update} and {@code doFinal} methods). 107 * <p> 108 * Note that GCM mode has a uniqueness requirement on IVs used in 109 * encryption with a given key. When IVs are repeated for GCM 110 * encryption, such usages are subject to forgery attacks. Thus, after 111 * each encryption operation using GCM mode, callers should re-initialize 112 * the cipher objects with GCM parameters which has a different IV value. 113 * <pre> 114 * GCMParameterSpec s = ...; 115 * cipher.init(..., s); 116 * 117 * // If the GCM parameters were generated by the provider, it can 118 * // be retrieved by: 119 * // cipher.getParameters().getParameterSpec(GCMParameterSpec.class); 120 * 121 * cipher.updateAAD(...); // AAD 122 * cipher.update(...); // Multi-part update 123 * cipher.doFinal(...); // conclusion of operation 124 * 125 * // Use a different IV value for every encryption 126 * byte[] newIv = ...; 127 * s = new GCMParameterSpec(s.getTLen(), newIv); 128 * cipher.init(..., s); 129 * ... 130 * 131 * </pre> 132 * Every implementation of the Java platform is required to support 133 * the following standard {@code Cipher} transformations with the keysizes 134 * in parentheses: 135 * <ul> 136 * <li>{@code AES/CBC/NoPadding} (128)</li> 137 * <li>{@code AES/CBC/PKCS5Padding} (128)</li> 138 * <li>{@code AES/ECB/NoPadding} (128)</li> 139 * <li>{@code AES/ECB/PKCS5Padding} (128)</li> 140 * <li>{@code DES/CBC/NoPadding} (56)</li> 141 * <li>{@code DES/CBC/PKCS5Padding} (56)</li> 142 * <li>{@code DES/ECB/NoPadding} (56)</li> 143 * <li>{@code DES/ECB/PKCS5Padding} (56)</li> 144 * <li>{@code DESede/CBC/NoPadding} (168)</li> 145 * <li>{@code DESede/CBC/PKCS5Padding} (168)</li> 146 * <li>{@code DESede/ECB/NoPadding} (168)</li> 147 * <li>{@code DESede/ECB/PKCS5Padding} (168)</li> 148 * <li>{@code RSA/ECB/PKCS1Padding} (1024, 2048)</li> 149 * <li>{@code RSA/ECB/OAEPWithSHA-1AndMGF1Padding} (1024, 2048)</li> 150 * <li>{@code RSA/ECB/OAEPWithSHA-256AndMGF1Padding} (1024, 2048)</li> 151 * </ul> 152 * These transformations are described in the 153 * <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 154 * Cipher section</a> of the 155 * Java Cryptography Architecture Standard Algorithm Name Documentation. 156 * Consult the release documentation for your implementation to see if any 157 * other transformations are supported. 158 * 159 * @author Jan Luehe 160 * @see KeyGenerator 161 * @see SecretKey 162 * @since 1.4 163 */ 164 165 public class Cipher { 166 167 private static final Debug debug = 168 Debug.getInstance("jca", "Cipher"); 169 170 private static final Debug pdebug = 171 Debug.getInstance("provider", "Provider"); 172 private static final boolean skipDebug = 173 Debug.isOn("engine=") && !Debug.isOn("cipher"); 174 175 /** 176 * Constant used to initialize cipher to encryption mode. 177 */ 178 public static final int ENCRYPT_MODE = 1; 179 180 /** 181 * Constant used to initialize cipher to decryption mode. 182 */ 183 public static final int DECRYPT_MODE = 2; 184 185 /** 186 * Constant used to initialize cipher to key-wrapping mode. 187 */ 188 public static final int WRAP_MODE = 3; 189 190 /** 191 * Constant used to initialize cipher to key-unwrapping mode. 192 */ 193 public static final int UNWRAP_MODE = 4; 194 195 /** 196 * Constant used to indicate the to-be-unwrapped key is a "public key". 197 */ 198 public static final int PUBLIC_KEY = 1; 199 200 /** 201 * Constant used to indicate the to-be-unwrapped key is a "private key". 202 */ 203 public static final int PRIVATE_KEY = 2; 204 205 /** 206 * Constant used to indicate the to-be-unwrapped key is a "secret key". 207 */ 208 public static final int SECRET_KEY = 3; 209 210 // The provider 211 private Provider provider; 212 213 // The provider implementation (delegate) 214 private CipherSpi spi; 215 216 // The transformation 217 private String transformation; 218 219 // Crypto permission representing the maximum allowable cryptographic 220 // strength that this Cipher object can be used for. (The cryptographic 221 // strength is a function of the keysize and algorithm parameters encoded 222 // in the crypto permission.) 223 private CryptoPermission cryptoPerm; 224 225 // The exemption mechanism that needs to be enforced 226 private ExemptionMechanism exmech; 227 228 // Flag which indicates whether or not this cipher has been initialized 229 private boolean initialized = false; 230 231 // The operation mode - store the operation mode after the 232 // cipher has been initialized. 233 private int opmode = 0; 234 235 // The OID for the KeyUsage extension in an X.509 v3 certificate 236 private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15"; 237 238 // next SPI to try in provider selection 239 // null once provider is selected 240 private CipherSpi firstSpi; 241 242 // next service to try in provider selection 243 // null once provider is selected 244 private Service firstService; 245 246 // remaining services to try in provider selection 247 // null once provider is selected 248 private Iterator<Service> serviceIterator; 249 250 // list of transform Strings to lookup in the provider 251 private List<Transform> transforms; 252 253 private final Object lock; 254 255 /** 256 * Creates a Cipher object. 257 * 258 * @param cipherSpi the delegate 259 * @param provider the provider 260 * @param transformation the transformation 261 */ 262 protected Cipher(CipherSpi cipherSpi, 263 Provider provider, 264 String transformation) { 265 // See bug 4341369 & 4334690 for more info. 266 // If the caller is trusted, then okay. 267 // Otherwise throw a NullPointerException. 268 if (!JceSecurityManager.INSTANCE.isCallerTrusted(provider)) { 269 throw new NullPointerException(); 270 } 271 this.spi = cipherSpi; 272 this.provider = provider; 273 this.transformation = transformation; 274 this.cryptoPerm = CryptoAllPermission.INSTANCE; 275 this.lock = null; 276 } 277 278 /** 279 * Creates a Cipher object. Called internally and by NullCipher. 280 * 281 * @param cipherSpi the delegate 282 * @param transformation the transformation 283 */ 284 Cipher(CipherSpi cipherSpi, String transformation) { 285 this.spi = cipherSpi; 286 this.transformation = transformation; 287 this.cryptoPerm = CryptoAllPermission.INSTANCE; 288 this.lock = null; 289 } 290 291 private Cipher(CipherSpi firstSpi, Service firstService, 292 Iterator<Service> serviceIterator, String transformation, 293 List<Transform> transforms) { 294 this.firstSpi = firstSpi; 295 this.firstService = firstService; 296 this.serviceIterator = serviceIterator; 297 this.transforms = transforms; 298 this.transformation = transformation; 299 this.lock = new Object(); 300 } 301 302 private static String[] tokenizeTransformation(String transformation) 303 throws NoSuchAlgorithmException { 304 if (transformation == null) { 305 throw new NoSuchAlgorithmException("No transformation given"); 306 } 307 /* 308 * array containing the components of a Cipher transformation: 309 * 310 * index 0: algorithm component (e.g., DES) 311 * index 1: feedback component (e.g., CFB) 312 * index 2: padding component (e.g., PKCS5Padding) 313 */ 314 String[] parts = new String[3]; 315 int count = 0; 316 StringTokenizer parser = new StringTokenizer(transformation, "/"); 317 try { 318 while (parser.hasMoreTokens() && count < 3) { 319 parts[count++] = parser.nextToken().trim(); 320 } 321 if (count == 0 || count == 2 || parser.hasMoreTokens()) { 322 throw new NoSuchAlgorithmException("Invalid transformation" 323 + " format:" + 324 transformation); 325 } 326 } catch (NoSuchElementException e) { 327 throw new NoSuchAlgorithmException("Invalid transformation " + 328 "format:" + transformation); 329 } 330 if ((parts[0] == null) || (parts[0].length() == 0)) { 331 throw new NoSuchAlgorithmException("Invalid transformation:" + 332 "algorithm not specified-" 333 + transformation); 334 } 335 return parts; 336 } 337 338 // Provider attribute name for supported chaining mode 339 private final static String ATTR_MODE = "SupportedModes"; 340 // Provider attribute name for supported padding names 341 private final static String ATTR_PAD = "SupportedPaddings"; 342 343 // constants indicating whether the provider supports 344 // a given mode or padding 345 private final static int S_NO = 0; // does not support 346 private final static int S_MAYBE = 1; // unable to determine 347 private final static int S_YES = 2; // does support 348 349 /** 350 * Nested class to deal with modes and paddings. 351 */ 352 private static class Transform { 353 // transform string to lookup in the provider 354 final String transform; 355 // the mode/padding suffix in upper case. for example, if the algorithm 356 // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" 357 // if loopup is "DES", suffix is the empty string 358 // needed because aliases prevent straight transform.equals() 359 final String suffix; 360 // value to pass to setMode() or null if no such call required 361 final String mode; 362 // value to pass to setPadding() or null if no such call required 363 final String pad; 364 Transform(String alg, String suffix, String mode, String pad) { 365 this.transform = alg + suffix; 366 this.suffix = suffix.toUpperCase(Locale.ENGLISH); 367 this.mode = mode; 368 this.pad = pad; 369 } 370 // set mode and padding for the given SPI 371 void setModePadding(CipherSpi spi) throws NoSuchAlgorithmException, 372 NoSuchPaddingException { 373 if (mode != null) { 374 spi.engineSetMode(mode); 375 } 376 if (pad != null) { 377 spi.engineSetPadding(pad); 378 } 379 } 380 // check whether the given services supports the mode and 381 // padding described by this Transform 382 int supportsModePadding(Service s) { 383 int smode = supportsMode(s); 384 if (smode == S_NO) { 385 return smode; 386 } 387 int spad = supportsPadding(s); 388 // our constants are defined so that Math.min() is a tri-valued AND 389 return Math.min(smode, spad); 390 } 391 392 // separate methods for mode and padding 393 // called directly by Cipher only to throw the correct exception 394 int supportsMode(Service s) { 395 return supports(s, ATTR_MODE, mode); 396 } 397 int supportsPadding(Service s) { 398 return supports(s, ATTR_PAD, pad); 399 } 400 401 private static int supports(Service s, String attrName, String value) { 402 if (value == null) { 403 return S_YES; 404 } 405 String regexp = s.getAttribute(attrName); 406 if (regexp == null) { 407 return S_MAYBE; 408 } 409 return matches(regexp, value) ? S_YES : S_NO; 410 } 411 412 // ConcurrentMap<String,Pattern> for previously compiled patterns 413 private final static ConcurrentMap<String, Pattern> patternCache = 414 new ConcurrentHashMap<String, Pattern>(); 415 416 private static boolean matches(String regexp, String str) { 417 Pattern pattern = patternCache.get(regexp); 418 if (pattern == null) { 419 pattern = Pattern.compile(regexp); 420 patternCache.putIfAbsent(regexp, pattern); 421 } 422 return pattern.matcher(str.toUpperCase(Locale.ENGLISH)).matches(); 423 } 424 425 } 426 427 private static List<Transform> getTransforms(String transformation) 428 throws NoSuchAlgorithmException { 429 String[] parts = tokenizeTransformation(transformation); 430 431 String alg = parts[0]; 432 String mode = parts[1]; 433 String pad = parts[2]; 434 if ((mode != null) && (mode.length() == 0)) { 435 mode = null; 436 } 437 if ((pad != null) && (pad.length() == 0)) { 438 pad = null; 439 } 440 441 if ((mode == null) && (pad == null)) { 442 // DES 443 Transform tr = new Transform(alg, "", null, null); 444 return Collections.singletonList(tr); 445 } else { // if ((mode != null) && (pad != null)) { 446 // DES/CBC/PKCS5Padding 447 List<Transform> list = new ArrayList<>(4); 448 list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); 449 list.add(new Transform(alg, "/" + mode, null, pad)); 450 list.add(new Transform(alg, "//" + pad, mode, null)); 451 list.add(new Transform(alg, "", mode, pad)); 452 return list; 453 } 454 } 455 456 // get the transform matching the specified service 457 private static Transform getTransform(Service s, 458 List<Transform> transforms) { 459 String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH); 460 for (Transform tr : transforms) { 461 if (alg.endsWith(tr.suffix)) { 462 return tr; 463 } 464 } 465 return null; 466 } 467 468 /** 469 * Returns a {@code Cipher} object that implements the specified 470 * transformation. 471 * 472 * <p> This method traverses the list of registered security Providers, 473 * starting with the most preferred Provider. 474 * A new Cipher object encapsulating the 475 * CipherSpi implementation from the first 476 * Provider that supports the specified algorithm is returned. 477 * 478 * <p> Note that the list of registered providers may be retrieved via 479 * the {@link Security#getProviders() Security.getProviders()} method. 480 * 481 * @param transformation the name of the transformation, e.g., 482 * <i>DES/CBC/PKCS5Padding</i>. 483 * See the Cipher section in the <a href= 484 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 485 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 486 * for information about standard transformation names. 487 * 488 * @return a cipher that implements the requested transformation. 489 * 490 * @exception NoSuchAlgorithmException if {@code transformation} 491 * is null, empty, in an invalid format, 492 * or if no Provider supports a CipherSpi implementation for the 493 * specified algorithm. 494 * 495 * @exception NoSuchPaddingException if {@code transformation} 496 * contains a padding scheme that is not available. 497 * 498 * @see java.security.Provider 499 */ 500 public static final Cipher getInstance(String transformation) 501 throws NoSuchAlgorithmException, NoSuchPaddingException 502 { 503 List<Transform> transforms = getTransforms(transformation); 504 List<ServiceId> cipherServices = new ArrayList<>(transforms.size()); 505 for (Transform transform : transforms) { 506 cipherServices.add(new ServiceId("Cipher", transform.transform)); 507 } 508 List<Service> services = GetInstance.getServices(cipherServices); 509 // make sure there is at least one service from a signed provider 510 // and that it can use the specified mode and padding 511 Iterator<Service> t = services.iterator(); 512 Exception failure = null; 513 while (t.hasNext()) { 514 Service s = t.next(); 515 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 516 continue; 517 } 518 Transform tr = getTransform(s, transforms); 519 if (tr == null) { 520 // should never happen 521 continue; 522 } 523 int canuse = tr.supportsModePadding(s); 524 if (canuse == S_NO) { 525 // does not support mode or padding we need, ignore 526 continue; 527 } 528 if (canuse == S_YES) { 529 return new Cipher(null, s, t, transformation, transforms); 530 } else { // S_MAYBE, try out if it works 531 try { 532 CipherSpi spi = (CipherSpi)s.newInstance(null); 533 tr.setModePadding(spi); 534 return new Cipher(spi, s, t, transformation, transforms); 535 } catch (Exception e) { 536 failure = e; 537 } 538 } 539 } 540 throw new NoSuchAlgorithmException 541 ("Cannot find any provider supporting " + transformation, failure); 542 } 543 544 /** 545 * Returns a {@code Cipher} object that implements the specified 546 * transformation. 547 * 548 * <p> A new Cipher object encapsulating the 549 * CipherSpi implementation from the specified provider 550 * is returned. The specified provider must be registered 551 * in the security provider list. 552 * 553 * <p> Note that the list of registered providers may be retrieved via 554 * the {@link Security#getProviders() Security.getProviders()} method. 555 * 556 * @param transformation the name of the transformation, 557 * e.g., <i>DES/CBC/PKCS5Padding</i>. 558 * See the Cipher section in the <a href= 559 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 560 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 561 * for information about standard transformation names. 562 * 563 * @param provider the name of the provider. 564 * 565 * @return a cipher that implements the requested transformation. 566 * 567 * @exception NoSuchAlgorithmException if {@code transformation} 568 * is null, empty, in an invalid format, 569 * or if a CipherSpi implementation for the specified algorithm 570 * is not available from the specified provider. 571 * 572 * @exception NoSuchProviderException if the specified provider is not 573 * registered in the security provider list. 574 * 575 * @exception NoSuchPaddingException if {@code transformation} 576 * contains a padding scheme that is not available. 577 * 578 * @exception IllegalArgumentException if the {@code provider} 579 * is null or empty. 580 * 581 * @see java.security.Provider 582 */ 583 public static final Cipher getInstance(String transformation, 584 String provider) 585 throws NoSuchAlgorithmException, NoSuchProviderException, 586 NoSuchPaddingException 587 { 588 if ((provider == null) || (provider.length() == 0)) { 589 throw new IllegalArgumentException("Missing provider"); 590 } 591 Provider p = Security.getProvider(provider); 592 if (p == null) { 593 throw new NoSuchProviderException("No such provider: " + 594 provider); 595 } 596 return getInstance(transformation, p); 597 } 598 599 /** 600 * Returns a {@code Cipher} object that implements the specified 601 * transformation. 602 * 603 * <p> A new Cipher object encapsulating the 604 * CipherSpi implementation from the specified Provider 605 * object is returned. Note that the specified Provider object 606 * does not have to be registered in the provider list. 607 * 608 * @param transformation the name of the transformation, 609 * e.g., <i>DES/CBC/PKCS5Padding</i>. 610 * See the Cipher section in the <a href= 611 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 612 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 613 * for information about standard transformation names. 614 * 615 * @param provider the provider. 616 * 617 * @return a cipher that implements the requested transformation. 618 * 619 * @exception NoSuchAlgorithmException if {@code transformation} 620 * is null, empty, in an invalid format, 621 * or if a CipherSpi implementation for the specified algorithm 622 * is not available from the specified Provider object. 623 * 624 * @exception NoSuchPaddingException if {@code transformation} 625 * contains a padding scheme that is not available. 626 * 627 * @exception IllegalArgumentException if the {@code provider} 628 * is null. 629 * 630 * @see java.security.Provider 631 */ 632 public static final Cipher getInstance(String transformation, 633 Provider provider) 634 throws NoSuchAlgorithmException, NoSuchPaddingException 635 { 636 if (provider == null) { 637 throw new IllegalArgumentException("Missing provider"); 638 } 639 Exception failure = null; 640 List<Transform> transforms = getTransforms(transformation); 641 boolean providerChecked = false; 642 String paddingError = null; 643 for (Transform tr : transforms) { 644 Service s = provider.getService("Cipher", tr.transform); 645 if (s == null) { 646 continue; 647 } 648 if (providerChecked == false) { 649 // for compatibility, first do the lookup and then verify 650 // the provider. this makes the difference between a NSAE 651 // and a SecurityException if the 652 // provider does not support the algorithm. 653 Exception ve = JceSecurity.getVerificationResult(provider); 654 if (ve != null) { 655 String msg = "JCE cannot authenticate the provider " 656 + provider.getName(); 657 throw new SecurityException(msg, ve); 658 } 659 providerChecked = true; 660 } 661 if (tr.supportsMode(s) == S_NO) { 662 continue; 663 } 664 if (tr.supportsPadding(s) == S_NO) { 665 paddingError = tr.pad; 666 continue; 667 } 668 try { 669 CipherSpi spi = (CipherSpi)s.newInstance(null); 670 tr.setModePadding(spi); 671 Cipher cipher = new Cipher(spi, transformation); 672 cipher.provider = s.getProvider(); 673 cipher.initCryptoPermission(); 674 return cipher; 675 } catch (Exception e) { 676 failure = e; 677 } 678 } 679 680 // throw NoSuchPaddingException if the problem is with padding 681 if (failure instanceof NoSuchPaddingException) { 682 throw (NoSuchPaddingException)failure; 683 } 684 if (paddingError != null) { 685 throw new NoSuchPaddingException 686 ("Padding not supported: " + paddingError); 687 } 688 throw new NoSuchAlgorithmException 689 ("No such algorithm: " + transformation, failure); 690 } 691 692 // If the requested crypto service is export-controlled, 693 // determine the maximum allowable keysize. 694 private void initCryptoPermission() throws NoSuchAlgorithmException { 695 if (JceSecurity.isRestricted() == false) { 696 cryptoPerm = CryptoAllPermission.INSTANCE; 697 exmech = null; 698 return; 699 } 700 cryptoPerm = getConfiguredPermission(transformation); 701 // Instantiate the exemption mechanism (if required) 702 String exmechName = cryptoPerm.getExemptionMechanism(); 703 if (exmechName != null) { 704 exmech = ExemptionMechanism.getInstance(exmechName); 705 } 706 } 707 708 // max number of debug warnings to print from chooseFirstProvider() 709 private static int warnCount = 10; 710 711 /** 712 * Choose the Spi from the first provider available. Used if 713 * delayed provider selection is not possible because init() 714 * is not the first method called. 715 */ 716 void chooseFirstProvider() { 717 if (spi != null) { 718 return; 719 } 720 synchronized (lock) { 721 if (spi != null) { 722 return; 723 } 724 if (debug != null) { 725 int w = --warnCount; 726 if (w >= 0) { 727 debug.println("Cipher.init() not first method " 728 + "called, disabling delayed provider selection"); 729 if (w == 0) { 730 debug.println("Further warnings of this type will " 731 + "be suppressed"); 732 } 733 new Exception("Call trace").printStackTrace(); 734 } 735 } 736 Exception lastException = null; 737 while ((firstService != null) || serviceIterator.hasNext()) { 738 Service s; 739 CipherSpi thisSpi; 740 if (firstService != null) { 741 s = firstService; 742 thisSpi = firstSpi; 743 firstService = null; 744 firstSpi = null; 745 } else { 746 s = serviceIterator.next(); 747 thisSpi = null; 748 } 749 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 750 continue; 751 } 752 Transform tr = getTransform(s, transforms); 753 if (tr == null) { 754 // should never happen 755 continue; 756 } 757 if (tr.supportsModePadding(s) == S_NO) { 758 continue; 759 } 760 try { 761 if (thisSpi == null) { 762 Object obj = s.newInstance(null); 763 if (obj instanceof CipherSpi == false) { 764 continue; 765 } 766 thisSpi = (CipherSpi)obj; 767 } 768 tr.setModePadding(thisSpi); 769 initCryptoPermission(); 770 spi = thisSpi; 771 provider = s.getProvider(); 772 // not needed any more 773 firstService = null; 774 serviceIterator = null; 775 transforms = null; 776 return; 777 } catch (Exception e) { 778 lastException = e; 779 } 780 } 781 ProviderException e = new ProviderException 782 ("Could not construct CipherSpi instance"); 783 if (lastException != null) { 784 e.initCause(lastException); 785 } 786 throw e; 787 } 788 } 789 790 private final static int I_KEY = 1; 791 private final static int I_PARAMSPEC = 2; 792 private final static int I_PARAMS = 3; 793 private final static int I_CERT = 4; 794 795 private void implInit(CipherSpi thisSpi, int type, int opmode, Key key, 796 AlgorithmParameterSpec paramSpec, AlgorithmParameters params, 797 SecureRandom random) throws InvalidKeyException, 798 InvalidAlgorithmParameterException { 799 switch (type) { 800 case I_KEY: 801 checkCryptoPerm(thisSpi, key); 802 thisSpi.engineInit(opmode, key, random); 803 break; 804 case I_PARAMSPEC: 805 checkCryptoPerm(thisSpi, key, paramSpec); 806 thisSpi.engineInit(opmode, key, paramSpec, random); 807 break; 808 case I_PARAMS: 809 checkCryptoPerm(thisSpi, key, params); 810 thisSpi.engineInit(opmode, key, params, random); 811 break; 812 case I_CERT: 813 checkCryptoPerm(thisSpi, key); 814 thisSpi.engineInit(opmode, key, random); 815 break; 816 default: 817 throw new AssertionError("Internal Cipher error: " + type); 818 } 819 } 820 821 private void chooseProvider(int initType, int opmode, Key key, 822 AlgorithmParameterSpec paramSpec, 823 AlgorithmParameters params, SecureRandom random) 824 throws InvalidKeyException, InvalidAlgorithmParameterException { 825 synchronized (lock) { 826 if (spi != null) { 827 implInit(spi, initType, opmode, key, paramSpec, params, random); 828 return; 829 } 830 Exception lastException = null; 831 while ((firstService != null) || serviceIterator.hasNext()) { 832 Service s; 833 CipherSpi thisSpi; 834 if (firstService != null) { 835 s = firstService; 836 thisSpi = firstSpi; 837 firstService = null; 838 firstSpi = null; 839 } else { 840 s = serviceIterator.next(); 841 thisSpi = null; 842 } 843 // if provider says it does not support this key, ignore it 844 if (s.supportsParameter(key) == false) { 845 continue; 846 } 847 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 848 continue; 849 } 850 Transform tr = getTransform(s, transforms); 851 if (tr == null) { 852 // should never happen 853 continue; 854 } 855 if (tr.supportsModePadding(s) == S_NO) { 856 continue; 857 } 858 try { 859 if (thisSpi == null) { 860 thisSpi = (CipherSpi)s.newInstance(null); 861 } 862 tr.setModePadding(thisSpi); 863 initCryptoPermission(); 864 implInit(thisSpi, initType, opmode, key, paramSpec, 865 params, random); 866 provider = s.getProvider(); 867 this.spi = thisSpi; 868 firstService = null; 869 serviceIterator = null; 870 transforms = null; 871 return; 872 } catch (Exception e) { 873 // NoSuchAlgorithmException from newInstance() 874 // InvalidKeyException from init() 875 // RuntimeException (ProviderException) from init() 876 // SecurityException from crypto permission check 877 if (lastException == null) { 878 lastException = e; 879 } 880 } 881 } 882 // no working provider found, fail 883 if (lastException instanceof InvalidKeyException) { 884 throw (InvalidKeyException)lastException; 885 } 886 if (lastException instanceof InvalidAlgorithmParameterException) { 887 throw (InvalidAlgorithmParameterException)lastException; 888 } 889 if (lastException instanceof RuntimeException) { 890 throw (RuntimeException)lastException; 891 } 892 String kName = (key != null) ? key.getClass().getName() : "(null)"; 893 throw new InvalidKeyException 894 ("No installed provider supports this key: " 895 + kName, lastException); 896 } 897 } 898 899 /** 900 * Returns the provider of this {@code Cipher} object. 901 * 902 * @return the provider of this {@code Cipher} object 903 */ 904 public final Provider getProvider() { 905 chooseFirstProvider(); 906 return this.provider; 907 } 908 909 /** 910 * Returns the algorithm name of this {@code Cipher} object. 911 * 912 * <p>This is the same name that was specified in one of the 913 * {@code getInstance} calls that created this {@code Cipher} 914 * object.. 915 * 916 * @return the algorithm name of this {@code Cipher} object. 917 */ 918 public final String getAlgorithm() { 919 return this.transformation; 920 } 921 922 /** 923 * Returns the block size (in bytes). 924 * 925 * @return the block size (in bytes), or 0 if the underlying algorithm is 926 * not a block cipher 927 */ 928 public final int getBlockSize() { 929 chooseFirstProvider(); 930 return spi.engineGetBlockSize(); 931 } 932 933 /** 934 * Returns the length in bytes that an output buffer would need to be in 935 * order to hold the result of the next {@code update} or 936 * {@code doFinal} operation, given the input length 937 * {@code inputLen} (in bytes). 938 * 939 * <p>This call takes into account any unprocessed (buffered) data from a 940 * previous {@code update} call, padding, and AEAD tagging. 941 * 942 * <p>The actual output length of the next {@code update} or 943 * {@code doFinal} call may be smaller than the length returned by 944 * this method. 945 * 946 * @param inputLen the input length (in bytes) 947 * 948 * @return the required output buffer size (in bytes) 949 * 950 * @exception IllegalStateException if this cipher is in a wrong state 951 * (e.g., has not yet been initialized) 952 */ 953 public final int getOutputSize(int inputLen) { 954 955 if (!initialized && !(this instanceof NullCipher)) { 956 throw new IllegalStateException("Cipher not initialized"); 957 } 958 if (inputLen < 0) { 959 throw new IllegalArgumentException("Input size must be equal " + 960 "to or greater than zero"); 961 } 962 chooseFirstProvider(); 963 return spi.engineGetOutputSize(inputLen); 964 } 965 966 /** 967 * Returns the initialization vector (IV) in a new buffer. 968 * 969 * <p>This is useful in the case where a random IV was created, 970 * or in the context of password-based encryption or 971 * decryption, where the IV is derived from a user-supplied password. 972 * 973 * @return the initialization vector in a new buffer, or null if the 974 * underlying algorithm does not use an IV, or if the IV has not yet 975 * been set. 976 */ 977 public final byte[] getIV() { 978 chooseFirstProvider(); 979 return spi.engineGetIV(); 980 } 981 982 /** 983 * Returns the parameters used with this cipher. 984 * 985 * <p>The returned parameters may be the same that were used to initialize 986 * this cipher, or may contain a combination of default and random 987 * parameter values used by the underlying cipher implementation if this 988 * cipher requires algorithm parameters but was not initialized with any. 989 * 990 * @return the parameters used with this cipher, or null if this cipher 991 * does not use any parameters. 992 */ 993 public final AlgorithmParameters getParameters() { 994 chooseFirstProvider(); 995 return spi.engineGetParameters(); 996 } 997 998 /** 999 * Returns the exemption mechanism object used with this cipher. 1000 * 1001 * @return the exemption mechanism object used with this cipher, or 1002 * null if this cipher does not use any exemption mechanism. 1003 */ 1004 public final ExemptionMechanism getExemptionMechanism() { 1005 chooseFirstProvider(); 1006 return exmech; 1007 } 1008 1009 // 1010 // Crypto permission check code below 1011 // 1012 private void checkCryptoPerm(CipherSpi checkSpi, Key key) 1013 throws InvalidKeyException { 1014 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1015 return; 1016 } 1017 // Check if key size and default parameters are within legal limits 1018 AlgorithmParameterSpec params; 1019 try { 1020 params = getAlgorithmParameterSpec(checkSpi.engineGetParameters()); 1021 } catch (InvalidParameterSpecException ipse) { 1022 throw new InvalidKeyException 1023 ("Unsupported default algorithm parameters"); 1024 } 1025 if (!passCryptoPermCheck(checkSpi, key, params)) { 1026 throw new InvalidKeyException( 1027 "Illegal key size or default parameters"); 1028 } 1029 } 1030 1031 private void checkCryptoPerm(CipherSpi checkSpi, Key key, 1032 AlgorithmParameterSpec params) throws InvalidKeyException, 1033 InvalidAlgorithmParameterException { 1034 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1035 return; 1036 } 1037 // Determine keysize and check if it is within legal limits 1038 if (!passCryptoPermCheck(checkSpi, key, null)) { 1039 throw new InvalidKeyException("Illegal key size"); 1040 } 1041 if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) { 1042 throw new InvalidAlgorithmParameterException("Illegal parameters"); 1043 } 1044 } 1045 1046 private void checkCryptoPerm(CipherSpi checkSpi, Key key, 1047 AlgorithmParameters params) 1048 throws InvalidKeyException, InvalidAlgorithmParameterException { 1049 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1050 return; 1051 } 1052 // Convert the specified parameters into specs and then delegate. 1053 AlgorithmParameterSpec pSpec; 1054 try { 1055 pSpec = getAlgorithmParameterSpec(params); 1056 } catch (InvalidParameterSpecException ipse) { 1057 throw new InvalidAlgorithmParameterException 1058 ("Failed to retrieve algorithm parameter specification"); 1059 } 1060 checkCryptoPerm(checkSpi, key, pSpec); 1061 } 1062 1063 private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key, 1064 AlgorithmParameterSpec params) 1065 throws InvalidKeyException { 1066 String em = cryptoPerm.getExemptionMechanism(); 1067 int keySize = checkSpi.engineGetKeySize(key); 1068 // Use the "algorithm" component of the cipher 1069 // transformation so that the perm check would 1070 // work when the key has the "aliased" algo. 1071 String algComponent; 1072 int index = transformation.indexOf('/'); 1073 if (index != -1) { 1074 algComponent = transformation.substring(0, index); 1075 } else { 1076 algComponent = transformation; 1077 } 1078 CryptoPermission checkPerm = 1079 new CryptoPermission(algComponent, keySize, params, em); 1080 1081 if (!cryptoPerm.implies(checkPerm)) { 1082 if (debug != null) { 1083 debug.println("Crypto Permission check failed"); 1084 debug.println("granted: " + cryptoPerm); 1085 debug.println("requesting: " + checkPerm); 1086 } 1087 return false; 1088 } 1089 if (exmech == null) { 1090 return true; 1091 } 1092 try { 1093 if (!exmech.isCryptoAllowed(key)) { 1094 if (debug != null) { 1095 debug.println(exmech.getName() + " isn't enforced"); 1096 } 1097 return false; 1098 } 1099 } catch (ExemptionMechanismException eme) { 1100 if (debug != null) { 1101 debug.println("Cannot determine whether "+ 1102 exmech.getName() + " has been enforced"); 1103 eme.printStackTrace(); 1104 } 1105 return false; 1106 } 1107 return true; 1108 } 1109 1110 // check if opmode is one of the defined constants 1111 // throw InvalidParameterExeption if not 1112 private static void checkOpmode(int opmode) { 1113 if ((opmode < ENCRYPT_MODE) || (opmode > UNWRAP_MODE)) { 1114 throw new InvalidParameterException("Invalid operation mode"); 1115 } 1116 } 1117 1118 private static String getOpmodeString(int opmode) { 1119 switch (opmode) { 1120 case ENCRYPT_MODE: 1121 return "encryption"; 1122 case DECRYPT_MODE: 1123 return "decryption"; 1124 case WRAP_MODE: 1125 return "key wrapping"; 1126 case UNWRAP_MODE: 1127 return "key unwrapping"; 1128 default: 1129 return ""; 1130 } 1131 } 1132 1133 /** 1134 * Initializes this cipher with a key. 1135 * 1136 * <p>The cipher is initialized for one of the following four operations: 1137 * encryption, decryption, key wrapping or key unwrapping, depending 1138 * on the value of {@code opmode}. 1139 * 1140 * <p>If this cipher requires any algorithm parameters that cannot be 1141 * derived from the given {@code key}, the underlying cipher 1142 * implementation is supposed to generate the required parameters itself 1143 * (using provider-specific default or random values) if it is being 1144 * initialized for encryption or key wrapping, and raise an 1145 * {@code InvalidKeyException} if it is being 1146 * initialized for decryption or key unwrapping. 1147 * The generated parameters can be retrieved using 1148 * {@link #getParameters() getParameters} or 1149 * {@link #getIV() getIV} (if the parameter is an IV). 1150 * 1151 * <p>If this cipher requires algorithm parameters that cannot be 1152 * derived from the input parameters, and there are no reasonable 1153 * provider-specific default values, initialization will 1154 * necessarily fail. 1155 * 1156 * <p>If this cipher (including its underlying feedback or padding scheme) 1157 * requires any random bytes (e.g., for parameter generation), it will get 1158 * them using the {@link java.security.SecureRandom} 1159 * implementation of the highest-priority 1160 * installed provider as the source of randomness. 1161 * (If none of the installed providers supply an implementation of 1162 * SecureRandom, a system-provided source of randomness will be used.) 1163 * 1164 * <p>Note that when a Cipher object is initialized, it loses all 1165 * previously-acquired state. In other words, initializing a Cipher is 1166 * equivalent to creating a new instance of that Cipher and initializing 1167 * it. 1168 * 1169 * @param opmode the operation mode of this cipher (this is one of 1170 * the following: 1171 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1172 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1173 * @param key the key 1174 * 1175 * @exception InvalidKeyException if the given key is inappropriate for 1176 * initializing this cipher, or requires 1177 * algorithm parameters that cannot be 1178 * determined from the given key, or if the given key has a keysize that 1179 * exceeds the maximum allowable keysize (as determined from the 1180 * configured jurisdiction policy files). 1181 * @throws UnsupportedOperationException if (@code opmode} is 1182 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1183 * by the underlying {@code CipherSpi}. 1184 */ 1185 public final void init(int opmode, Key key) throws InvalidKeyException { 1186 init(opmode, key, JceSecurity.RANDOM); 1187 } 1188 1189 /** 1190 * Initializes this cipher with a key and a source of randomness. 1191 * 1192 * <p>The cipher is initialized for one of the following four operations: 1193 * encryption, decryption, key wrapping or key unwrapping, depending 1194 * on the value of {@code opmode}. 1195 * 1196 * <p>If this cipher requires any algorithm parameters that cannot be 1197 * derived from the given {@code key}, the underlying cipher 1198 * implementation is supposed to generate the required parameters itself 1199 * (using provider-specific default or random values) if it is being 1200 * initialized for encryption or key wrapping, and raise an 1201 * {@code InvalidKeyException} if it is being 1202 * initialized for decryption or key unwrapping. 1203 * The generated parameters can be retrieved using 1204 * {@link #getParameters() getParameters} or 1205 * {@link #getIV() getIV} (if the parameter is an IV). 1206 * 1207 * <p>If this cipher requires algorithm parameters that cannot be 1208 * derived from the input parameters, and there are no reasonable 1209 * provider-specific default values, initialization will 1210 * necessarily fail. 1211 * 1212 * <p>If this cipher (including its underlying feedback or padding scheme) 1213 * requires any random bytes (e.g., for parameter generation), it will get 1214 * them from {@code random}. 1215 * 1216 * <p>Note that when a Cipher object is initialized, it loses all 1217 * previously-acquired state. In other words, initializing a Cipher is 1218 * equivalent to creating a new instance of that Cipher and initializing 1219 * it. 1220 * 1221 * @param opmode the operation mode of this cipher (this is one of the 1222 * following: 1223 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1224 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1225 * @param key the encryption key 1226 * @param random the source of randomness 1227 * 1228 * @exception InvalidKeyException if the given key is inappropriate for 1229 * initializing this cipher, or requires 1230 * algorithm parameters that cannot be 1231 * determined from the given key, or if the given key has a keysize that 1232 * exceeds the maximum allowable keysize (as determined from the 1233 * configured jurisdiction policy files). 1234 * @throws UnsupportedOperationException if (@code opmode} is 1235 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1236 * by the underlying {@code CipherSpi}. 1237 */ 1238 public final void init(int opmode, Key key, SecureRandom random) 1239 throws InvalidKeyException 1240 { 1241 initialized = false; 1242 checkOpmode(opmode); 1243 1244 if (spi != null) { 1245 checkCryptoPerm(spi, key); 1246 spi.engineInit(opmode, key, random); 1247 } else { 1248 try { 1249 chooseProvider(I_KEY, opmode, key, null, null, random); 1250 } catch (InvalidAlgorithmParameterException e) { 1251 // should never occur 1252 throw new InvalidKeyException(e); 1253 } 1254 } 1255 1256 initialized = true; 1257 this.opmode = opmode; 1258 1259 if (!skipDebug && pdebug != null) { 1260 pdebug.println("Cipher." + transformation + " " + 1261 getOpmodeString(opmode) + " algorithm from: " + 1262 this.provider.getName()); 1263 } 1264 } 1265 1266 /** 1267 * Initializes this cipher with a key and a set of algorithm 1268 * parameters. 1269 * 1270 * <p>The cipher is initialized for one of the following four operations: 1271 * encryption, decryption, key wrapping or key unwrapping, depending 1272 * on the value of {@code opmode}. 1273 * 1274 * <p>If this cipher requires any algorithm parameters and 1275 * {@code params} is null, the underlying cipher implementation is 1276 * supposed to generate the required parameters itself (using 1277 * provider-specific default or random values) if it is being 1278 * initialized for encryption or key wrapping, and raise an 1279 * {@code InvalidAlgorithmParameterException} if it is being 1280 * initialized for decryption or key unwrapping. 1281 * The generated parameters can be retrieved using 1282 * {@link #getParameters() getParameters} or 1283 * {@link #getIV() getIV} (if the parameter is an IV). 1284 * 1285 * <p>If this cipher requires algorithm parameters that cannot be 1286 * derived from the input parameters, and there are no reasonable 1287 * provider-specific default values, initialization will 1288 * necessarily fail. 1289 * 1290 * <p>If this cipher (including its underlying feedback or padding scheme) 1291 * requires any random bytes (e.g., for parameter generation), it will get 1292 * them using the {@link java.security.SecureRandom} 1293 * implementation of the highest-priority 1294 * installed provider as the source of randomness. 1295 * (If none of the installed providers supply an implementation of 1296 * SecureRandom, a system-provided source of randomness will be used.) 1297 * 1298 * <p>Note that when a Cipher object is initialized, it loses all 1299 * previously-acquired state. In other words, initializing a Cipher is 1300 * equivalent to creating a new instance of that Cipher and initializing 1301 * it. 1302 * 1303 * @param opmode the operation mode of this cipher (this is one of the 1304 * following: 1305 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1306 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1307 * @param key the encryption key 1308 * @param params the algorithm parameters 1309 * 1310 * @exception InvalidKeyException if the given key is inappropriate for 1311 * initializing this cipher, or its keysize exceeds the maximum allowable 1312 * keysize (as determined from the configured jurisdiction policy files). 1313 * @exception InvalidAlgorithmParameterException if the given algorithm 1314 * parameters are inappropriate for this cipher, 1315 * or this cipher requires 1316 * algorithm parameters and {@code params} is null, or the given 1317 * algorithm parameters imply a cryptographic strength that would exceed 1318 * the legal limits (as determined from the configured jurisdiction 1319 * policy files). 1320 * @throws UnsupportedOperationException if (@code opmode} is 1321 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1322 * by the underlying {@code CipherSpi}. 1323 */ 1324 public final void init(int opmode, Key key, AlgorithmParameterSpec params) 1325 throws InvalidKeyException, InvalidAlgorithmParameterException 1326 { 1327 init(opmode, key, params, JceSecurity.RANDOM); 1328 } 1329 1330 /** 1331 * Initializes this cipher with a key, a set of algorithm 1332 * parameters, and a source of randomness. 1333 * 1334 * <p>The cipher is initialized for one of the following four operations: 1335 * encryption, decryption, key wrapping or key unwrapping, depending 1336 * on the value of {@code opmode}. 1337 * 1338 * <p>If this cipher requires any algorithm parameters and 1339 * {@code params} is null, the underlying cipher implementation is 1340 * supposed to generate the required parameters itself (using 1341 * provider-specific default or random values) if it is being 1342 * initialized for encryption or key wrapping, and raise an 1343 * {@code InvalidAlgorithmParameterException} if it is being 1344 * initialized for decryption or key unwrapping. 1345 * The generated parameters can be retrieved using 1346 * {@link #getParameters() getParameters} or 1347 * {@link #getIV() getIV} (if the parameter is an IV). 1348 * 1349 * <p>If this cipher requires algorithm parameters that cannot be 1350 * derived from the input parameters, and there are no reasonable 1351 * provider-specific default values, initialization will 1352 * necessarily fail. 1353 * 1354 * <p>If this cipher (including its underlying feedback or padding scheme) 1355 * requires any random bytes (e.g., for parameter generation), it will get 1356 * them from {@code random}. 1357 * 1358 * <p>Note that when a Cipher object is initialized, it loses all 1359 * previously-acquired state. In other words, initializing a Cipher is 1360 * equivalent to creating a new instance of that Cipher and initializing 1361 * it. 1362 * 1363 * @param opmode the operation mode of this cipher (this is one of the 1364 * following: 1365 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1366 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1367 * @param key the encryption key 1368 * @param params the algorithm parameters 1369 * @param random the source of randomness 1370 * 1371 * @exception InvalidKeyException if the given key is inappropriate for 1372 * initializing this cipher, or its keysize exceeds the maximum allowable 1373 * keysize (as determined from the configured jurisdiction policy files). 1374 * @exception InvalidAlgorithmParameterException if the given algorithm 1375 * parameters are inappropriate for this cipher, 1376 * or this cipher requires 1377 * algorithm parameters and {@code params} is null, or the given 1378 * algorithm parameters imply a cryptographic strength that would exceed 1379 * the legal limits (as determined from the configured jurisdiction 1380 * policy files). 1381 * @throws UnsupportedOperationException if (@code opmode} is 1382 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1383 * by the underlying {@code CipherSpi}. 1384 */ 1385 public final void init(int opmode, Key key, AlgorithmParameterSpec params, 1386 SecureRandom random) 1387 throws InvalidKeyException, InvalidAlgorithmParameterException 1388 { 1389 initialized = false; 1390 checkOpmode(opmode); 1391 1392 if (spi != null) { 1393 checkCryptoPerm(spi, key, params); 1394 spi.engineInit(opmode, key, params, random); 1395 } else { 1396 chooseProvider(I_PARAMSPEC, opmode, key, params, null, random); 1397 } 1398 1399 initialized = true; 1400 this.opmode = opmode; 1401 1402 if (!skipDebug && pdebug != null) { 1403 pdebug.println("Cipher." + transformation + " " + 1404 getOpmodeString(opmode) + " algorithm from: " + 1405 this.provider.getName()); 1406 } 1407 } 1408 1409 /** 1410 * Initializes this cipher with a key and a set of algorithm 1411 * parameters. 1412 * 1413 * <p>The cipher is initialized for one of the following four operations: 1414 * encryption, decryption, key wrapping or key unwrapping, depending 1415 * on the value of {@code opmode}. 1416 * 1417 * <p>If this cipher requires any algorithm parameters and 1418 * {@code params} is null, the underlying cipher implementation is 1419 * supposed to generate the required parameters itself (using 1420 * provider-specific default or random values) if it is being 1421 * initialized for encryption or key wrapping, and raise an 1422 * {@code InvalidAlgorithmParameterException} if it is being 1423 * initialized for decryption or key unwrapping. 1424 * The generated parameters can be retrieved using 1425 * {@link #getParameters() getParameters} or 1426 * {@link #getIV() getIV} (if the parameter is an IV). 1427 * 1428 * <p>If this cipher requires algorithm parameters that cannot be 1429 * derived from the input parameters, and there are no reasonable 1430 * provider-specific default values, initialization will 1431 * necessarily fail. 1432 * 1433 * <p>If this cipher (including its underlying feedback or padding scheme) 1434 * requires any random bytes (e.g., for parameter generation), it will get 1435 * them using the {@link java.security.SecureRandom} 1436 * implementation of the highest-priority 1437 * installed provider as the source of randomness. 1438 * (If none of the installed providers supply an implementation of 1439 * SecureRandom, a system-provided source of randomness will be used.) 1440 * 1441 * <p>Note that when a Cipher object is initialized, it loses all 1442 * previously-acquired state. In other words, initializing a Cipher is 1443 * equivalent to creating a new instance of that Cipher and initializing 1444 * it. 1445 * 1446 * @param opmode the operation mode of this cipher (this is one of the 1447 * following: {@code ENCRYPT_MODE}, 1448 * {@code DECRYPT_MODE}, {@code WRAP_MODE} 1449 * or {@code UNWRAP_MODE}) 1450 * @param key the encryption key 1451 * @param params the algorithm parameters 1452 * 1453 * @exception InvalidKeyException if the given key is inappropriate for 1454 * initializing this cipher, or its keysize exceeds the maximum allowable 1455 * keysize (as determined from the configured jurisdiction policy files). 1456 * @exception InvalidAlgorithmParameterException if the given algorithm 1457 * parameters are inappropriate for this cipher, 1458 * or this cipher requires 1459 * algorithm parameters and {@code params} is null, or the given 1460 * algorithm parameters imply a cryptographic strength that would exceed 1461 * the legal limits (as determined from the configured jurisdiction 1462 * policy files). 1463 * @throws UnsupportedOperationException if (@code opmode} is 1464 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1465 * by the underlying {@code CipherSpi}. 1466 */ 1467 public final void init(int opmode, Key key, AlgorithmParameters params) 1468 throws InvalidKeyException, InvalidAlgorithmParameterException 1469 { 1470 init(opmode, key, params, JceSecurity.RANDOM); 1471 } 1472 1473 /** 1474 * Initializes this cipher with a key, a set of algorithm 1475 * parameters, and a source of randomness. 1476 * 1477 * <p>The cipher is initialized for one of the following four operations: 1478 * encryption, decryption, key wrapping or key unwrapping, depending 1479 * on the value of {@code opmode}. 1480 * 1481 * <p>If this cipher requires any algorithm parameters and 1482 * {@code params} is null, the underlying cipher implementation is 1483 * supposed to generate the required parameters itself (using 1484 * provider-specific default or random values) if it is being 1485 * initialized for encryption or key wrapping, and raise an 1486 * {@code InvalidAlgorithmParameterException} if it is being 1487 * initialized for decryption or key unwrapping. 1488 * The generated parameters can be retrieved using 1489 * {@link #getParameters() getParameters} or 1490 * {@link #getIV() getIV} (if the parameter is an IV). 1491 * 1492 * <p>If this cipher requires algorithm parameters that cannot be 1493 * derived from the input parameters, and there are no reasonable 1494 * provider-specific default values, initialization will 1495 * necessarily fail. 1496 * 1497 * <p>If this cipher (including its underlying feedback or padding scheme) 1498 * requires any random bytes (e.g., for parameter generation), it will get 1499 * them from {@code random}. 1500 * 1501 * <p>Note that when a Cipher object is initialized, it loses all 1502 * previously-acquired state. In other words, initializing a Cipher is 1503 * equivalent to creating a new instance of that Cipher and initializing 1504 * it. 1505 * 1506 * @param opmode the operation mode of this cipher (this is one of the 1507 * following: {@code ENCRYPT_MODE}, 1508 * {@code DECRYPT_MODE}, {@code WRAP_MODE} 1509 * or {@code UNWRAP_MODE}) 1510 * @param key the encryption key 1511 * @param params the algorithm parameters 1512 * @param random the source of randomness 1513 * 1514 * @exception InvalidKeyException if the given key is inappropriate for 1515 * initializing this cipher, or its keysize exceeds the maximum allowable 1516 * keysize (as determined from the configured jurisdiction policy files). 1517 * @exception InvalidAlgorithmParameterException if the given algorithm 1518 * parameters are inappropriate for this cipher, 1519 * or this cipher requires 1520 * algorithm parameters and {@code params} is null, or the given 1521 * algorithm parameters imply a cryptographic strength that would exceed 1522 * the legal limits (as determined from the configured jurisdiction 1523 * policy files). 1524 * @throws UnsupportedOperationException if (@code opmode} is 1525 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1526 * by the underlying {@code CipherSpi}. 1527 */ 1528 public final void init(int opmode, Key key, AlgorithmParameters params, 1529 SecureRandom random) 1530 throws InvalidKeyException, InvalidAlgorithmParameterException 1531 { 1532 initialized = false; 1533 checkOpmode(opmode); 1534 1535 if (spi != null) { 1536 checkCryptoPerm(spi, key, params); 1537 spi.engineInit(opmode, key, params, random); 1538 } else { 1539 chooseProvider(I_PARAMS, opmode, key, null, params, random); 1540 } 1541 1542 initialized = true; 1543 this.opmode = opmode; 1544 1545 if (!skipDebug && pdebug != null) { 1546 pdebug.println("Cipher." + transformation + " " + 1547 getOpmodeString(opmode) + " algorithm from: " + 1548 this.provider.getName()); 1549 } 1550 } 1551 1552 /** 1553 * Initializes this cipher with the public key from the given certificate. 1554 * <p> The cipher is initialized for one of the following four operations: 1555 * encryption, decryption, key wrapping or key unwrapping, depending 1556 * on the value of {@code opmode}. 1557 * 1558 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1559 * extension field marked as critical, and the value of the <i>key usage</i> 1560 * extension field implies that the public key in 1561 * the certificate and its corresponding private key are not 1562 * supposed to be used for the operation represented by the value 1563 * of {@code opmode}, 1564 * an {@code InvalidKeyException} 1565 * is thrown. 1566 * 1567 * <p> If this cipher requires any algorithm parameters that cannot be 1568 * derived from the public key in the given certificate, the underlying 1569 * cipher 1570 * implementation is supposed to generate the required parameters itself 1571 * (using provider-specific default or random values) if it is being 1572 * initialized for encryption or key wrapping, and raise an 1573 * {@code InvalidKeyException} if it is being initialized for decryption or 1574 * key unwrapping. 1575 * The generated parameters can be retrieved using 1576 * {@link #getParameters() getParameters} or 1577 * {@link #getIV() getIV} (if the parameter is an IV). 1578 * 1579 * <p>If this cipher requires algorithm parameters that cannot be 1580 * derived from the input parameters, and there are no reasonable 1581 * provider-specific default values, initialization will 1582 * necessarily fail. 1583 * 1584 * <p>If this cipher (including its underlying feedback or padding scheme) 1585 * requires any random bytes (e.g., for parameter generation), it will get 1586 * them using the 1587 * {@code SecureRandom} 1588 * implementation of the highest-priority 1589 * installed provider as the source of randomness. 1590 * (If none of the installed providers supply an implementation of 1591 * SecureRandom, a system-provided source of randomness will be used.) 1592 * 1593 * <p>Note that when a Cipher object is initialized, it loses all 1594 * previously-acquired state. In other words, initializing a Cipher is 1595 * equivalent to creating a new instance of that Cipher and initializing 1596 * it. 1597 * 1598 * @param opmode the operation mode of this cipher (this is one of the 1599 * following: 1600 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1601 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1602 * @param certificate the certificate 1603 * 1604 * @exception InvalidKeyException if the public key in the given 1605 * certificate is inappropriate for initializing this cipher, or this 1606 * cipher requires algorithm parameters that cannot be determined from the 1607 * public key in the given certificate, or the keysize of the public key 1608 * in the given certificate has a keysize that exceeds the maximum 1609 * allowable keysize (as determined by the configured jurisdiction policy 1610 * files). 1611 * @throws UnsupportedOperationException if (@code opmode} is 1612 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1613 * by the underlying {@code CipherSpi}. 1614 */ 1615 public final void init(int opmode, Certificate certificate) 1616 throws InvalidKeyException 1617 { 1618 init(opmode, certificate, JceSecurity.RANDOM); 1619 } 1620 1621 /** 1622 * Initializes this cipher with the public key from the given certificate 1623 * and 1624 * a source of randomness. 1625 * 1626 * <p>The cipher is initialized for one of the following four operations: 1627 * encryption, decryption, key wrapping 1628 * or key unwrapping, depending on 1629 * the value of {@code opmode}. 1630 * 1631 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1632 * extension field marked as critical, and the value of the <i>key usage</i> 1633 * extension field implies that the public key in 1634 * the certificate and its corresponding private key are not 1635 * supposed to be used for the operation represented by the value of 1636 * {@code opmode}, 1637 * an {@code InvalidKeyException} 1638 * is thrown. 1639 * 1640 * <p>If this cipher requires any algorithm parameters that cannot be 1641 * derived from the public key in the given {@code certificate}, 1642 * the underlying cipher 1643 * implementation is supposed to generate the required parameters itself 1644 * (using provider-specific default or random values) if it is being 1645 * initialized for encryption or key wrapping, and raise an 1646 * {@code InvalidKeyException} if it is being 1647 * initialized for decryption or key unwrapping. 1648 * The generated parameters can be retrieved using 1649 * {@link #getParameters() getParameters} or 1650 * {@link #getIV() getIV} (if the parameter is an IV). 1651 * 1652 * <p>If this cipher requires algorithm parameters that cannot be 1653 * derived from the input parameters, and there are no reasonable 1654 * provider-specific default values, initialization will 1655 * necessarily fail. 1656 * 1657 * <p>If this cipher (including its underlying feedback or padding scheme) 1658 * requires any random bytes (e.g., for parameter generation), it will get 1659 * them from {@code random}. 1660 * 1661 * <p>Note that when a Cipher object is initialized, it loses all 1662 * previously-acquired state. In other words, initializing a Cipher is 1663 * equivalent to creating a new instance of that Cipher and initializing 1664 * it. 1665 * 1666 * @param opmode the operation mode of this cipher (this is one of the 1667 * following: 1668 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE}, 1669 * {@code WRAP_MODE} or {@code UNWRAP_MODE}) 1670 * @param certificate the certificate 1671 * @param random the source of randomness 1672 * 1673 * @exception InvalidKeyException if the public key in the given 1674 * certificate is inappropriate for initializing this cipher, or this 1675 * cipher 1676 * requires algorithm parameters that cannot be determined from the 1677 * public key in the given certificate, or the keysize of the public key 1678 * in the given certificate has a keysize that exceeds the maximum 1679 * allowable keysize (as determined by the configured jurisdiction policy 1680 * files). 1681 * @throws UnsupportedOperationException if (@code opmode} is 1682 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1683 * by the underlying {@code CipherSpi}. 1684 */ 1685 public final void init(int opmode, Certificate certificate, 1686 SecureRandom random) 1687 throws InvalidKeyException 1688 { 1689 initialized = false; 1690 checkOpmode(opmode); 1691 1692 // Check key usage if the certificate is of 1693 // type X.509. 1694 if (certificate instanceof java.security.cert.X509Certificate) { 1695 // Check whether the cert has a key usage extension 1696 // marked as a critical extension. 1697 X509Certificate cert = (X509Certificate)certificate; 1698 Set<String> critSet = cert.getCriticalExtensionOIDs(); 1699 1700 if (critSet != null && !critSet.isEmpty() 1701 && critSet.contains(KEY_USAGE_EXTENSION_OID)) { 1702 boolean[] keyUsageInfo = cert.getKeyUsage(); 1703 // keyUsageInfo[2] is for keyEncipherment; 1704 // keyUsageInfo[3] is for dataEncipherment. 1705 if ((keyUsageInfo != null) && 1706 (((opmode == Cipher.ENCRYPT_MODE) && 1707 (keyUsageInfo.length > 3) && 1708 (keyUsageInfo[3] == false)) || 1709 ((opmode == Cipher.WRAP_MODE) && 1710 (keyUsageInfo.length > 2) && 1711 (keyUsageInfo[2] == false)))) { 1712 throw new InvalidKeyException("Wrong key usage"); 1713 } 1714 } 1715 } 1716 1717 PublicKey publicKey = 1718 (certificate==null? null:certificate.getPublicKey()); 1719 1720 if (spi != null) { 1721 checkCryptoPerm(spi, publicKey); 1722 spi.engineInit(opmode, publicKey, random); 1723 } else { 1724 try { 1725 chooseProvider(I_CERT, opmode, publicKey, null, null, random); 1726 } catch (InvalidAlgorithmParameterException e) { 1727 // should never occur 1728 throw new InvalidKeyException(e); 1729 } 1730 } 1731 1732 initialized = true; 1733 this.opmode = opmode; 1734 1735 if (!skipDebug && pdebug != null) { 1736 pdebug.println("Cipher." + transformation + " " + 1737 getOpmodeString(opmode) + " algorithm from: " + 1738 this.provider.getName()); 1739 } 1740 } 1741 1742 /** 1743 * Ensures that Cipher is in a valid state for update() and doFinal() 1744 * calls - should be initialized and in ENCRYPT_MODE or DECRYPT_MODE. 1745 * @throws IllegalStateException if Cipher object is not in valid state. 1746 */ 1747 private void checkCipherState() { 1748 if (!(this instanceof NullCipher)) { 1749 if (!initialized) { 1750 throw new IllegalStateException("Cipher not initialized"); 1751 } 1752 if ((opmode != Cipher.ENCRYPT_MODE) && 1753 (opmode != Cipher.DECRYPT_MODE)) { 1754 throw new IllegalStateException("Cipher not initialized " + 1755 "for encryption/decryption"); 1756 } 1757 } 1758 } 1759 1760 /** 1761 * Continues a multiple-part encryption or decryption operation 1762 * (depending on how this cipher was initialized), processing another data 1763 * part. 1764 * 1765 * <p>The bytes in the {@code input} buffer are processed, and the 1766 * result is stored in a new buffer. 1767 * 1768 * <p>If {@code input} has a length of zero, this method returns 1769 * {@code null}. 1770 * 1771 * @param input the input buffer 1772 * 1773 * @return the new buffer with the result, or null if the underlying 1774 * cipher is a block cipher and the input data is too short to result in a 1775 * new block. 1776 * 1777 * @exception IllegalStateException if this cipher is in a wrong state 1778 * (e.g., has not been initialized) 1779 */ 1780 public final byte[] update(byte[] input) { 1781 checkCipherState(); 1782 1783 // Input sanity check 1784 if (input == null) { 1785 throw new IllegalArgumentException("Null input buffer"); 1786 } 1787 1788 chooseFirstProvider(); 1789 if (input.length == 0) { 1790 return null; 1791 } 1792 return spi.engineUpdate(input, 0, input.length); 1793 } 1794 1795 /** 1796 * Continues a multiple-part encryption or decryption operation 1797 * (depending on how this cipher was initialized), processing another data 1798 * part. 1799 * 1800 * <p>The first {@code inputLen} bytes in the {@code input} 1801 * buffer, starting at {@code inputOffset} inclusive, are processed, 1802 * and the result is stored in a new buffer. 1803 * 1804 * <p>If {@code inputLen} is zero, this method returns 1805 * {@code null}. 1806 * 1807 * @param input the input buffer 1808 * @param inputOffset the offset in {@code input} where the input 1809 * starts 1810 * @param inputLen the input length 1811 * 1812 * @return the new buffer with the result, or null if the underlying 1813 * cipher is a block cipher and the input data is too short to result in a 1814 * new block. 1815 * 1816 * @exception IllegalStateException if this cipher is in a wrong state 1817 * (e.g., has not been initialized) 1818 */ 1819 public final byte[] update(byte[] input, int inputOffset, int inputLen) { 1820 checkCipherState(); 1821 1822 // Input sanity check 1823 if (input == null || inputOffset < 0 1824 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1825 throw new IllegalArgumentException("Bad arguments"); 1826 } 1827 1828 chooseFirstProvider(); 1829 if (inputLen == 0) { 1830 return null; 1831 } 1832 return spi.engineUpdate(input, inputOffset, inputLen); 1833 } 1834 1835 /** 1836 * Continues a multiple-part encryption or decryption operation 1837 * (depending on how this cipher was initialized), processing another data 1838 * part. 1839 * 1840 * <p>The first {@code inputLen} bytes in the {@code input} 1841 * buffer, starting at {@code inputOffset} inclusive, are processed, 1842 * and the result is stored in the {@code output} buffer. 1843 * 1844 * <p>If the {@code output} buffer is too small to hold the result, 1845 * a {@code ShortBufferException} is thrown. In this case, repeat this 1846 * call with a larger output buffer. Use 1847 * {@link #getOutputSize(int) getOutputSize} to determine how big 1848 * the output buffer should be. 1849 * 1850 * <p>If {@code inputLen} is zero, this method returns 1851 * a length of zero. 1852 * 1853 * <p>Note: this method should be copy-safe, which means the 1854 * {@code input} and {@code output} buffers can reference 1855 * the same byte array and no unprocessed input data is overwritten 1856 * when the result is copied into the output buffer. 1857 * 1858 * @param input the input buffer 1859 * @param inputOffset the offset in {@code input} where the input 1860 * starts 1861 * @param inputLen the input length 1862 * @param output the buffer for the result 1863 * 1864 * @return the number of bytes stored in {@code output} 1865 * 1866 * @exception IllegalStateException if this cipher is in a wrong state 1867 * (e.g., has not been initialized) 1868 * @exception ShortBufferException if the given output buffer is too small 1869 * to hold the result 1870 */ 1871 public final int update(byte[] input, int inputOffset, int inputLen, 1872 byte[] output) 1873 throws ShortBufferException { 1874 checkCipherState(); 1875 1876 // Input sanity check 1877 if (input == null || inputOffset < 0 1878 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1879 throw new IllegalArgumentException("Bad arguments"); 1880 } 1881 1882 chooseFirstProvider(); 1883 if (inputLen == 0) { 1884 return 0; 1885 } 1886 return spi.engineUpdate(input, inputOffset, inputLen, 1887 output, 0); 1888 } 1889 1890 /** 1891 * Continues a multiple-part encryption or decryption operation 1892 * (depending on how this cipher was initialized), processing another data 1893 * part. 1894 * 1895 * <p>The first {@code inputLen} bytes in the {@code input} 1896 * buffer, starting at {@code inputOffset} inclusive, are processed, 1897 * and the result is stored in the {@code output} buffer, starting at 1898 * {@code outputOffset} inclusive. 1899 * 1900 * <p>If the {@code output} buffer is too small to hold the result, 1901 * a {@code ShortBufferException} is thrown. In this case, repeat this 1902 * call with a larger output buffer. Use 1903 * {@link #getOutputSize(int) getOutputSize} to determine how big 1904 * the output buffer should be. 1905 * 1906 * <p>If {@code inputLen} is zero, this method returns 1907 * a length of zero. 1908 * 1909 * <p>Note: this method should be copy-safe, which means the 1910 * {@code input} and {@code output} buffers can reference 1911 * the same byte array and no unprocessed input data is overwritten 1912 * when the result is copied into the output buffer. 1913 * 1914 * @param input the input buffer 1915 * @param inputOffset the offset in {@code input} where the input 1916 * starts 1917 * @param inputLen the input length 1918 * @param output the buffer for the result 1919 * @param outputOffset the offset in {@code output} where the result 1920 * is stored 1921 * 1922 * @return the number of bytes stored in {@code output} 1923 * 1924 * @exception IllegalStateException if this cipher is in a wrong state 1925 * (e.g., has not been initialized) 1926 * @exception ShortBufferException if the given output buffer is too small 1927 * to hold the result 1928 */ 1929 public final int update(byte[] input, int inputOffset, int inputLen, 1930 byte[] output, int outputOffset) 1931 throws ShortBufferException { 1932 checkCipherState(); 1933 1934 // Input sanity check 1935 if (input == null || inputOffset < 0 1936 || inputLen > (input.length - inputOffset) || inputLen < 0 1937 || outputOffset < 0) { 1938 throw new IllegalArgumentException("Bad arguments"); 1939 } 1940 1941 chooseFirstProvider(); 1942 if (inputLen == 0) { 1943 return 0; 1944 } 1945 return spi.engineUpdate(input, inputOffset, inputLen, 1946 output, outputOffset); 1947 } 1948 1949 /** 1950 * Continues a multiple-part encryption or decryption operation 1951 * (depending on how this cipher was initialized), processing another data 1952 * part. 1953 * 1954 * <p>All {@code input.remaining()} bytes starting at 1955 * {@code input.position()} are processed. The result is stored 1956 * in the output buffer. 1957 * Upon return, the input buffer's position will be equal 1958 * to its limit; its limit will not have changed. The output buffer's 1959 * position will have advanced by n, where n is the value returned 1960 * by this method; the output buffer's limit will not have changed. 1961 * 1962 * <p>If {@code output.remaining()} bytes are insufficient to 1963 * hold the result, a {@code ShortBufferException} is thrown. 1964 * In this case, repeat this call with a larger output buffer. Use 1965 * {@link #getOutputSize(int) getOutputSize} to determine how big 1966 * the output buffer should be. 1967 * 1968 * <p>Note: this method should be copy-safe, which means the 1969 * {@code input} and {@code output} buffers can reference 1970 * the same block of memory and no unprocessed input data is overwritten 1971 * when the result is copied into the output buffer. 1972 * 1973 * @param input the input ByteBuffer 1974 * @param output the output ByteByffer 1975 * 1976 * @return the number of bytes stored in {@code output} 1977 * 1978 * @exception IllegalStateException if this cipher is in a wrong state 1979 * (e.g., has not been initialized) 1980 * @exception IllegalArgumentException if input and output are the 1981 * same object 1982 * @exception ReadOnlyBufferException if the output buffer is read-only 1983 * @exception ShortBufferException if there is insufficient space in the 1984 * output buffer 1985 * @since 1.5 1986 */ 1987 public final int update(ByteBuffer input, ByteBuffer output) 1988 throws ShortBufferException { 1989 checkCipherState(); 1990 1991 if ((input == null) || (output == null)) { 1992 throw new IllegalArgumentException("Buffers must not be null"); 1993 } 1994 if (input == output) { 1995 throw new IllegalArgumentException("Input and output buffers must " 1996 + "not be the same object, consider using buffer.duplicate()"); 1997 } 1998 if (output.isReadOnly()) { 1999 throw new ReadOnlyBufferException(); 2000 } 2001 2002 chooseFirstProvider(); 2003 return spi.engineUpdate(input, output); 2004 } 2005 2006 /** 2007 * Finishes a multiple-part encryption or decryption operation, depending 2008 * on how this cipher was initialized. 2009 * 2010 * <p>Input data that may have been buffered during a previous 2011 * {@code update} operation is processed, with padding (if requested) 2012 * being applied. 2013 * If an AEAD mode such as GCM/CCM is being used, the authentication 2014 * tag is appended in the case of encryption, or verified in the 2015 * case of decryption. 2016 * The result is stored in a new buffer. 2017 * 2018 * <p>Upon finishing, this method resets this cipher object to the state 2019 * it was in when previously initialized via a call to {@code init}. 2020 * That is, the object is reset and available to encrypt or decrypt 2021 * (depending on the operation mode that was specified in the call to 2022 * {@code init}) more data. 2023 * 2024 * <p>Note: if any exception is thrown, this cipher object may need to 2025 * be reset before it can be used again. 2026 * 2027 * @return the new buffer with the result 2028 * 2029 * @exception IllegalStateException if this cipher is in a wrong state 2030 * (e.g., has not been initialized) 2031 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2032 * no padding has been requested (only in encryption mode), and the total 2033 * input length of the data processed by this cipher is not a multiple of 2034 * block size; or if this encryption algorithm is unable to 2035 * process the input data provided. 2036 * @exception BadPaddingException if this cipher is in decryption mode, 2037 * and (un)padding has been requested, but the decrypted data is not 2038 * bounded by the appropriate padding bytes 2039 * @exception AEADBadTagException if this cipher is decrypting in an 2040 * AEAD mode (such as GCM/CCM), and the received authentication tag 2041 * does not match the calculated value 2042 */ 2043 public final byte[] doFinal() 2044 throws IllegalBlockSizeException, BadPaddingException { 2045 checkCipherState(); 2046 2047 chooseFirstProvider(); 2048 return spi.engineDoFinal(null, 0, 0); 2049 } 2050 2051 /** 2052 * Finishes a multiple-part encryption or decryption operation, depending 2053 * on how this cipher was initialized. 2054 * 2055 * <p>Input data that may have been buffered during a previous 2056 * {@code update} operation is processed, with padding (if requested) 2057 * being applied. 2058 * If an AEAD mode such as GCM/CCM is being used, the authentication 2059 * tag is appended in the case of encryption, or verified in the 2060 * case of decryption. 2061 * The result is stored in the {@code output} buffer, starting at 2062 * {@code outputOffset} inclusive. 2063 * 2064 * <p>If the {@code output} buffer is too small to hold the result, 2065 * a {@code ShortBufferException} is thrown. In this case, repeat this 2066 * call with a larger output buffer. Use 2067 * {@link #getOutputSize(int) getOutputSize} to determine how big 2068 * the output buffer should be. 2069 * 2070 * <p>Upon finishing, this method resets this cipher object to the state 2071 * it was in when previously initialized via a call to {@code init}. 2072 * That is, the object is reset and available to encrypt or decrypt 2073 * (depending on the operation mode that was specified in the call to 2074 * {@code init}) more data. 2075 * 2076 * <p>Note: if any exception is thrown, this cipher object may need to 2077 * be reset before it can be used again. 2078 * 2079 * @param output the buffer for the result 2080 * @param outputOffset the offset in {@code output} where the result 2081 * is stored 2082 * 2083 * @return the number of bytes stored in {@code output} 2084 * 2085 * @exception IllegalStateException if this cipher is in a wrong state 2086 * (e.g., has not been initialized) 2087 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2088 * no padding has been requested (only in encryption mode), and the total 2089 * input length of the data processed by this cipher is not a multiple of 2090 * block size; or if this encryption algorithm is unable to 2091 * process the input data provided. 2092 * @exception ShortBufferException if the given output buffer is too small 2093 * to hold the result 2094 * @exception BadPaddingException if this cipher is in decryption mode, 2095 * and (un)padding has been requested, but the decrypted data is not 2096 * bounded by the appropriate padding bytes 2097 * @exception AEADBadTagException if this cipher is decrypting in an 2098 * AEAD mode (such as GCM/CCM), and the received authentication tag 2099 * does not match the calculated value 2100 */ 2101 public final int doFinal(byte[] output, int outputOffset) 2102 throws IllegalBlockSizeException, ShortBufferException, 2103 BadPaddingException { 2104 checkCipherState(); 2105 2106 // Input sanity check 2107 if ((output == null) || (outputOffset < 0)) { 2108 throw new IllegalArgumentException("Bad arguments"); 2109 } 2110 2111 chooseFirstProvider(); 2112 return spi.engineDoFinal(null, 0, 0, output, outputOffset); 2113 } 2114 2115 /** 2116 * Encrypts or decrypts data in a single-part operation, or finishes a 2117 * multiple-part operation. The data is encrypted or decrypted, 2118 * depending on how this cipher was initialized. 2119 * 2120 * <p>The bytes in the {@code input} buffer, and any input bytes that 2121 * may have been buffered during a previous {@code update} operation, 2122 * are processed, with padding (if requested) being applied. 2123 * If an AEAD mode such as GCM/CCM is being used, the authentication 2124 * tag is appended in the case of encryption, or verified in the 2125 * case of decryption. 2126 * The result is stored in a new buffer. 2127 * 2128 * <p>Upon finishing, this method resets this cipher object to the state 2129 * it was in when previously initialized via a call to {@code init}. 2130 * That is, the object is reset and available to encrypt or decrypt 2131 * (depending on the operation mode that was specified in the call to 2132 * {@code init}) more data. 2133 * 2134 * <p>Note: if any exception is thrown, this cipher object may need to 2135 * be reset before it can be used again. 2136 * 2137 * @param input the input buffer 2138 * 2139 * @return the new buffer with the result 2140 * 2141 * @exception IllegalStateException if this cipher is in a wrong state 2142 * (e.g., has not been initialized) 2143 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2144 * no padding has been requested (only in encryption mode), and the total 2145 * input length of the data processed by this cipher is not a multiple of 2146 * block size; or if this encryption algorithm is unable to 2147 * process the input data provided. 2148 * @exception BadPaddingException if this cipher is in decryption mode, 2149 * and (un)padding has been requested, but the decrypted data is not 2150 * bounded by the appropriate padding bytes 2151 * @exception AEADBadTagException if this cipher is decrypting in an 2152 * AEAD mode (such as GCM/CCM), and the received authentication tag 2153 * does not match the calculated value 2154 */ 2155 public final byte[] doFinal(byte[] input) 2156 throws IllegalBlockSizeException, BadPaddingException { 2157 checkCipherState(); 2158 2159 // Input sanity check 2160 if (input == null) { 2161 throw new IllegalArgumentException("Null input buffer"); 2162 } 2163 2164 chooseFirstProvider(); 2165 return spi.engineDoFinal(input, 0, input.length); 2166 } 2167 2168 /** 2169 * Encrypts or decrypts data in a single-part operation, or finishes a 2170 * multiple-part operation. The data is encrypted or decrypted, 2171 * depending on how this cipher was initialized. 2172 * 2173 * <p>The first {@code inputLen} bytes in the {@code input} 2174 * buffer, starting at {@code inputOffset} inclusive, and any input 2175 * bytes that may have been buffered during a previous {@code update} 2176 * operation, are processed, with padding (if requested) being applied. 2177 * If an AEAD mode such as GCM/CCM is being used, the authentication 2178 * tag is appended in the case of encryption, or verified in the 2179 * case of decryption. 2180 * The result is stored in a new buffer. 2181 * 2182 * <p>Upon finishing, this method resets this cipher object to the state 2183 * it was in when previously initialized via a call to {@code init}. 2184 * That is, the object is reset and available to encrypt or decrypt 2185 * (depending on the operation mode that was specified in the call to 2186 * {@code init}) more data. 2187 * 2188 * <p>Note: if any exception is thrown, this cipher object may need to 2189 * be reset before it can be used again. 2190 * 2191 * @param input the input buffer 2192 * @param inputOffset the offset in {@code input} where the input 2193 * starts 2194 * @param inputLen the input length 2195 * 2196 * @return the new buffer with the result 2197 * 2198 * @exception IllegalStateException if this cipher is in a wrong state 2199 * (e.g., has not been initialized) 2200 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2201 * no padding has been requested (only in encryption mode), and the total 2202 * input length of the data processed by this cipher is not a multiple of 2203 * block size; or if this encryption algorithm is unable to 2204 * process the input data provided. 2205 * @exception BadPaddingException if this cipher is in decryption mode, 2206 * and (un)padding has been requested, but the decrypted data is not 2207 * bounded by the appropriate padding bytes 2208 * @exception AEADBadTagException if this cipher is decrypting in an 2209 * AEAD mode (such as GCM/CCM), and the received authentication tag 2210 * does not match the calculated value 2211 */ 2212 public final byte[] doFinal(byte[] input, int inputOffset, int inputLen) 2213 throws IllegalBlockSizeException, BadPaddingException { 2214 checkCipherState(); 2215 2216 // Input sanity check 2217 if (input == null || inputOffset < 0 2218 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2219 throw new IllegalArgumentException("Bad arguments"); 2220 } 2221 2222 chooseFirstProvider(); 2223 return spi.engineDoFinal(input, inputOffset, inputLen); 2224 } 2225 2226 /** 2227 * Encrypts or decrypts data in a single-part operation, or finishes a 2228 * multiple-part operation. The data is encrypted or decrypted, 2229 * depending on how this cipher was initialized. 2230 * 2231 * <p>The first {@code inputLen} bytes in the {@code input} 2232 * buffer, starting at {@code inputOffset} inclusive, and any input 2233 * bytes that may have been buffered during a previous {@code update} 2234 * operation, are processed, with padding (if requested) being applied. 2235 * If an AEAD mode such as GCM/CCM is being used, the authentication 2236 * tag is appended in the case of encryption, or verified in the 2237 * case of decryption. 2238 * The result is stored in the {@code output} buffer. 2239 * 2240 * <p>If the {@code output} buffer is too small to hold the result, 2241 * a {@code ShortBufferException} is thrown. In this case, repeat this 2242 * call with a larger output buffer. Use 2243 * {@link #getOutputSize(int) getOutputSize} to determine how big 2244 * the output buffer should be. 2245 * 2246 * <p>Upon finishing, this method resets this cipher object to the state 2247 * it was in when previously initialized via a call to {@code init}. 2248 * That is, the object is reset and available to encrypt or decrypt 2249 * (depending on the operation mode that was specified in the call to 2250 * {@code init}) more data. 2251 * 2252 * <p>Note: if any exception is thrown, this cipher object may need to 2253 * be reset before it can be used again. 2254 * 2255 * <p>Note: this method should be copy-safe, which means the 2256 * {@code input} and {@code output} buffers can reference 2257 * the same byte array and no unprocessed input data is overwritten 2258 * when the result is copied into the output buffer. 2259 * 2260 * @param input the input buffer 2261 * @param inputOffset the offset in {@code input} where the input 2262 * starts 2263 * @param inputLen the input length 2264 * @param output the buffer for the result 2265 * 2266 * @return the number of bytes stored in {@code output} 2267 * 2268 * @exception IllegalStateException if this cipher is in a wrong state 2269 * (e.g., has not been initialized) 2270 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2271 * no padding has been requested (only in encryption mode), and the total 2272 * input length of the data processed by this cipher is not a multiple of 2273 * block size; or if this encryption algorithm is unable to 2274 * process the input data provided. 2275 * @exception ShortBufferException if the given output buffer is too small 2276 * to hold the result 2277 * @exception BadPaddingException if this cipher is in decryption mode, 2278 * and (un)padding has been requested, but the decrypted data is not 2279 * bounded by the appropriate padding bytes 2280 * @exception AEADBadTagException if this cipher is decrypting in an 2281 * AEAD mode (such as GCM/CCM), and the received authentication tag 2282 * does not match the calculated value 2283 */ 2284 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2285 byte[] output) 2286 throws ShortBufferException, IllegalBlockSizeException, 2287 BadPaddingException { 2288 checkCipherState(); 2289 2290 // Input sanity check 2291 if (input == null || inputOffset < 0 2292 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2293 throw new IllegalArgumentException("Bad arguments"); 2294 } 2295 2296 chooseFirstProvider(); 2297 return spi.engineDoFinal(input, inputOffset, inputLen, 2298 output, 0); 2299 } 2300 2301 /** 2302 * Encrypts or decrypts data in a single-part operation, or finishes a 2303 * multiple-part operation. The data is encrypted or decrypted, 2304 * depending on how this cipher was initialized. 2305 * 2306 * <p>The first {@code inputLen} bytes in the {@code input} 2307 * buffer, starting at {@code inputOffset} inclusive, and any input 2308 * bytes that may have been buffered during a previous 2309 * {@code update} operation, are processed, with padding 2310 * (if requested) being applied. 2311 * If an AEAD mode such as GCM/CCM is being used, the authentication 2312 * tag is appended in the case of encryption, or verified in the 2313 * case of decryption. 2314 * The result is stored in the {@code output} buffer, starting at 2315 * {@code outputOffset} inclusive. 2316 * 2317 * <p>If the {@code output} buffer is too small to hold the result, 2318 * a {@code ShortBufferException} is thrown. In this case, repeat this 2319 * call with a larger output buffer. Use 2320 * {@link #getOutputSize(int) getOutputSize} to determine how big 2321 * the output buffer should be. 2322 * 2323 * <p>Upon finishing, this method resets this cipher object to the state 2324 * it was in when previously initialized via a call to {@code init}. 2325 * That is, the object is reset and available to encrypt or decrypt 2326 * (depending on the operation mode that was specified in the call to 2327 * {@code init}) more data. 2328 * 2329 * <p>Note: if any exception is thrown, this cipher object may need to 2330 * be reset before it can be used again. 2331 * 2332 * <p>Note: this method should be copy-safe, which means the 2333 * {@code input} and {@code output} buffers can reference 2334 * the same byte array and no unprocessed input data is overwritten 2335 * when the result is copied into the output buffer. 2336 * 2337 * @param input the input buffer 2338 * @param inputOffset the offset in {@code input} where the input 2339 * starts 2340 * @param inputLen the input length 2341 * @param output the buffer for the result 2342 * @param outputOffset the offset in {@code output} where the result 2343 * is stored 2344 * 2345 * @return the number of bytes stored in {@code output} 2346 * 2347 * @exception IllegalStateException if this cipher is in a wrong state 2348 * (e.g., has not been initialized) 2349 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2350 * no padding has been requested (only in encryption mode), and the total 2351 * input length of the data processed by this cipher is not a multiple of 2352 * block size; or if this encryption algorithm is unable to 2353 * process the input data provided. 2354 * @exception ShortBufferException if the given output buffer is too small 2355 * to hold the result 2356 * @exception BadPaddingException if this cipher is in decryption mode, 2357 * and (un)padding has been requested, but the decrypted data is not 2358 * bounded by the appropriate padding bytes 2359 * @exception AEADBadTagException if this cipher is decrypting in an 2360 * AEAD mode (such as GCM/CCM), and the received authentication tag 2361 * does not match the calculated value 2362 */ 2363 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2364 byte[] output, int outputOffset) 2365 throws ShortBufferException, IllegalBlockSizeException, 2366 BadPaddingException { 2367 checkCipherState(); 2368 2369 // Input sanity check 2370 if (input == null || inputOffset < 0 2371 || inputLen > (input.length - inputOffset) || inputLen < 0 2372 || outputOffset < 0) { 2373 throw new IllegalArgumentException("Bad arguments"); 2374 } 2375 2376 chooseFirstProvider(); 2377 return spi.engineDoFinal(input, inputOffset, inputLen, 2378 output, outputOffset); 2379 } 2380 2381 /** 2382 * Encrypts or decrypts data in a single-part operation, or finishes a 2383 * multiple-part operation. The data is encrypted or decrypted, 2384 * depending on how this cipher was initialized. 2385 * 2386 * <p>All {@code input.remaining()} bytes starting at 2387 * {@code input.position()} are processed. 2388 * If an AEAD mode such as GCM/CCM is being used, the authentication 2389 * tag is appended in the case of encryption, or verified in the 2390 * case of decryption. 2391 * The result is stored in the output buffer. 2392 * Upon return, the input buffer's position will be equal 2393 * to its limit; its limit will not have changed. The output buffer's 2394 * position will have advanced by n, where n is the value returned 2395 * by this method; the output buffer's limit will not have changed. 2396 * 2397 * <p>If {@code output.remaining()} bytes are insufficient to 2398 * hold the result, a {@code ShortBufferException} is thrown. 2399 * In this case, repeat this call with a larger output buffer. Use 2400 * {@link #getOutputSize(int) getOutputSize} to determine how big 2401 * the output buffer should be. 2402 * 2403 * <p>Upon finishing, this method resets this cipher object to the state 2404 * it was in when previously initialized via a call to {@code init}. 2405 * That is, the object is reset and available to encrypt or decrypt 2406 * (depending on the operation mode that was specified in the call to 2407 * {@code init}) more data. 2408 * 2409 * <p>Note: if any exception is thrown, this cipher object may need to 2410 * be reset before it can be used again. 2411 * 2412 * <p>Note: this method should be copy-safe, which means the 2413 * {@code input} and {@code output} buffers can reference 2414 * the same byte array and no unprocessed input data is overwritten 2415 * when the result is copied into the output buffer. 2416 * 2417 * @param input the input ByteBuffer 2418 * @param output the output ByteBuffer 2419 * 2420 * @return the number of bytes stored in {@code output} 2421 * 2422 * @exception IllegalStateException if this cipher is in a wrong state 2423 * (e.g., has not been initialized) 2424 * @exception IllegalArgumentException if input and output are the 2425 * same object 2426 * @exception ReadOnlyBufferException if the output buffer is read-only 2427 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2428 * no padding has been requested (only in encryption mode), and the total 2429 * input length of the data processed by this cipher is not a multiple of 2430 * block size; or if this encryption algorithm is unable to 2431 * process the input data provided. 2432 * @exception ShortBufferException if there is insufficient space in the 2433 * output buffer 2434 * @exception BadPaddingException if this cipher is in decryption mode, 2435 * and (un)padding has been requested, but the decrypted data is not 2436 * bounded by the appropriate padding bytes 2437 * @exception AEADBadTagException if this cipher is decrypting in an 2438 * AEAD mode (such as GCM/CCM), and the received authentication tag 2439 * does not match the calculated value 2440 * 2441 * @since 1.5 2442 */ 2443 public final int doFinal(ByteBuffer input, ByteBuffer output) 2444 throws ShortBufferException, IllegalBlockSizeException, 2445 BadPaddingException { 2446 checkCipherState(); 2447 2448 if ((input == null) || (output == null)) { 2449 throw new IllegalArgumentException("Buffers must not be null"); 2450 } 2451 if (input == output) { 2452 throw new IllegalArgumentException("Input and output buffers must " 2453 + "not be the same object, consider using buffer.duplicate()"); 2454 } 2455 if (output.isReadOnly()) { 2456 throw new ReadOnlyBufferException(); 2457 } 2458 2459 chooseFirstProvider(); 2460 return spi.engineDoFinal(input, output); 2461 } 2462 2463 /** 2464 * Wrap a key. 2465 * 2466 * @param key the key to be wrapped. 2467 * 2468 * @return the wrapped key. 2469 * 2470 * @exception IllegalStateException if this cipher is in a wrong 2471 * state (e.g., has not been initialized). 2472 * 2473 * @exception IllegalBlockSizeException if this cipher is a block 2474 * cipher, no padding has been requested, and the length of the 2475 * encoding of the key to be wrapped is not a 2476 * multiple of the block size. 2477 * 2478 * @exception InvalidKeyException if it is impossible or unsafe to 2479 * wrap the key with this cipher (e.g., a hardware protected key is 2480 * being passed to a software-only cipher). 2481 * 2482 * @throws UnsupportedOperationException if the corresponding method in the 2483 * {@code CipherSpi} is not supported. 2484 */ 2485 public final byte[] wrap(Key key) 2486 throws IllegalBlockSizeException, InvalidKeyException { 2487 if (!(this instanceof NullCipher)) { 2488 if (!initialized) { 2489 throw new IllegalStateException("Cipher not initialized"); 2490 } 2491 if (opmode != Cipher.WRAP_MODE) { 2492 throw new IllegalStateException("Cipher not initialized " + 2493 "for wrapping keys"); 2494 } 2495 } 2496 2497 chooseFirstProvider(); 2498 return spi.engineWrap(key); 2499 } 2500 2501 /** 2502 * Unwrap a previously wrapped key. 2503 * 2504 * @param wrappedKey the key to be unwrapped. 2505 * 2506 * @param wrappedKeyAlgorithm the algorithm associated with the wrapped 2507 * key. 2508 * 2509 * @param wrappedKeyType the type of the wrapped key. This must be one of 2510 * {@code SECRET_KEY}, {@code PRIVATE_KEY}, or 2511 * {@code PUBLIC_KEY}. 2512 * 2513 * @return the unwrapped key. 2514 * 2515 * @exception IllegalStateException if this cipher is in a wrong state 2516 * (e.g., has not been initialized). 2517 * 2518 * @exception NoSuchAlgorithmException if no installed providers 2519 * can create keys of type {@code wrappedKeyType} for the 2520 * {@code wrappedKeyAlgorithm}. 2521 * 2522 * @exception InvalidKeyException if {@code wrappedKey} does not 2523 * represent a wrapped key of type {@code wrappedKeyType} for 2524 * the {@code wrappedKeyAlgorithm}. 2525 * 2526 * @throws UnsupportedOperationException if the corresponding method in the 2527 * {@code CipherSpi} is not supported. 2528 */ 2529 public final Key unwrap(byte[] wrappedKey, 2530 String wrappedKeyAlgorithm, 2531 int wrappedKeyType) 2532 throws InvalidKeyException, NoSuchAlgorithmException { 2533 2534 if (!(this instanceof NullCipher)) { 2535 if (!initialized) { 2536 throw new IllegalStateException("Cipher not initialized"); 2537 } 2538 if (opmode != Cipher.UNWRAP_MODE) { 2539 throw new IllegalStateException("Cipher not initialized " + 2540 "for unwrapping keys"); 2541 } 2542 } 2543 if ((wrappedKeyType != SECRET_KEY) && 2544 (wrappedKeyType != PRIVATE_KEY) && 2545 (wrappedKeyType != PUBLIC_KEY)) { 2546 throw new InvalidParameterException("Invalid key type"); 2547 } 2548 2549 chooseFirstProvider(); 2550 return spi.engineUnwrap(wrappedKey, 2551 wrappedKeyAlgorithm, 2552 wrappedKeyType); 2553 } 2554 2555 private AlgorithmParameterSpec getAlgorithmParameterSpec( 2556 AlgorithmParameters params) 2557 throws InvalidParameterSpecException { 2558 if (params == null) { 2559 return null; 2560 } 2561 2562 String alg = params.getAlgorithm().toUpperCase(Locale.ENGLISH); 2563 2564 if (alg.equalsIgnoreCase("RC2")) { 2565 return params.getParameterSpec(RC2ParameterSpec.class); 2566 } 2567 2568 if (alg.equalsIgnoreCase("RC5")) { 2569 return params.getParameterSpec(RC5ParameterSpec.class); 2570 } 2571 2572 if (alg.startsWith("PBE")) { 2573 return params.getParameterSpec(PBEParameterSpec.class); 2574 } 2575 2576 if (alg.startsWith("DES")) { 2577 return params.getParameterSpec(IvParameterSpec.class); 2578 } 2579 return null; 2580 } 2581 2582 private static CryptoPermission getConfiguredPermission( 2583 String transformation) throws NullPointerException, 2584 NoSuchAlgorithmException { 2585 if (transformation == null) throw new NullPointerException(); 2586 String[] parts = tokenizeTransformation(transformation); 2587 return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]); 2588 } 2589 2590 /** 2591 * Returns the maximum key length for the specified transformation 2592 * according to the installed JCE jurisdiction policy files. If 2593 * JCE unlimited strength jurisdiction policy files are installed, 2594 * Integer.MAX_VALUE will be returned. 2595 * For more information on default key size in JCE jurisdiction 2596 * policy files, please see Appendix E in the 2597 * <a href= 2598 * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppC"> 2599 * Java Cryptography Architecture Reference Guide</a>. 2600 * 2601 * @param transformation the cipher transformation. 2602 * @return the maximum key length in bits or Integer.MAX_VALUE. 2603 * @exception NullPointerException if {@code transformation} is null. 2604 * @exception NoSuchAlgorithmException if {@code transformation} 2605 * is not a valid transformation, i.e. in the form of "algorithm" or 2606 * "algorithm/mode/padding". 2607 * @since 1.5 2608 */ 2609 public static final int getMaxAllowedKeyLength(String transformation) 2610 throws NoSuchAlgorithmException { 2611 CryptoPermission cp = getConfiguredPermission(transformation); 2612 return cp.getMaxKeySize(); 2613 } 2614 2615 /** 2616 * Returns an AlgorithmParameterSpec object which contains 2617 * the maximum cipher parameter value according to the 2618 * jurisdiction policy file. If JCE unlimited strength jurisdiction 2619 * policy files are installed or there is no maximum limit on the 2620 * parameters for the specified transformation in the policy file, 2621 * null will be returned. 2622 * 2623 * @param transformation the cipher transformation. 2624 * @return an AlgorithmParameterSpec which holds the maximum 2625 * value or null. 2626 * @exception NullPointerException if {@code transformation} 2627 * is null. 2628 * @exception NoSuchAlgorithmException if {@code transformation} 2629 * is not a valid transformation, i.e. in the form of "algorithm" or 2630 * "algorithm/mode/padding". 2631 * @since 1.5 2632 */ 2633 public static final AlgorithmParameterSpec getMaxAllowedParameterSpec( 2634 String transformation) throws NoSuchAlgorithmException { 2635 CryptoPermission cp = getConfiguredPermission(transformation); 2636 return cp.getAlgorithmParameterSpec(); 2637 } 2638 2639 /** 2640 * Continues a multi-part update of the Additional Authentication 2641 * Data (AAD). 2642 * <p> 2643 * Calls to this method provide AAD to the cipher when operating in 2644 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2645 * either GCM or CCM mode, all AAD must be supplied before beginning 2646 * operations on the ciphertext (via the {@code update} and 2647 * {@code doFinal} methods). 2648 * 2649 * @param src the buffer containing the Additional Authentication Data 2650 * 2651 * @throws IllegalArgumentException if the {@code src} 2652 * byte array is null 2653 * @throws IllegalStateException if this cipher is in a wrong state 2654 * (e.g., has not been initialized), does not accept AAD, or if 2655 * operating in either GCM or CCM mode and one of the {@code update} 2656 * methods has already been called for the active 2657 * encryption/decryption operation 2658 * @throws UnsupportedOperationException if the corresponding method 2659 * in the {@code CipherSpi} has not been overridden by an 2660 * implementation 2661 * 2662 * @since 1.7 2663 */ 2664 public final void updateAAD(byte[] src) { 2665 if (src == null) { 2666 throw new IllegalArgumentException("src buffer is null"); 2667 } 2668 2669 updateAAD(src, 0, src.length); 2670 } 2671 2672 /** 2673 * Continues a multi-part update of the Additional Authentication 2674 * Data (AAD), using a subset of the provided buffer. 2675 * <p> 2676 * Calls to this method provide AAD to the cipher when operating in 2677 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2678 * either GCM or CCM mode, all AAD must be supplied before beginning 2679 * operations on the ciphertext (via the {@code update} 2680 * and {@code doFinal} methods). 2681 * 2682 * @param src the buffer containing the AAD 2683 * @param offset the offset in {@code src} where the AAD input starts 2684 * @param len the number of AAD bytes 2685 * 2686 * @throws IllegalArgumentException if the {@code src} 2687 * byte array is null, or the {@code offset} or {@code length} 2688 * is less than 0, or the sum of the {@code offset} and 2689 * {@code len} is greater than the length of the 2690 * {@code src} byte array 2691 * @throws IllegalStateException if this cipher is in a wrong state 2692 * (e.g., has not been initialized), does not accept AAD, or if 2693 * operating in either GCM or CCM mode and one of the {@code update} 2694 * methods has already been called for the active 2695 * encryption/decryption operation 2696 * @throws UnsupportedOperationException if the corresponding method 2697 * in the {@code CipherSpi} has not been overridden by an 2698 * implementation 2699 * 2700 * @since 1.7 2701 */ 2702 public final void updateAAD(byte[] src, int offset, int len) { 2703 checkCipherState(); 2704 2705 // Input sanity check 2706 if ((src == null) || (offset < 0) || (len < 0) 2707 || ((len + offset) > src.length)) { 2708 throw new IllegalArgumentException("Bad arguments"); 2709 } 2710 2711 chooseFirstProvider(); 2712 if (len == 0) { 2713 return; 2714 } 2715 spi.engineUpdateAAD(src, offset, len); 2716 } 2717 2718 /** 2719 * Continues a multi-part update of the Additional Authentication 2720 * Data (AAD). 2721 * <p> 2722 * Calls to this method provide AAD to the cipher when operating in 2723 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2724 * either GCM or CCM mode, all AAD must be supplied before beginning 2725 * operations on the ciphertext (via the {@code update} 2726 * and {@code doFinal} methods). 2727 * <p> 2728 * All {@code src.remaining()} bytes starting at 2729 * {@code src.position()} are processed. 2730 * Upon return, the input buffer's position will be equal 2731 * to its limit; its limit will not have changed. 2732 * 2733 * @param src the buffer containing the AAD 2734 * 2735 * @throws IllegalArgumentException if the {@code src ByteBuffer} 2736 * is null 2737 * @throws IllegalStateException if this cipher is in a wrong state 2738 * (e.g., has not been initialized), does not accept AAD, or if 2739 * operating in either GCM or CCM mode and one of the {@code update} 2740 * methods has already been called for the active 2741 * encryption/decryption operation 2742 * @throws UnsupportedOperationException if the corresponding method 2743 * in the {@code CipherSpi} has not been overridden by an 2744 * implementation 2745 * 2746 * @since 1.7 2747 */ 2748 public final void updateAAD(ByteBuffer src) { 2749 checkCipherState(); 2750 2751 // Input sanity check 2752 if (src == null) { 2753 throw new IllegalArgumentException("src ByteBuffer is null"); 2754 } 2755 2756 chooseFirstProvider(); 2757 if (src.remaining() == 0) { 2758 return; 2759 } 2760 spi.engineUpdateAAD(src); 2761 } 2762 }