1 /* 2 * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package javax.crypto; 27 28 import java.util.*; 29 import java.util.concurrent.ConcurrentHashMap; 30 import java.util.concurrent.ConcurrentMap; 31 import java.util.regex.*; 32 33 34 import java.security.*; 35 import java.security.Provider.Service; 36 import java.security.spec.AlgorithmParameterSpec; 37 import java.security.spec.InvalidParameterSpecException; 38 import java.security.cert.Certificate; 39 import java.security.cert.X509Certificate; 40 41 import javax.crypto.spec.*; 42 43 import java.nio.ByteBuffer; 44 import java.nio.ReadOnlyBufferException; 45 46 import sun.security.util.Debug; 47 import sun.security.jca.*; 48 49 /** 50 * This class provides the functionality of a cryptographic cipher for 51 * encryption and decryption. It forms the core of the Java Cryptographic 52 * Extension (JCE) framework. 53 * 54 * <p>In order to create a Cipher object, the application calls the 55 * Cipher's <code>getInstance</code> method, and passes the name of the 56 * requested <i>transformation</i> to it. Optionally, the name of a provider 57 * may be specified. 58 * 59 * <p>A <i>transformation</i> is a string that describes the operation (or 60 * set of operations) to be performed on the given input, to produce some 61 * output. A transformation always includes the name of a cryptographic 62 * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and 63 * padding scheme. 64 * 65 * <p> A transformation is of the form:<p> 66 * 67 * <ul> 68 * <li>"<i>algorithm/mode/padding</i>" or 69 * <p> 70 * <li>"<i>algorithm</i>" 71 * </ul> 72 * 73 * <P> (in the latter case, 74 * provider-specific default values for the mode and padding scheme are used). 75 * For example, the following is a valid transformation:<p> 76 * 77 * <pre> 78 * Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>"); 79 * </pre> 80 * 81 * Using modes such as <code>CFB</code> and <code>OFB</code>, block 82 * ciphers can encrypt data in units smaller than the cipher's actual 83 * block size. When requesting such a mode, you may optionally specify 84 * the number of bits to be processed at a time by appending this number 85 * to the mode name as shown in the "<code>DES/CFB8/NoPadding</code>" and 86 * "<code>DES/OFB32/PKCS5Padding</code>" transformations. If no such 87 * number is specified, a provider-specific default is used. (For 88 * example, the SunJCE provider uses a default of 64 bits for DES.) 89 * Thus, block ciphers can be turned into byte-oriented stream ciphers by 90 * using an 8 bit mode such as CFB8 or OFB8. 91 * <p> 92 * Modes such as Authenticated Encryption with Associated Data (AEAD) 93 * provide authenticity assurances for both confidential data and 94 * Additional Associated Data (AAD) that is not encrypted. (Please see 95 * <a href="http://www.ietf.org/rfc/rfc5116.txt"> RFC 5116 </a> for more 96 * information on AEAD and AEAD algorithms such as GCM/CCM.) Both 97 * confidential and AAD data can be used when calculating the 98 * authentication tag (similar to a {@link Mac}). This tag is appended 99 * to the ciphertext during encryption, and is verified on decryption. 100 * <p> 101 * AEAD modes such as GCM/CCM perform all AAD authenticity calculations 102 * before starting the ciphertext authenticity calculations. To avoid 103 * implementations having to internally buffer ciphertext, all AAD data 104 * must be supplied to GCM/CCM implementations (via the {@code 105 * updateAAD} methods) <b>before</b> the ciphertext is processed (via 106 * the {@code update} and {@code doFinal} methods). 107 * <p> 108 * Note that GCM mode has a uniqueness requirement on IVs used in 109 * encryption with a given key. When IVs are repeated for GCM 110 * encryption, such usages are subject to forgery attacks. Thus, after 111 * each encryption operation using GCM mode, callers should re-initialize 112 * the cipher objects with GCM parameters which has a different IV value. 113 * <pre> 114 * GCMParameterSpec s = ...; 115 * cipher.init(..., s); 116 * 117 * // If the GCM parameters were generated by the provider, it can 118 * // be retrieved by: 119 * // cipher.getParameters().getParameterSpec(GCMParameterSpec.class); 120 * 121 * cipher.updateAAD(...); // AAD 122 * cipher.update(...); // Multi-part update 123 * cipher.doFinal(...); // conclusion of operation 124 * 125 * // Use a different IV value for every encryption 126 * byte[] newIv = ...; 127 * s = new GCMParameterSpec(s.getTLen(), newIv); 128 * cipher.init(..., s); 129 * ... 130 * 131 * </pre> 132 * Every implementation of the Java platform is required to support 133 * the following standard <code>Cipher</code> transformations with the keysizes 134 * in parentheses: 135 * <ul> 136 * <li><tt>AES/CBC/NoPadding</tt> (128)</li> 137 * <li><tt>AES/CBC/PKCS5Padding</tt> (128)</li> 138 * <li><tt>AES/ECB/NoPadding</tt> (128)</li> 139 * <li><tt>AES/ECB/PKCS5Padding</tt> (128)</li> 140 * <li><tt>DES/CBC/NoPadding</tt> (56)</li> 141 * <li><tt>DES/CBC/PKCS5Padding</tt> (56)</li> 142 * <li><tt>DES/ECB/NoPadding</tt> (56)</li> 143 * <li><tt>DES/ECB/PKCS5Padding</tt> (56)</li> 144 * <li><tt>DESede/CBC/NoPadding</tt> (168)</li> 145 * <li><tt>DESede/CBC/PKCS5Padding</tt> (168)</li> 146 * <li><tt>DESede/ECB/NoPadding</tt> (168)</li> 147 * <li><tt>DESede/ECB/PKCS5Padding</tt> (168)</li> 148 * <li><tt>RSA/ECB/PKCS1Padding</tt> (1024, 2048)</li> 149 * <li><tt>RSA/ECB/OAEPWithSHA-1AndMGF1Padding</tt> (1024, 2048)</li> 150 * <li><tt>RSA/ECB/OAEPWithSHA-256AndMGF1Padding</tt> (1024, 2048)</li> 151 * </ul> 152 * These transformations are described in the 153 * <a href="{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 154 * Cipher section</a> of the 155 * Java Cryptography Architecture Standard Algorithm Name Documentation. 156 * Consult the release documentation for your implementation to see if any 157 * other transformations are supported. 158 * 159 * @author Jan Luehe 160 * @see KeyGenerator 161 * @see SecretKey 162 * @since 1.4 163 */ 164 165 public class Cipher { 166 167 private static final Debug debug = 168 Debug.getInstance("jca", "Cipher"); 169 170 /** 171 * Constant used to initialize cipher to encryption mode. 172 */ 173 public static final int ENCRYPT_MODE = 1; 174 175 /** 176 * Constant used to initialize cipher to decryption mode. 177 */ 178 public static final int DECRYPT_MODE = 2; 179 180 /** 181 * Constant used to initialize cipher to key-wrapping mode. 182 */ 183 public static final int WRAP_MODE = 3; 184 185 /** 186 * Constant used to initialize cipher to key-unwrapping mode. 187 */ 188 public static final int UNWRAP_MODE = 4; 189 190 /** 191 * Constant used to indicate the to-be-unwrapped key is a "public key". 192 */ 193 public static final int PUBLIC_KEY = 1; 194 195 /** 196 * Constant used to indicate the to-be-unwrapped key is a "private key". 197 */ 198 public static final int PRIVATE_KEY = 2; 199 200 /** 201 * Constant used to indicate the to-be-unwrapped key is a "secret key". 202 */ 203 public static final int SECRET_KEY = 3; 204 205 // The provider 206 private Provider provider; 207 208 // The provider implementation (delegate) 209 private CipherSpi spi; 210 211 // The transformation 212 private String transformation; 213 214 // Crypto permission representing the maximum allowable cryptographic 215 // strength that this Cipher object can be used for. (The cryptographic 216 // strength is a function of the keysize and algorithm parameters encoded 217 // in the crypto permission.) 218 private CryptoPermission cryptoPerm; 219 220 // The exemption mechanism that needs to be enforced 221 private ExemptionMechanism exmech; 222 223 // Flag which indicates whether or not this cipher has been initialized 224 private boolean initialized = false; 225 226 // The operation mode - store the operation mode after the 227 // cipher has been initialized. 228 private int opmode = 0; 229 230 // The OID for the KeyUsage extension in an X.509 v3 certificate 231 private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15"; 232 233 // next SPI to try in provider selection 234 // null once provider is selected 235 private CipherSpi firstSpi; 236 237 // next service to try in provider selection 238 // null once provider is selected 239 private Service firstService; 240 241 // remaining services to try in provider selection 242 // null once provider is selected 243 private Iterator<Service> serviceIterator; 244 245 // list of transform Strings to lookup in the provider 246 private List<Transform> transforms; 247 248 private final Object lock; 249 250 /** 251 * Creates a Cipher object. 252 * 253 * @param cipherSpi the delegate 254 * @param provider the provider 255 * @param transformation the transformation 256 */ 257 protected Cipher(CipherSpi cipherSpi, 258 Provider provider, 259 String transformation) { 260 // See bug 4341369 & 4334690 for more info. 261 // If the caller is trusted, then okey. 262 // Otherwise throw a NullPointerException. 263 if (!JceSecurityManager.INSTANCE.isCallerTrusted()) { 264 throw new NullPointerException(); 265 } 266 this.spi = cipherSpi; 267 this.provider = provider; 268 this.transformation = transformation; 269 this.cryptoPerm = CryptoAllPermission.INSTANCE; 270 this.lock = null; 271 } 272 273 /** 274 * Creates a Cipher object. Called internally and by NullCipher. 275 * 276 * @param cipherSpi the delegate 277 * @param transformation the transformation 278 */ 279 Cipher(CipherSpi cipherSpi, String transformation) { 280 this.spi = cipherSpi; 281 this.transformation = transformation; 282 this.cryptoPerm = CryptoAllPermission.INSTANCE; 283 this.lock = null; 284 } 285 286 private Cipher(CipherSpi firstSpi, Service firstService, 287 Iterator<Service> serviceIterator, String transformation, 288 List<Transform> transforms) { 289 this.firstSpi = firstSpi; 290 this.firstService = firstService; 291 this.serviceIterator = serviceIterator; 292 this.transforms = transforms; 293 this.transformation = transformation; 294 this.lock = new Object(); 295 } 296 297 private static String[] tokenizeTransformation(String transformation) 298 throws NoSuchAlgorithmException { 299 if (transformation == null) { 300 throw new NoSuchAlgorithmException("No transformation given"); 301 } 302 /* 303 * array containing the components of a Cipher transformation: 304 * 305 * index 0: algorithm component (e.g., DES) 306 * index 1: feedback component (e.g., CFB) 307 * index 2: padding component (e.g., PKCS5Padding) 308 */ 309 String[] parts = new String[3]; 310 int count = 0; 311 StringTokenizer parser = new StringTokenizer(transformation, "/"); 312 try { 313 while (parser.hasMoreTokens() && count < 3) { 314 parts[count++] = parser.nextToken().trim(); 315 } 316 if (count == 0 || count == 2 || parser.hasMoreTokens()) { 317 throw new NoSuchAlgorithmException("Invalid transformation" 318 + " format:" + 319 transformation); 320 } 321 } catch (NoSuchElementException e) { 322 throw new NoSuchAlgorithmException("Invalid transformation " + 323 "format:" + transformation); 324 } 325 if ((parts[0] == null) || (parts[0].length() == 0)) { 326 throw new NoSuchAlgorithmException("Invalid transformation:" + 327 "algorithm not specified-" 328 + transformation); 329 } 330 return parts; 331 } 332 333 // Provider attribute name for supported chaining mode 334 private final static String ATTR_MODE = "SupportedModes"; 335 // Provider attribute name for supported padding names 336 private final static String ATTR_PAD = "SupportedPaddings"; 337 338 // constants indicating whether the provider supports 339 // a given mode or padding 340 private final static int S_NO = 0; // does not support 341 private final static int S_MAYBE = 1; // unable to determine 342 private final static int S_YES = 2; // does support 343 344 /** 345 * Nested class to deal with modes and paddings. 346 */ 347 private static class Transform { 348 // transform string to lookup in the provider 349 final String transform; 350 // the mode/padding suffix in upper case. for example, if the algorithm 351 // to lookup is "DES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING" 352 // if loopup is "DES", suffix is the empty string 353 // needed because aliases prevent straight transform.equals() 354 final String suffix; 355 // value to pass to setMode() or null if no such call required 356 final String mode; 357 // value to pass to setPadding() or null if no such call required 358 final String pad; 359 Transform(String alg, String suffix, String mode, String pad) { 360 this.transform = alg + suffix; 361 this.suffix = suffix.toUpperCase(Locale.ENGLISH); 362 this.mode = mode; 363 this.pad = pad; 364 } 365 // set mode and padding for the given SPI 366 void setModePadding(CipherSpi spi) throws NoSuchAlgorithmException, 367 NoSuchPaddingException { 368 if (mode != null) { 369 spi.engineSetMode(mode); 370 } 371 if (pad != null) { 372 spi.engineSetPadding(pad); 373 } 374 } 375 // check whether the given services supports the mode and 376 // padding described by this Transform 377 int supportsModePadding(Service s) { 378 int smode = supportsMode(s); 379 if (smode == S_NO) { 380 return smode; 381 } 382 int spad = supportsPadding(s); 383 // our constants are defined so that Math.min() is a tri-valued AND 384 return Math.min(smode, spad); 385 } 386 387 // separate methods for mode and padding 388 // called directly by Cipher only to throw the correct exception 389 int supportsMode(Service s) { 390 return supports(s, ATTR_MODE, mode); 391 } 392 int supportsPadding(Service s) { 393 return supports(s, ATTR_PAD, pad); 394 } 395 396 private static int supports(Service s, String attrName, String value) { 397 if (value == null) { 398 return S_YES; 399 } 400 String regexp = s.getAttribute(attrName); 401 if (regexp == null) { 402 return S_MAYBE; 403 } 404 return matches(regexp, value) ? S_YES : S_NO; 405 } 406 407 // ConcurrentMap<String,Pattern> for previously compiled patterns 408 private final static ConcurrentMap<String, Pattern> patternCache = 409 new ConcurrentHashMap<String, Pattern>(); 410 411 private static boolean matches(String regexp, String str) { 412 Pattern pattern = patternCache.get(regexp); 413 if (pattern == null) { 414 pattern = Pattern.compile(regexp); 415 patternCache.putIfAbsent(regexp, pattern); 416 } 417 return pattern.matcher(str.toUpperCase(Locale.ENGLISH)).matches(); 418 } 419 420 } 421 422 private static List<Transform> getTransforms(String transformation) 423 throws NoSuchAlgorithmException { 424 String[] parts = tokenizeTransformation(transformation); 425 426 String alg = parts[0]; 427 String mode = parts[1]; 428 String pad = parts[2]; 429 if ((mode != null) && (mode.length() == 0)) { 430 mode = null; 431 } 432 if ((pad != null) && (pad.length() == 0)) { 433 pad = null; 434 } 435 436 if ((mode == null) && (pad == null)) { 437 // DES 438 Transform tr = new Transform(alg, "", null, null); 439 return Collections.singletonList(tr); 440 } else { // if ((mode != null) && (pad != null)) { 441 // DES/CBC/PKCS5Padding 442 List<Transform> list = new ArrayList<>(4); 443 list.add(new Transform(alg, "/" + mode + "/" + pad, null, null)); 444 list.add(new Transform(alg, "/" + mode, null, pad)); 445 list.add(new Transform(alg, "//" + pad, mode, null)); 446 list.add(new Transform(alg, "", mode, pad)); 447 return list; 448 } 449 } 450 451 // get the transform matching the specified service 452 private static Transform getTransform(Service s, 453 List<Transform> transforms) { 454 String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH); 455 for (Transform tr : transforms) { 456 if (alg.endsWith(tr.suffix)) { 457 return tr; 458 } 459 } 460 return null; 461 } 462 463 /** 464 * Returns a <code>Cipher</code> object that implements the specified 465 * transformation. 466 * 467 * <p> This method traverses the list of registered security Providers, 468 * starting with the most preferred Provider. 469 * A new Cipher object encapsulating the 470 * CipherSpi implementation from the first 471 * Provider that supports the specified algorithm is returned. 472 * 473 * <p> Note that the list of registered providers may be retrieved via 474 * the {@link Security#getProviders() Security.getProviders()} method. 475 * 476 * @param transformation the name of the transformation, e.g., 477 * <i>DES/CBC/PKCS5Padding</i>. 478 * See the Cipher section in the <a href= 479 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 480 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 481 * for information about standard transformation names. 482 * 483 * @return a cipher that implements the requested transformation. 484 * 485 * @exception NoSuchAlgorithmException if <code>transformation</code> 486 * is null, empty, in an invalid format, 487 * or if no Provider supports a CipherSpi implementation for the 488 * specified algorithm. 489 * 490 * @exception NoSuchPaddingException if <code>transformation</code> 491 * contains a padding scheme that is not available. 492 * 493 * @see java.security.Provider 494 */ 495 public static final Cipher getInstance(String transformation) 496 throws NoSuchAlgorithmException, NoSuchPaddingException 497 { 498 List<Transform> transforms = getTransforms(transformation); 499 List<ServiceId> cipherServices = new ArrayList<>(transforms.size()); 500 for (Transform transform : transforms) { 501 cipherServices.add(new ServiceId("Cipher", transform.transform)); 502 } 503 List<Service> services = GetInstance.getServices(cipherServices); 504 // make sure there is at least one service from a signed provider 505 // and that it can use the specified mode and padding 506 Iterator<Service> t = services.iterator(); 507 Exception failure = null; 508 while (t.hasNext()) { 509 Service s = t.next(); 510 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 511 continue; 512 } 513 Transform tr = getTransform(s, transforms); 514 if (tr == null) { 515 // should never happen 516 continue; 517 } 518 int canuse = tr.supportsModePadding(s); 519 if (canuse == S_NO) { 520 // does not support mode or padding we need, ignore 521 continue; 522 } 523 if (canuse == S_YES) { 524 return new Cipher(null, s, t, transformation, transforms); 525 } else { // S_MAYBE, try out if it works 526 try { 527 CipherSpi spi = (CipherSpi)s.newInstance(null); 528 tr.setModePadding(spi); 529 return new Cipher(spi, s, t, transformation, transforms); 530 } catch (Exception e) { 531 failure = e; 532 } 533 } 534 } 535 throw new NoSuchAlgorithmException 536 ("Cannot find any provider supporting " + transformation, failure); 537 } 538 539 /** 540 * Returns a <code>Cipher</code> object that implements the specified 541 * transformation. 542 * 543 * <p> A new Cipher object encapsulating the 544 * CipherSpi implementation from the specified provider 545 * is returned. The specified provider must be registered 546 * in the security provider list. 547 * 548 * <p> Note that the list of registered providers may be retrieved via 549 * the {@link Security#getProviders() Security.getProviders()} method. 550 * 551 * @param transformation the name of the transformation, 552 * e.g., <i>DES/CBC/PKCS5Padding</i>. 553 * See the Cipher section in the <a href= 554 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 555 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 556 * for information about standard transformation names. 557 * 558 * @param provider the name of the provider. 559 * 560 * @return a cipher that implements the requested transformation. 561 * 562 * @exception NoSuchAlgorithmException if <code>transformation</code> 563 * is null, empty, in an invalid format, 564 * or if a CipherSpi implementation for the specified algorithm 565 * is not available from the specified provider. 566 * 567 * @exception NoSuchProviderException if the specified provider is not 568 * registered in the security provider list. 569 * 570 * @exception NoSuchPaddingException if <code>transformation</code> 571 * contains a padding scheme that is not available. 572 * 573 * @exception IllegalArgumentException if the <code>provider</code> 574 * is null or empty. 575 * 576 * @see java.security.Provider 577 */ 578 public static final Cipher getInstance(String transformation, 579 String provider) 580 throws NoSuchAlgorithmException, NoSuchProviderException, 581 NoSuchPaddingException 582 { 583 if ((provider == null) || (provider.length() == 0)) { 584 throw new IllegalArgumentException("Missing provider"); 585 } 586 Provider p = Security.getProvider(provider); 587 if (p == null) { 588 throw new NoSuchProviderException("No such provider: " + 589 provider); 590 } 591 return getInstance(transformation, p); 592 } 593 594 /** 595 * Returns a <code>Cipher</code> object that implements the specified 596 * transformation. 597 * 598 * <p> A new Cipher object encapsulating the 599 * CipherSpi implementation from the specified Provider 600 * object is returned. Note that the specified Provider object 601 * does not have to be registered in the provider list. 602 * 603 * @param transformation the name of the transformation, 604 * e.g., <i>DES/CBC/PKCS5Padding</i>. 605 * See the Cipher section in the <a href= 606 * "{@docRoot}/../technotes/guides/security/StandardNames.html#Cipher"> 607 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 608 * for information about standard transformation names. 609 * 610 * @param provider the provider. 611 * 612 * @return a cipher that implements the requested transformation. 613 * 614 * @exception NoSuchAlgorithmException if <code>transformation</code> 615 * is null, empty, in an invalid format, 616 * or if a CipherSpi implementation for the specified algorithm 617 * is not available from the specified Provider object. 618 * 619 * @exception NoSuchPaddingException if <code>transformation</code> 620 * contains a padding scheme that is not available. 621 * 622 * @exception IllegalArgumentException if the <code>provider</code> 623 * is null. 624 * 625 * @see java.security.Provider 626 */ 627 public static final Cipher getInstance(String transformation, 628 Provider provider) 629 throws NoSuchAlgorithmException, NoSuchPaddingException 630 { 631 if (provider == null) { 632 throw new IllegalArgumentException("Missing provider"); 633 } 634 Exception failure = null; 635 List<Transform> transforms = getTransforms(transformation); 636 boolean providerChecked = false; 637 String paddingError = null; 638 for (Transform tr : transforms) { 639 Service s = provider.getService("Cipher", tr.transform); 640 if (s == null) { 641 continue; 642 } 643 if (providerChecked == false) { 644 // for compatibility, first do the lookup and then verify 645 // the provider. this makes the difference between a NSAE 646 // and a SecurityException if the 647 // provider does not support the algorithm. 648 Exception ve = JceSecurity.getVerificationResult(provider); 649 if (ve != null) { 650 String msg = "JCE cannot authenticate the provider " 651 + provider.getName(); 652 throw new SecurityException(msg, ve); 653 } 654 providerChecked = true; 655 } 656 if (tr.supportsMode(s) == S_NO) { 657 continue; 658 } 659 if (tr.supportsPadding(s) == S_NO) { 660 paddingError = tr.pad; 661 continue; 662 } 663 try { 664 CipherSpi spi = (CipherSpi)s.newInstance(null); 665 tr.setModePadding(spi); 666 Cipher cipher = new Cipher(spi, transformation); 667 cipher.provider = s.getProvider(); 668 cipher.initCryptoPermission(); 669 return cipher; 670 } catch (Exception e) { 671 failure = e; 672 } 673 } 674 675 // throw NoSuchPaddingException if the problem is with padding 676 if (failure instanceof NoSuchPaddingException) { 677 throw (NoSuchPaddingException)failure; 678 } 679 if (paddingError != null) { 680 throw new NoSuchPaddingException 681 ("Padding not supported: " + paddingError); 682 } 683 throw new NoSuchAlgorithmException 684 ("No such algorithm: " + transformation, failure); 685 } 686 687 // If the requested crypto service is export-controlled, 688 // determine the maximum allowable keysize. 689 private void initCryptoPermission() throws NoSuchAlgorithmException { 690 if (JceSecurity.isRestricted() == false) { 691 cryptoPerm = CryptoAllPermission.INSTANCE; 692 exmech = null; 693 return; 694 } 695 cryptoPerm = getConfiguredPermission(transformation); 696 // Instantiate the exemption mechanism (if required) 697 String exmechName = cryptoPerm.getExemptionMechanism(); 698 if (exmechName != null) { 699 exmech = ExemptionMechanism.getInstance(exmechName); 700 } 701 } 702 703 // max number of debug warnings to print from chooseFirstProvider() 704 private static int warnCount = 10; 705 706 /** 707 * Choose the Spi from the first provider available. Used if 708 * delayed provider selection is not possible because init() 709 * is not the first method called. 710 */ 711 void chooseFirstProvider() { 712 if (spi != null) { 713 return; 714 } 715 synchronized (lock) { 716 if (spi != null) { 717 return; 718 } 719 if (debug != null) { 720 int w = --warnCount; 721 if (w >= 0) { 722 debug.println("Cipher.init() not first method " 723 + "called, disabling delayed provider selection"); 724 if (w == 0) { 725 debug.println("Further warnings of this type will " 726 + "be suppressed"); 727 } 728 new Exception("Call trace").printStackTrace(); 729 } 730 } 731 Exception lastException = null; 732 while ((firstService != null) || serviceIterator.hasNext()) { 733 Service s; 734 CipherSpi thisSpi; 735 if (firstService != null) { 736 s = firstService; 737 thisSpi = firstSpi; 738 firstService = null; 739 firstSpi = null; 740 } else { 741 s = serviceIterator.next(); 742 thisSpi = null; 743 } 744 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 745 continue; 746 } 747 Transform tr = getTransform(s, transforms); 748 if (tr == null) { 749 // should never happen 750 continue; 751 } 752 if (tr.supportsModePadding(s) == S_NO) { 753 continue; 754 } 755 try { 756 if (thisSpi == null) { 757 Object obj = s.newInstance(null); 758 if (obj instanceof CipherSpi == false) { 759 continue; 760 } 761 thisSpi = (CipherSpi)obj; 762 } 763 tr.setModePadding(thisSpi); 764 initCryptoPermission(); 765 spi = thisSpi; 766 provider = s.getProvider(); 767 // not needed any more 768 firstService = null; 769 serviceIterator = null; 770 transforms = null; 771 return; 772 } catch (Exception e) { 773 lastException = e; 774 } 775 } 776 ProviderException e = new ProviderException 777 ("Could not construct CipherSpi instance"); 778 if (lastException != null) { 779 e.initCause(lastException); 780 } 781 throw e; 782 } 783 } 784 785 private final static int I_KEY = 1; 786 private final static int I_PARAMSPEC = 2; 787 private final static int I_PARAMS = 3; 788 private final static int I_CERT = 4; 789 790 private void implInit(CipherSpi thisSpi, int type, int opmode, Key key, 791 AlgorithmParameterSpec paramSpec, AlgorithmParameters params, 792 SecureRandom random) throws InvalidKeyException, 793 InvalidAlgorithmParameterException { 794 switch (type) { 795 case I_KEY: 796 checkCryptoPerm(thisSpi, key); 797 thisSpi.engineInit(opmode, key, random); 798 break; 799 case I_PARAMSPEC: 800 checkCryptoPerm(thisSpi, key, paramSpec); 801 thisSpi.engineInit(opmode, key, paramSpec, random); 802 break; 803 case I_PARAMS: 804 checkCryptoPerm(thisSpi, key, params); 805 thisSpi.engineInit(opmode, key, params, random); 806 break; 807 case I_CERT: 808 checkCryptoPerm(thisSpi, key); 809 thisSpi.engineInit(opmode, key, random); 810 break; 811 default: 812 throw new AssertionError("Internal Cipher error: " + type); 813 } 814 } 815 816 private void chooseProvider(int initType, int opmode, Key key, 817 AlgorithmParameterSpec paramSpec, 818 AlgorithmParameters params, SecureRandom random) 819 throws InvalidKeyException, InvalidAlgorithmParameterException { 820 synchronized (lock) { 821 if (spi != null) { 822 implInit(spi, initType, opmode, key, paramSpec, params, random); 823 return; 824 } 825 Exception lastException = null; 826 while ((firstService != null) || serviceIterator.hasNext()) { 827 Service s; 828 CipherSpi thisSpi; 829 if (firstService != null) { 830 s = firstService; 831 thisSpi = firstSpi; 832 firstService = null; 833 firstSpi = null; 834 } else { 835 s = serviceIterator.next(); 836 thisSpi = null; 837 } 838 // if provider says it does not support this key, ignore it 839 if (s.supportsParameter(key) == false) { 840 continue; 841 } 842 if (JceSecurity.canUseProvider(s.getProvider()) == false) { 843 continue; 844 } 845 Transform tr = getTransform(s, transforms); 846 if (tr == null) { 847 // should never happen 848 continue; 849 } 850 if (tr.supportsModePadding(s) == S_NO) { 851 continue; 852 } 853 try { 854 if (thisSpi == null) { 855 thisSpi = (CipherSpi)s.newInstance(null); 856 } 857 tr.setModePadding(thisSpi); 858 initCryptoPermission(); 859 implInit(thisSpi, initType, opmode, key, paramSpec, 860 params, random); 861 provider = s.getProvider(); 862 this.spi = thisSpi; 863 firstService = null; 864 serviceIterator = null; 865 transforms = null; 866 return; 867 } catch (Exception e) { 868 // NoSuchAlgorithmException from newInstance() 869 // InvalidKeyException from init() 870 // RuntimeException (ProviderException) from init() 871 // SecurityException from crypto permission check 872 if (lastException == null) { 873 lastException = e; 874 } 875 } 876 } 877 // no working provider found, fail 878 if (lastException instanceof InvalidKeyException) { 879 throw (InvalidKeyException)lastException; 880 } 881 if (lastException instanceof InvalidAlgorithmParameterException) { 882 throw (InvalidAlgorithmParameterException)lastException; 883 } 884 if (lastException instanceof RuntimeException) { 885 throw (RuntimeException)lastException; 886 } 887 String kName = (key != null) ? key.getClass().getName() : "(null)"; 888 throw new InvalidKeyException 889 ("No installed provider supports this key: " 890 + kName, lastException); 891 } 892 } 893 894 /** 895 * Returns the provider of this <code>Cipher</code> object. 896 * 897 * @return the provider of this <code>Cipher</code> object 898 */ 899 public final Provider getProvider() { 900 chooseFirstProvider(); 901 return this.provider; 902 } 903 904 /** 905 * Returns the algorithm name of this <code>Cipher</code> object. 906 * 907 * <p>This is the same name that was specified in one of the 908 * <code>getInstance</code> calls that created this <code>Cipher</code> 909 * object.. 910 * 911 * @return the algorithm name of this <code>Cipher</code> object. 912 */ 913 public final String getAlgorithm() { 914 return this.transformation; 915 } 916 917 /** 918 * Returns the block size (in bytes). 919 * 920 * @return the block size (in bytes), or 0 if the underlying algorithm is 921 * not a block cipher 922 */ 923 public final int getBlockSize() { 924 chooseFirstProvider(); 925 return spi.engineGetBlockSize(); 926 } 927 928 /** 929 * Returns the length in bytes that an output buffer would need to be in 930 * order to hold the result of the next <code>update</code> or 931 * <code>doFinal</code> operation, given the input length 932 * <code>inputLen</code> (in bytes). 933 * 934 * <p>This call takes into account any unprocessed (buffered) data from a 935 * previous <code>update</code> call, padding, and AEAD tagging. 936 * 937 * <p>The actual output length of the next <code>update</code> or 938 * <code>doFinal</code> call may be smaller than the length returned by 939 * this method. 940 * 941 * @param inputLen the input length (in bytes) 942 * 943 * @return the required output buffer size (in bytes) 944 * 945 * @exception IllegalStateException if this cipher is in a wrong state 946 * (e.g., has not yet been initialized) 947 */ 948 public final int getOutputSize(int inputLen) { 949 950 if (!initialized && !(this instanceof NullCipher)) { 951 throw new IllegalStateException("Cipher not initialized"); 952 } 953 if (inputLen < 0) { 954 throw new IllegalArgumentException("Input size must be equal " + 955 "to or greater than zero"); 956 } 957 chooseFirstProvider(); 958 return spi.engineGetOutputSize(inputLen); 959 } 960 961 /** 962 * Returns the initialization vector (IV) in a new buffer. 963 * 964 * <p>This is useful in the case where a random IV was created, 965 * or in the context of password-based encryption or 966 * decryption, where the IV is derived from a user-supplied password. 967 * 968 * @return the initialization vector in a new buffer, or null if the 969 * underlying algorithm does not use an IV, or if the IV has not yet 970 * been set. 971 */ 972 public final byte[] getIV() { 973 chooseFirstProvider(); 974 return spi.engineGetIV(); 975 } 976 977 /** 978 * Returns the parameters used with this cipher. 979 * 980 * <p>The returned parameters may be the same that were used to initialize 981 * this cipher, or may contain a combination of default and random 982 * parameter values used by the underlying cipher implementation if this 983 * cipher requires algorithm parameters but was not initialized with any. 984 * 985 * @return the parameters used with this cipher, or null if this cipher 986 * does not use any parameters. 987 */ 988 public final AlgorithmParameters getParameters() { 989 chooseFirstProvider(); 990 return spi.engineGetParameters(); 991 } 992 993 /** 994 * Returns the exemption mechanism object used with this cipher. 995 * 996 * @return the exemption mechanism object used with this cipher, or 997 * null if this cipher does not use any exemption mechanism. 998 */ 999 public final ExemptionMechanism getExemptionMechanism() { 1000 chooseFirstProvider(); 1001 return exmech; 1002 } 1003 1004 // 1005 // Crypto permission check code below 1006 // 1007 private void checkCryptoPerm(CipherSpi checkSpi, Key key) 1008 throws InvalidKeyException { 1009 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1010 return; 1011 } 1012 // Check if key size and default parameters are within legal limits 1013 AlgorithmParameterSpec params; 1014 try { 1015 params = getAlgorithmParameterSpec(checkSpi.engineGetParameters()); 1016 } catch (InvalidParameterSpecException ipse) { 1017 throw new InvalidKeyException 1018 ("Unsupported default algorithm parameters"); 1019 } 1020 if (!passCryptoPermCheck(checkSpi, key, params)) { 1021 throw new InvalidKeyException( 1022 "Illegal key size or default parameters"); 1023 } 1024 } 1025 1026 private void checkCryptoPerm(CipherSpi checkSpi, Key key, 1027 AlgorithmParameterSpec params) throws InvalidKeyException, 1028 InvalidAlgorithmParameterException { 1029 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1030 return; 1031 } 1032 // Determine keysize and check if it is within legal limits 1033 if (!passCryptoPermCheck(checkSpi, key, null)) { 1034 throw new InvalidKeyException("Illegal key size"); 1035 } 1036 if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) { 1037 throw new InvalidAlgorithmParameterException("Illegal parameters"); 1038 } 1039 } 1040 1041 private void checkCryptoPerm(CipherSpi checkSpi, Key key, 1042 AlgorithmParameters params) 1043 throws InvalidKeyException, InvalidAlgorithmParameterException { 1044 if (cryptoPerm == CryptoAllPermission.INSTANCE) { 1045 return; 1046 } 1047 // Convert the specified parameters into specs and then delegate. 1048 AlgorithmParameterSpec pSpec; 1049 try { 1050 pSpec = getAlgorithmParameterSpec(params); 1051 } catch (InvalidParameterSpecException ipse) { 1052 throw new InvalidAlgorithmParameterException 1053 ("Failed to retrieve algorithm parameter specification"); 1054 } 1055 checkCryptoPerm(checkSpi, key, pSpec); 1056 } 1057 1058 private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key, 1059 AlgorithmParameterSpec params) 1060 throws InvalidKeyException { 1061 String em = cryptoPerm.getExemptionMechanism(); 1062 int keySize = checkSpi.engineGetKeySize(key); 1063 // Use the "algorithm" component of the cipher 1064 // transformation so that the perm check would 1065 // work when the key has the "aliased" algo. 1066 String algComponent; 1067 int index = transformation.indexOf('/'); 1068 if (index != -1) { 1069 algComponent = transformation.substring(0, index); 1070 } else { 1071 algComponent = transformation; 1072 } 1073 CryptoPermission checkPerm = 1074 new CryptoPermission(algComponent, keySize, params, em); 1075 1076 if (!cryptoPerm.implies(checkPerm)) { 1077 if (debug != null) { 1078 debug.println("Crypto Permission check failed"); 1079 debug.println("granted: " + cryptoPerm); 1080 debug.println("requesting: " + checkPerm); 1081 } 1082 return false; 1083 } 1084 if (exmech == null) { 1085 return true; 1086 } 1087 try { 1088 if (!exmech.isCryptoAllowed(key)) { 1089 if (debug != null) { 1090 debug.println(exmech.getName() + " isn't enforced"); 1091 } 1092 return false; 1093 } 1094 } catch (ExemptionMechanismException eme) { 1095 if (debug != null) { 1096 debug.println("Cannot determine whether "+ 1097 exmech.getName() + " has been enforced"); 1098 eme.printStackTrace(); 1099 } 1100 return false; 1101 } 1102 return true; 1103 } 1104 1105 // check if opmode is one of the defined constants 1106 // throw InvalidParameterExeption if not 1107 private static void checkOpmode(int opmode) { 1108 if ((opmode < ENCRYPT_MODE) || (opmode > UNWRAP_MODE)) { 1109 throw new InvalidParameterException("Invalid operation mode"); 1110 } 1111 } 1112 1113 /** 1114 * Initializes this cipher with a key. 1115 * 1116 * <p>The cipher is initialized for one of the following four operations: 1117 * encryption, decryption, key wrapping or key unwrapping, depending 1118 * on the value of <code>opmode</code>. 1119 * 1120 * <p>If this cipher requires any algorithm parameters that cannot be 1121 * derived from the given <code>key</code>, the underlying cipher 1122 * implementation is supposed to generate the required parameters itself 1123 * (using provider-specific default or random values) if it is being 1124 * initialized for encryption or key wrapping, and raise an 1125 * <code>InvalidKeyException</code> if it is being 1126 * initialized for decryption or key unwrapping. 1127 * The generated parameters can be retrieved using 1128 * {@link #getParameters() getParameters} or 1129 * {@link #getIV() getIV} (if the parameter is an IV). 1130 * 1131 * <p>If this cipher requires algorithm parameters that cannot be 1132 * derived from the input parameters, and there are no reasonable 1133 * provider-specific default values, initialization will 1134 * necessarily fail. 1135 * 1136 * <p>If this cipher (including its underlying feedback or padding scheme) 1137 * requires any random bytes (e.g., for parameter generation), it will get 1138 * them using the {@link java.security.SecureRandom} 1139 * implementation of the highest-priority 1140 * installed provider as the source of randomness. 1141 * (If none of the installed providers supply an implementation of 1142 * SecureRandom, a system-provided source of randomness will be used.) 1143 * 1144 * <p>Note that when a Cipher object is initialized, it loses all 1145 * previously-acquired state. In other words, initializing a Cipher is 1146 * equivalent to creating a new instance of that Cipher and initializing 1147 * it. 1148 * 1149 * @param opmode the operation mode of this cipher (this is one of 1150 * the following: 1151 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1152 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1153 * @param key the key 1154 * 1155 * @exception InvalidKeyException if the given key is inappropriate for 1156 * initializing this cipher, or requires 1157 * algorithm parameters that cannot be 1158 * determined from the given key, or if the given key has a keysize that 1159 * exceeds the maximum allowable keysize (as determined from the 1160 * configured jurisdiction policy files). 1161 * @throws UnsupportedOperationException if (@code opmode} is 1162 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1163 * by the underlying {@code CipherSpi}. 1164 */ 1165 public final void init(int opmode, Key key) throws InvalidKeyException { 1166 init(opmode, key, JceSecurity.RANDOM); 1167 } 1168 1169 /** 1170 * Initializes this cipher with a key and a source of randomness. 1171 * 1172 * <p>The cipher is initialized for one of the following four operations: 1173 * encryption, decryption, key wrapping or key unwrapping, depending 1174 * on the value of <code>opmode</code>. 1175 * 1176 * <p>If this cipher requires any algorithm parameters that cannot be 1177 * derived from the given <code>key</code>, the underlying cipher 1178 * implementation is supposed to generate the required parameters itself 1179 * (using provider-specific default or random values) if it is being 1180 * initialized for encryption or key wrapping, and raise an 1181 * <code>InvalidKeyException</code> if it is being 1182 * initialized for decryption or key unwrapping. 1183 * The generated parameters can be retrieved using 1184 * {@link #getParameters() getParameters} or 1185 * {@link #getIV() getIV} (if the parameter is an IV). 1186 * 1187 * <p>If this cipher requires algorithm parameters that cannot be 1188 * derived from the input parameters, and there are no reasonable 1189 * provider-specific default values, initialization will 1190 * necessarily fail. 1191 * 1192 * <p>If this cipher (including its underlying feedback or padding scheme) 1193 * requires any random bytes (e.g., for parameter generation), it will get 1194 * them from <code>random</code>. 1195 * 1196 * <p>Note that when a Cipher object is initialized, it loses all 1197 * previously-acquired state. In other words, initializing a Cipher is 1198 * equivalent to creating a new instance of that Cipher and initializing 1199 * it. 1200 * 1201 * @param opmode the operation mode of this cipher (this is one of the 1202 * following: 1203 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1204 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1205 * @param key the encryption key 1206 * @param random the source of randomness 1207 * 1208 * @exception InvalidKeyException if the given key is inappropriate for 1209 * initializing this cipher, or requires 1210 * algorithm parameters that cannot be 1211 * determined from the given key, or if the given key has a keysize that 1212 * exceeds the maximum allowable keysize (as determined from the 1213 * configured jurisdiction policy files). 1214 * @throws UnsupportedOperationException if (@code opmode} is 1215 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1216 * by the underlying {@code CipherSpi}. 1217 */ 1218 public final void init(int opmode, Key key, SecureRandom random) 1219 throws InvalidKeyException 1220 { 1221 initialized = false; 1222 checkOpmode(opmode); 1223 1224 if (spi != null) { 1225 checkCryptoPerm(spi, key); 1226 spi.engineInit(opmode, key, random); 1227 } else { 1228 try { 1229 chooseProvider(I_KEY, opmode, key, null, null, random); 1230 } catch (InvalidAlgorithmParameterException e) { 1231 // should never occur 1232 throw new InvalidKeyException(e); 1233 } 1234 } 1235 1236 initialized = true; 1237 this.opmode = opmode; 1238 } 1239 1240 /** 1241 * Initializes this cipher with a key and a set of algorithm 1242 * parameters. 1243 * 1244 * <p>The cipher is initialized for one of the following four operations: 1245 * encryption, decryption, key wrapping or key unwrapping, depending 1246 * on the value of <code>opmode</code>. 1247 * 1248 * <p>If this cipher requires any algorithm parameters and 1249 * <code>params</code> is null, the underlying cipher implementation is 1250 * supposed to generate the required parameters itself (using 1251 * provider-specific default or random values) if it is being 1252 * initialized for encryption or key wrapping, and raise an 1253 * <code>InvalidAlgorithmParameterException</code> if it is being 1254 * initialized for decryption or key unwrapping. 1255 * The generated parameters can be retrieved using 1256 * {@link #getParameters() getParameters} or 1257 * {@link #getIV() getIV} (if the parameter is an IV). 1258 * 1259 * <p>If this cipher requires algorithm parameters that cannot be 1260 * derived from the input parameters, and there are no reasonable 1261 * provider-specific default values, initialization will 1262 * necessarily fail. 1263 * 1264 * <p>If this cipher (including its underlying feedback or padding scheme) 1265 * requires any random bytes (e.g., for parameter generation), it will get 1266 * them using the {@link java.security.SecureRandom} 1267 * implementation of the highest-priority 1268 * installed provider as the source of randomness. 1269 * (If none of the installed providers supply an implementation of 1270 * SecureRandom, a system-provided source of randomness will be used.) 1271 * 1272 * <p>Note that when a Cipher object is initialized, it loses all 1273 * previously-acquired state. In other words, initializing a Cipher is 1274 * equivalent to creating a new instance of that Cipher and initializing 1275 * it. 1276 * 1277 * @param opmode the operation mode of this cipher (this is one of the 1278 * following: 1279 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1280 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1281 * @param key the encryption key 1282 * @param params the algorithm parameters 1283 * 1284 * @exception InvalidKeyException if the given key is inappropriate for 1285 * initializing this cipher, or its keysize exceeds the maximum allowable 1286 * keysize (as determined from the configured jurisdiction policy files). 1287 * @exception InvalidAlgorithmParameterException if the given algorithm 1288 * parameters are inappropriate for this cipher, 1289 * or this cipher requires 1290 * algorithm parameters and <code>params</code> is null, or the given 1291 * algorithm parameters imply a cryptographic strength that would exceed 1292 * the legal limits (as determined from the configured jurisdiction 1293 * policy files). 1294 * @throws UnsupportedOperationException if (@code opmode} is 1295 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1296 * by the underlying {@code CipherSpi}. 1297 */ 1298 public final void init(int opmode, Key key, AlgorithmParameterSpec params) 1299 throws InvalidKeyException, InvalidAlgorithmParameterException 1300 { 1301 init(opmode, key, params, JceSecurity.RANDOM); 1302 } 1303 1304 /** 1305 * Initializes this cipher with a key, a set of algorithm 1306 * parameters, and a source of randomness. 1307 * 1308 * <p>The cipher is initialized for one of the following four operations: 1309 * encryption, decryption, key wrapping or key unwrapping, depending 1310 * on the value of <code>opmode</code>. 1311 * 1312 * <p>If this cipher requires any algorithm parameters and 1313 * <code>params</code> is null, the underlying cipher implementation is 1314 * supposed to generate the required parameters itself (using 1315 * provider-specific default or random values) if it is being 1316 * initialized for encryption or key wrapping, and raise an 1317 * <code>InvalidAlgorithmParameterException</code> if it is being 1318 * initialized for decryption or key unwrapping. 1319 * The generated parameters can be retrieved using 1320 * {@link #getParameters() getParameters} or 1321 * {@link #getIV() getIV} (if the parameter is an IV). 1322 * 1323 * <p>If this cipher requires algorithm parameters that cannot be 1324 * derived from the input parameters, and there are no reasonable 1325 * provider-specific default values, initialization will 1326 * necessarily fail. 1327 * 1328 * <p>If this cipher (including its underlying feedback or padding scheme) 1329 * requires any random bytes (e.g., for parameter generation), it will get 1330 * them from <code>random</code>. 1331 * 1332 * <p>Note that when a Cipher object is initialized, it loses all 1333 * previously-acquired state. In other words, initializing a Cipher is 1334 * equivalent to creating a new instance of that Cipher and initializing 1335 * it. 1336 * 1337 * @param opmode the operation mode of this cipher (this is one of the 1338 * following: 1339 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1340 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1341 * @param key the encryption key 1342 * @param params the algorithm parameters 1343 * @param random the source of randomness 1344 * 1345 * @exception InvalidKeyException if the given key is inappropriate for 1346 * initializing this cipher, or its keysize exceeds the maximum allowable 1347 * keysize (as determined from the configured jurisdiction policy files). 1348 * @exception InvalidAlgorithmParameterException if the given algorithm 1349 * parameters are inappropriate for this cipher, 1350 * or this cipher requires 1351 * algorithm parameters and <code>params</code> is null, or the given 1352 * algorithm parameters imply a cryptographic strength that would exceed 1353 * the legal limits (as determined from the configured jurisdiction 1354 * policy files). 1355 * @throws UnsupportedOperationException if (@code opmode} is 1356 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1357 * by the underlying {@code CipherSpi}. 1358 */ 1359 public final void init(int opmode, Key key, AlgorithmParameterSpec params, 1360 SecureRandom random) 1361 throws InvalidKeyException, InvalidAlgorithmParameterException 1362 { 1363 initialized = false; 1364 checkOpmode(opmode); 1365 1366 if (spi != null) { 1367 checkCryptoPerm(spi, key, params); 1368 spi.engineInit(opmode, key, params, random); 1369 } else { 1370 chooseProvider(I_PARAMSPEC, opmode, key, params, null, random); 1371 } 1372 1373 initialized = true; 1374 this.opmode = opmode; 1375 } 1376 1377 /** 1378 * Initializes this cipher with a key and a set of algorithm 1379 * parameters. 1380 * 1381 * <p>The cipher is initialized for one of the following four operations: 1382 * encryption, decryption, key wrapping or key unwrapping, depending 1383 * on the value of <code>opmode</code>. 1384 * 1385 * <p>If this cipher requires any algorithm parameters and 1386 * <code>params</code> is null, the underlying cipher implementation is 1387 * supposed to generate the required parameters itself (using 1388 * provider-specific default or random values) if it is being 1389 * initialized for encryption or key wrapping, and raise an 1390 * <code>InvalidAlgorithmParameterException</code> if it is being 1391 * initialized for decryption or key unwrapping. 1392 * The generated parameters can be retrieved using 1393 * {@link #getParameters() getParameters} or 1394 * {@link #getIV() getIV} (if the parameter is an IV). 1395 * 1396 * <p>If this cipher requires algorithm parameters that cannot be 1397 * derived from the input parameters, and there are no reasonable 1398 * provider-specific default values, initialization will 1399 * necessarily fail. 1400 * 1401 * <p>If this cipher (including its underlying feedback or padding scheme) 1402 * requires any random bytes (e.g., for parameter generation), it will get 1403 * them using the {@link java.security.SecureRandom} 1404 * implementation of the highest-priority 1405 * installed provider as the source of randomness. 1406 * (If none of the installed providers supply an implementation of 1407 * SecureRandom, a system-provided source of randomness will be used.) 1408 * 1409 * <p>Note that when a Cipher object is initialized, it loses all 1410 * previously-acquired state. In other words, initializing a Cipher is 1411 * equivalent to creating a new instance of that Cipher and initializing 1412 * it. 1413 * 1414 * @param opmode the operation mode of this cipher (this is one of the 1415 * following: <code>ENCRYPT_MODE</code>, 1416 * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> 1417 * or <code>UNWRAP_MODE</code>) 1418 * @param key the encryption key 1419 * @param params the algorithm parameters 1420 * 1421 * @exception InvalidKeyException if the given key is inappropriate for 1422 * initializing this cipher, or its keysize exceeds the maximum allowable 1423 * keysize (as determined from the configured jurisdiction policy files). 1424 * @exception InvalidAlgorithmParameterException if the given algorithm 1425 * parameters are inappropriate for this cipher, 1426 * or this cipher requires 1427 * algorithm parameters and <code>params</code> is null, or the given 1428 * algorithm parameters imply a cryptographic strength that would exceed 1429 * the legal limits (as determined from the configured jurisdiction 1430 * policy files). 1431 * @throws UnsupportedOperationException if (@code opmode} is 1432 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1433 * by the underlying {@code CipherSpi}. 1434 */ 1435 public final void init(int opmode, Key key, AlgorithmParameters params) 1436 throws InvalidKeyException, InvalidAlgorithmParameterException 1437 { 1438 init(opmode, key, params, JceSecurity.RANDOM); 1439 } 1440 1441 /** 1442 * Initializes this cipher with a key, a set of algorithm 1443 * parameters, and a source of randomness. 1444 * 1445 * <p>The cipher is initialized for one of the following four operations: 1446 * encryption, decryption, key wrapping or key unwrapping, depending 1447 * on the value of <code>opmode</code>. 1448 * 1449 * <p>If this cipher requires any algorithm parameters and 1450 * <code>params</code> is null, the underlying cipher implementation is 1451 * supposed to generate the required parameters itself (using 1452 * provider-specific default or random values) if it is being 1453 * initialized for encryption or key wrapping, and raise an 1454 * <code>InvalidAlgorithmParameterException</code> if it is being 1455 * initialized for decryption or key unwrapping. 1456 * The generated parameters can be retrieved using 1457 * {@link #getParameters() getParameters} or 1458 * {@link #getIV() getIV} (if the parameter is an IV). 1459 * 1460 * <p>If this cipher requires algorithm parameters that cannot be 1461 * derived from the input parameters, and there are no reasonable 1462 * provider-specific default values, initialization will 1463 * necessarily fail. 1464 * 1465 * <p>If this cipher (including its underlying feedback or padding scheme) 1466 * requires any random bytes (e.g., for parameter generation), it will get 1467 * them from <code>random</code>. 1468 * 1469 * <p>Note that when a Cipher object is initialized, it loses all 1470 * previously-acquired state. In other words, initializing a Cipher is 1471 * equivalent to creating a new instance of that Cipher and initializing 1472 * it. 1473 * 1474 * @param opmode the operation mode of this cipher (this is one of the 1475 * following: <code>ENCRYPT_MODE</code>, 1476 * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> 1477 * or <code>UNWRAP_MODE</code>) 1478 * @param key the encryption key 1479 * @param params the algorithm parameters 1480 * @param random the source of randomness 1481 * 1482 * @exception InvalidKeyException if the given key is inappropriate for 1483 * initializing this cipher, or its keysize exceeds the maximum allowable 1484 * keysize (as determined from the configured jurisdiction policy files). 1485 * @exception InvalidAlgorithmParameterException if the given algorithm 1486 * parameters are inappropriate for this cipher, 1487 * or this cipher requires 1488 * algorithm parameters and <code>params</code> is null, or the given 1489 * algorithm parameters imply a cryptographic strength that would exceed 1490 * the legal limits (as determined from the configured jurisdiction 1491 * policy files). 1492 * @throws UnsupportedOperationException if (@code opmode} is 1493 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1494 * by the underlying {@code CipherSpi}. 1495 */ 1496 public final void init(int opmode, Key key, AlgorithmParameters params, 1497 SecureRandom random) 1498 throws InvalidKeyException, InvalidAlgorithmParameterException 1499 { 1500 initialized = false; 1501 checkOpmode(opmode); 1502 1503 if (spi != null) { 1504 checkCryptoPerm(spi, key, params); 1505 spi.engineInit(opmode, key, params, random); 1506 } else { 1507 chooseProvider(I_PARAMS, opmode, key, null, params, random); 1508 } 1509 1510 initialized = true; 1511 this.opmode = opmode; 1512 } 1513 1514 /** 1515 * Initializes this cipher with the public key from the given certificate. 1516 * <p> The cipher is initialized for one of the following four operations: 1517 * encryption, decryption, key wrapping or key unwrapping, depending 1518 * on the value of <code>opmode</code>. 1519 * 1520 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1521 * extension field marked as critical, and the value of the <i>key usage</i> 1522 * extension field implies that the public key in 1523 * the certificate and its corresponding private key are not 1524 * supposed to be used for the operation represented by the value 1525 * of <code>opmode</code>, 1526 * an <code>InvalidKeyException</code> 1527 * is thrown. 1528 * 1529 * <p> If this cipher requires any algorithm parameters that cannot be 1530 * derived from the public key in the given certificate, the underlying 1531 * cipher 1532 * implementation is supposed to generate the required parameters itself 1533 * (using provider-specific default or random values) if it is being 1534 * initialized for encryption or key wrapping, and raise an <code> 1535 * InvalidKeyException</code> if it is being initialized for decryption or 1536 * key unwrapping. 1537 * The generated parameters can be retrieved using 1538 * {@link #getParameters() getParameters} or 1539 * {@link #getIV() getIV} (if the parameter is an IV). 1540 * 1541 * <p>If this cipher requires algorithm parameters that cannot be 1542 * derived from the input parameters, and there are no reasonable 1543 * provider-specific default values, initialization will 1544 * necessarily fail. 1545 * 1546 * <p>If this cipher (including its underlying feedback or padding scheme) 1547 * requires any random bytes (e.g., for parameter generation), it will get 1548 * them using the 1549 * <code>SecureRandom</code> 1550 * implementation of the highest-priority 1551 * installed provider as the source of randomness. 1552 * (If none of the installed providers supply an implementation of 1553 * SecureRandom, a system-provided source of randomness will be used.) 1554 * 1555 * <p>Note that when a Cipher object is initialized, it loses all 1556 * previously-acquired state. In other words, initializing a Cipher is 1557 * equivalent to creating a new instance of that Cipher and initializing 1558 * it. 1559 * 1560 * @param opmode the operation mode of this cipher (this is one of the 1561 * following: 1562 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1563 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1564 * @param certificate the certificate 1565 * 1566 * @exception InvalidKeyException if the public key in the given 1567 * certificate is inappropriate for initializing this cipher, or this 1568 * cipher requires algorithm parameters that cannot be determined from the 1569 * public key in the given certificate, or the keysize of the public key 1570 * in the given certificate has a keysize that exceeds the maximum 1571 * allowable keysize (as determined by the configured jurisdiction policy 1572 * files). 1573 * @throws UnsupportedOperationException if (@code opmode} is 1574 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1575 * by the underlying {@code CipherSpi}. 1576 */ 1577 public final void init(int opmode, Certificate certificate) 1578 throws InvalidKeyException 1579 { 1580 init(opmode, certificate, JceSecurity.RANDOM); 1581 } 1582 1583 /** 1584 * Initializes this cipher with the public key from the given certificate 1585 * and 1586 * a source of randomness. 1587 * 1588 * <p>The cipher is initialized for one of the following four operations: 1589 * encryption, decryption, key wrapping 1590 * or key unwrapping, depending on 1591 * the value of <code>opmode</code>. 1592 * 1593 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1594 * extension field marked as critical, and the value of the <i>key usage</i> 1595 * extension field implies that the public key in 1596 * the certificate and its corresponding private key are not 1597 * supposed to be used for the operation represented by the value of 1598 * <code>opmode</code>, 1599 * an <code>InvalidKeyException</code> 1600 * is thrown. 1601 * 1602 * <p>If this cipher requires any algorithm parameters that cannot be 1603 * derived from the public key in the given <code>certificate</code>, 1604 * the underlying cipher 1605 * implementation is supposed to generate the required parameters itself 1606 * (using provider-specific default or random values) if it is being 1607 * initialized for encryption or key wrapping, and raise an 1608 * <code>InvalidKeyException</code> if it is being 1609 * initialized for decryption or key unwrapping. 1610 * The generated parameters can be retrieved using 1611 * {@link #getParameters() getParameters} or 1612 * {@link #getIV() getIV} (if the parameter is an IV). 1613 * 1614 * <p>If this cipher requires algorithm parameters that cannot be 1615 * derived from the input parameters, and there are no reasonable 1616 * provider-specific default values, initialization will 1617 * necessarily fail. 1618 * 1619 * <p>If this cipher (including its underlying feedback or padding scheme) 1620 * requires any random bytes (e.g., for parameter generation), it will get 1621 * them from <code>random</code>. 1622 * 1623 * <p>Note that when a Cipher object is initialized, it loses all 1624 * previously-acquired state. In other words, initializing a Cipher is 1625 * equivalent to creating a new instance of that Cipher and initializing 1626 * it. 1627 * 1628 * @param opmode the operation mode of this cipher (this is one of the 1629 * following: 1630 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1631 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1632 * @param certificate the certificate 1633 * @param random the source of randomness 1634 * 1635 * @exception InvalidKeyException if the public key in the given 1636 * certificate is inappropriate for initializing this cipher, or this 1637 * cipher 1638 * requires algorithm parameters that cannot be determined from the 1639 * public key in the given certificate, or the keysize of the public key 1640 * in the given certificate has a keysize that exceeds the maximum 1641 * allowable keysize (as determined by the configured jurisdiction policy 1642 * files). 1643 * @throws UnsupportedOperationException if (@code opmode} is 1644 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented 1645 * by the underlying {@code CipherSpi}. 1646 */ 1647 public final void init(int opmode, Certificate certificate, 1648 SecureRandom random) 1649 throws InvalidKeyException 1650 { 1651 initialized = false; 1652 checkOpmode(opmode); 1653 1654 // Check key usage if the certificate is of 1655 // type X.509. 1656 if (certificate instanceof java.security.cert.X509Certificate) { 1657 // Check whether the cert has a key usage extension 1658 // marked as a critical extension. 1659 X509Certificate cert = (X509Certificate)certificate; 1660 Set<String> critSet = cert.getCriticalExtensionOIDs(); 1661 1662 if (critSet != null && !critSet.isEmpty() 1663 && critSet.contains(KEY_USAGE_EXTENSION_OID)) { 1664 boolean[] keyUsageInfo = cert.getKeyUsage(); 1665 // keyUsageInfo[2] is for keyEncipherment; 1666 // keyUsageInfo[3] is for dataEncipherment. 1667 if ((keyUsageInfo != null) && 1668 (((opmode == Cipher.ENCRYPT_MODE) && 1669 (keyUsageInfo.length > 3) && 1670 (keyUsageInfo[3] == false)) || 1671 ((opmode == Cipher.WRAP_MODE) && 1672 (keyUsageInfo.length > 2) && 1673 (keyUsageInfo[2] == false)))) { 1674 throw new InvalidKeyException("Wrong key usage"); 1675 } 1676 } 1677 } 1678 1679 PublicKey publicKey = 1680 (certificate==null? null:certificate.getPublicKey()); 1681 1682 if (spi != null) { 1683 checkCryptoPerm(spi, publicKey); 1684 spi.engineInit(opmode, publicKey, random); 1685 } else { 1686 try { 1687 chooseProvider(I_CERT, opmode, publicKey, null, null, random); 1688 } catch (InvalidAlgorithmParameterException e) { 1689 // should never occur 1690 throw new InvalidKeyException(e); 1691 } 1692 } 1693 1694 initialized = true; 1695 this.opmode = opmode; 1696 } 1697 1698 /** 1699 * Ensures that Cipher is in a valid state for update() and doFinal() 1700 * calls - should be initialized and in ENCRYPT_MODE or DECRYPT_MODE. 1701 * @throws IllegalStateException if Cipher object is not in valid state. 1702 */ 1703 private void checkCipherState() { 1704 if (!(this instanceof NullCipher)) { 1705 if (!initialized) { 1706 throw new IllegalStateException("Cipher not initialized"); 1707 } 1708 if ((opmode != Cipher.ENCRYPT_MODE) && 1709 (opmode != Cipher.DECRYPT_MODE)) { 1710 throw new IllegalStateException("Cipher not initialized " + 1711 "for encryption/decryption"); 1712 } 1713 } 1714 } 1715 1716 /** 1717 * Continues a multiple-part encryption or decryption operation 1718 * (depending on how this cipher was initialized), processing another data 1719 * part. 1720 * 1721 * <p>The bytes in the <code>input</code> buffer are processed, and the 1722 * result is stored in a new buffer. 1723 * 1724 * <p>If <code>input</code> has a length of zero, this method returns 1725 * <code>null</code>. 1726 * 1727 * @param input the input buffer 1728 * 1729 * @return the new buffer with the result, or null if the underlying 1730 * cipher is a block cipher and the input data is too short to result in a 1731 * new block. 1732 * 1733 * @exception IllegalStateException if this cipher is in a wrong state 1734 * (e.g., has not been initialized) 1735 */ 1736 public final byte[] update(byte[] input) { 1737 checkCipherState(); 1738 1739 // Input sanity check 1740 if (input == null) { 1741 throw new IllegalArgumentException("Null input buffer"); 1742 } 1743 1744 chooseFirstProvider(); 1745 if (input.length == 0) { 1746 return null; 1747 } 1748 return spi.engineUpdate(input, 0, input.length); 1749 } 1750 1751 /** 1752 * Continues a multiple-part encryption or decryption operation 1753 * (depending on how this cipher was initialized), processing another data 1754 * part. 1755 * 1756 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1757 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1758 * and the result is stored in a new buffer. 1759 * 1760 * <p>If <code>inputLen</code> is zero, this method returns 1761 * <code>null</code>. 1762 * 1763 * @param input the input buffer 1764 * @param inputOffset the offset in <code>input</code> where the input 1765 * starts 1766 * @param inputLen the input length 1767 * 1768 * @return the new buffer with the result, or null if the underlying 1769 * cipher is a block cipher and the input data is too short to result in a 1770 * new block. 1771 * 1772 * @exception IllegalStateException if this cipher is in a wrong state 1773 * (e.g., has not been initialized) 1774 */ 1775 public final byte[] update(byte[] input, int inputOffset, int inputLen) { 1776 checkCipherState(); 1777 1778 // Input sanity check 1779 if (input == null || inputOffset < 0 1780 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1781 throw new IllegalArgumentException("Bad arguments"); 1782 } 1783 1784 chooseFirstProvider(); 1785 if (inputLen == 0) { 1786 return null; 1787 } 1788 return spi.engineUpdate(input, inputOffset, inputLen); 1789 } 1790 1791 /** 1792 * Continues a multiple-part encryption or decryption operation 1793 * (depending on how this cipher was initialized), processing another data 1794 * part. 1795 * 1796 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1797 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1798 * and the result is stored in the <code>output</code> buffer. 1799 * 1800 * <p>If the <code>output</code> buffer is too small to hold the result, 1801 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 1802 * call with a larger output buffer. Use 1803 * {@link #getOutputSize(int) getOutputSize} to determine how big 1804 * the output buffer should be. 1805 * 1806 * <p>If <code>inputLen</code> is zero, this method returns 1807 * a length of zero. 1808 * 1809 * <p>Note: this method should be copy-safe, which means the 1810 * <code>input</code> and <code>output</code> buffers can reference 1811 * the same byte array and no unprocessed input data is overwritten 1812 * when the result is copied into the output buffer. 1813 * 1814 * @param input the input buffer 1815 * @param inputOffset the offset in <code>input</code> where the input 1816 * starts 1817 * @param inputLen the input length 1818 * @param output the buffer for the result 1819 * 1820 * @return the number of bytes stored in <code>output</code> 1821 * 1822 * @exception IllegalStateException if this cipher is in a wrong state 1823 * (e.g., has not been initialized) 1824 * @exception ShortBufferException if the given output buffer is too small 1825 * to hold the result 1826 */ 1827 public final int update(byte[] input, int inputOffset, int inputLen, 1828 byte[] output) 1829 throws ShortBufferException { 1830 checkCipherState(); 1831 1832 // Input sanity check 1833 if (input == null || inputOffset < 0 1834 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1835 throw new IllegalArgumentException("Bad arguments"); 1836 } 1837 1838 chooseFirstProvider(); 1839 if (inputLen == 0) { 1840 return 0; 1841 } 1842 return spi.engineUpdate(input, inputOffset, inputLen, 1843 output, 0); 1844 } 1845 1846 /** 1847 * Continues a multiple-part encryption or decryption operation 1848 * (depending on how this cipher was initialized), processing another data 1849 * part. 1850 * 1851 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1852 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1853 * and the result is stored in the <code>output</code> buffer, starting at 1854 * <code>outputOffset</code> inclusive. 1855 * 1856 * <p>If the <code>output</code> buffer is too small to hold the result, 1857 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 1858 * call with a larger output buffer. Use 1859 * {@link #getOutputSize(int) getOutputSize} to determine how big 1860 * the output buffer should be. 1861 * 1862 * <p>If <code>inputLen</code> is zero, this method returns 1863 * a length of zero. 1864 * 1865 * <p>Note: this method should be copy-safe, which means the 1866 * <code>input</code> and <code>output</code> buffers can reference 1867 * the same byte array and no unprocessed input data is overwritten 1868 * when the result is copied into the output buffer. 1869 * 1870 * @param input the input buffer 1871 * @param inputOffset the offset in <code>input</code> where the input 1872 * starts 1873 * @param inputLen the input length 1874 * @param output the buffer for the result 1875 * @param outputOffset the offset in <code>output</code> where the result 1876 * is stored 1877 * 1878 * @return the number of bytes stored in <code>output</code> 1879 * 1880 * @exception IllegalStateException if this cipher is in a wrong state 1881 * (e.g., has not been initialized) 1882 * @exception ShortBufferException if the given output buffer is too small 1883 * to hold the result 1884 */ 1885 public final int update(byte[] input, int inputOffset, int inputLen, 1886 byte[] output, int outputOffset) 1887 throws ShortBufferException { 1888 checkCipherState(); 1889 1890 // Input sanity check 1891 if (input == null || inputOffset < 0 1892 || inputLen > (input.length - inputOffset) || inputLen < 0 1893 || outputOffset < 0) { 1894 throw new IllegalArgumentException("Bad arguments"); 1895 } 1896 1897 chooseFirstProvider(); 1898 if (inputLen == 0) { 1899 return 0; 1900 } 1901 return spi.engineUpdate(input, inputOffset, inputLen, 1902 output, outputOffset); 1903 } 1904 1905 /** 1906 * Continues a multiple-part encryption or decryption operation 1907 * (depending on how this cipher was initialized), processing another data 1908 * part. 1909 * 1910 * <p>All <code>input.remaining()</code> bytes starting at 1911 * <code>input.position()</code> are processed. The result is stored 1912 * in the output buffer. 1913 * Upon return, the input buffer's position will be equal 1914 * to its limit; its limit will not have changed. The output buffer's 1915 * position will have advanced by n, where n is the value returned 1916 * by this method; the output buffer's limit will not have changed. 1917 * 1918 * <p>If <code>output.remaining()</code> bytes are insufficient to 1919 * hold the result, a <code>ShortBufferException</code> is thrown. 1920 * In this case, repeat this call with a larger output buffer. Use 1921 * {@link #getOutputSize(int) getOutputSize} to determine how big 1922 * the output buffer should be. 1923 * 1924 * <p>Note: this method should be copy-safe, which means the 1925 * <code>input</code> and <code>output</code> buffers can reference 1926 * the same block of memory and no unprocessed input data is overwritten 1927 * when the result is copied into the output buffer. 1928 * 1929 * @param input the input ByteBuffer 1930 * @param output the output ByteByffer 1931 * 1932 * @return the number of bytes stored in <code>output</code> 1933 * 1934 * @exception IllegalStateException if this cipher is in a wrong state 1935 * (e.g., has not been initialized) 1936 * @exception IllegalArgumentException if input and output are the 1937 * same object 1938 * @exception ReadOnlyBufferException if the output buffer is read-only 1939 * @exception ShortBufferException if there is insufficient space in the 1940 * output buffer 1941 * @since 1.5 1942 */ 1943 public final int update(ByteBuffer input, ByteBuffer output) 1944 throws ShortBufferException { 1945 checkCipherState(); 1946 1947 if ((input == null) || (output == null)) { 1948 throw new IllegalArgumentException("Buffers must not be null"); 1949 } 1950 if (input == output) { 1951 throw new IllegalArgumentException("Input and output buffers must " 1952 + "not be the same object, consider using buffer.duplicate()"); 1953 } 1954 if (output.isReadOnly()) { 1955 throw new ReadOnlyBufferException(); 1956 } 1957 1958 chooseFirstProvider(); 1959 return spi.engineUpdate(input, output); 1960 } 1961 1962 /** 1963 * Finishes a multiple-part encryption or decryption operation, depending 1964 * on how this cipher was initialized. 1965 * 1966 * <p>Input data that may have been buffered during a previous 1967 * <code>update</code> operation is processed, with padding (if requested) 1968 * being applied. 1969 * If an AEAD mode such as GCM/CCM is being used, the authentication 1970 * tag is appended in the case of encryption, or verified in the 1971 * case of decryption. 1972 * The result is stored in a new buffer. 1973 * 1974 * <p>Upon finishing, this method resets this cipher object to the state 1975 * it was in when previously initialized via a call to <code>init</code>. 1976 * That is, the object is reset and available to encrypt or decrypt 1977 * (depending on the operation mode that was specified in the call to 1978 * <code>init</code>) more data. 1979 * 1980 * <p>Note: if any exception is thrown, this cipher object may need to 1981 * be reset before it can be used again. 1982 * 1983 * @return the new buffer with the result 1984 * 1985 * @exception IllegalStateException if this cipher is in a wrong state 1986 * (e.g., has not been initialized) 1987 * @exception IllegalBlockSizeException if this cipher is a block cipher, 1988 * no padding has been requested (only in encryption mode), and the total 1989 * input length of the data processed by this cipher is not a multiple of 1990 * block size; or if this encryption algorithm is unable to 1991 * process the input data provided. 1992 * @exception BadPaddingException if this cipher is in decryption mode, 1993 * and (un)padding has been requested, but the decrypted data is not 1994 * bounded by the appropriate padding bytes 1995 * @exception AEADBadTagException if this cipher is decrypting in an 1996 * AEAD mode (such as GCM/CCM), and the received authentication tag 1997 * does not match the calculated value 1998 */ 1999 public final byte[] doFinal() 2000 throws IllegalBlockSizeException, BadPaddingException { 2001 checkCipherState(); 2002 2003 chooseFirstProvider(); 2004 return spi.engineDoFinal(null, 0, 0); 2005 } 2006 2007 /** 2008 * Finishes a multiple-part encryption or decryption operation, depending 2009 * on how this cipher was initialized. 2010 * 2011 * <p>Input data that may have been buffered during a previous 2012 * <code>update</code> operation is processed, with padding (if requested) 2013 * being applied. 2014 * If an AEAD mode such as GCM/CCM is being used, the authentication 2015 * tag is appended in the case of encryption, or verified in the 2016 * case of decryption. 2017 * The result is stored in the <code>output</code> buffer, starting at 2018 * <code>outputOffset</code> inclusive. 2019 * 2020 * <p>If the <code>output</code> buffer is too small to hold the result, 2021 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 2022 * call with a larger output buffer. Use 2023 * {@link #getOutputSize(int) getOutputSize} to determine how big 2024 * the output buffer should be. 2025 * 2026 * <p>Upon finishing, this method resets this cipher object to the state 2027 * it was in when previously initialized via a call to <code>init</code>. 2028 * That is, the object is reset and available to encrypt or decrypt 2029 * (depending on the operation mode that was specified in the call to 2030 * <code>init</code>) more data. 2031 * 2032 * <p>Note: if any exception is thrown, this cipher object may need to 2033 * be reset before it can be used again. 2034 * 2035 * @param output the buffer for the result 2036 * @param outputOffset the offset in <code>output</code> where the result 2037 * is stored 2038 * 2039 * @return the number of bytes stored in <code>output</code> 2040 * 2041 * @exception IllegalStateException if this cipher is in a wrong state 2042 * (e.g., has not been initialized) 2043 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2044 * no padding has been requested (only in encryption mode), and the total 2045 * input length of the data processed by this cipher is not a multiple of 2046 * block size; or if this encryption algorithm is unable to 2047 * process the input data provided. 2048 * @exception ShortBufferException if the given output buffer is too small 2049 * to hold the result 2050 * @exception BadPaddingException if this cipher is in decryption mode, 2051 * and (un)padding has been requested, but the decrypted data is not 2052 * bounded by the appropriate padding bytes 2053 * @exception AEADBadTagException if this cipher is decrypting in an 2054 * AEAD mode (such as GCM/CCM), and the received authentication tag 2055 * does not match the calculated value 2056 */ 2057 public final int doFinal(byte[] output, int outputOffset) 2058 throws IllegalBlockSizeException, ShortBufferException, 2059 BadPaddingException { 2060 checkCipherState(); 2061 2062 // Input sanity check 2063 if ((output == null) || (outputOffset < 0)) { 2064 throw new IllegalArgumentException("Bad arguments"); 2065 } 2066 2067 chooseFirstProvider(); 2068 return spi.engineDoFinal(null, 0, 0, output, outputOffset); 2069 } 2070 2071 /** 2072 * Encrypts or decrypts data in a single-part operation, or finishes a 2073 * multiple-part operation. The data is encrypted or decrypted, 2074 * depending on how this cipher was initialized. 2075 * 2076 * <p>The bytes in the <code>input</code> buffer, and any input bytes that 2077 * may have been buffered during a previous <code>update</code> operation, 2078 * are processed, with padding (if requested) being applied. 2079 * If an AEAD mode such as GCM/CCM is being used, the authentication 2080 * tag is appended in the case of encryption, or verified in the 2081 * case of decryption. 2082 * The result is stored in a new buffer. 2083 * 2084 * <p>Upon finishing, this method resets this cipher object to the state 2085 * it was in when previously initialized via a call to <code>init</code>. 2086 * That is, the object is reset and available to encrypt or decrypt 2087 * (depending on the operation mode that was specified in the call to 2088 * <code>init</code>) more data. 2089 * 2090 * <p>Note: if any exception is thrown, this cipher object may need to 2091 * be reset before it can be used again. 2092 * 2093 * @param input the input buffer 2094 * 2095 * @return the new buffer with the result 2096 * 2097 * @exception IllegalStateException if this cipher is in a wrong state 2098 * (e.g., has not been initialized) 2099 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2100 * no padding has been requested (only in encryption mode), and the total 2101 * input length of the data processed by this cipher is not a multiple of 2102 * block size; or if this encryption algorithm is unable to 2103 * process the input data provided. 2104 * @exception BadPaddingException if this cipher is in decryption mode, 2105 * and (un)padding has been requested, but the decrypted data is not 2106 * bounded by the appropriate padding bytes 2107 * @exception AEADBadTagException if this cipher is decrypting in an 2108 * AEAD mode (such as GCM/CCM), and the received authentication tag 2109 * does not match the calculated value 2110 */ 2111 public final byte[] doFinal(byte[] input) 2112 throws IllegalBlockSizeException, BadPaddingException { 2113 checkCipherState(); 2114 2115 // Input sanity check 2116 if (input == null) { 2117 throw new IllegalArgumentException("Null input buffer"); 2118 } 2119 2120 chooseFirstProvider(); 2121 return spi.engineDoFinal(input, 0, input.length); 2122 } 2123 2124 /** 2125 * Encrypts or decrypts data in a single-part operation, or finishes a 2126 * multiple-part operation. The data is encrypted or decrypted, 2127 * depending on how this cipher was initialized. 2128 * 2129 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2130 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2131 * bytes that may have been buffered during a previous <code>update</code> 2132 * operation, are processed, with padding (if requested) being applied. 2133 * If an AEAD mode such as GCM/CCM is being used, the authentication 2134 * tag is appended in the case of encryption, or verified in the 2135 * case of decryption. 2136 * The result is stored in a new buffer. 2137 * 2138 * <p>Upon finishing, this method resets this cipher object to the state 2139 * it was in when previously initialized via a call to <code>init</code>. 2140 * That is, the object is reset and available to encrypt or decrypt 2141 * (depending on the operation mode that was specified in the call to 2142 * <code>init</code>) more data. 2143 * 2144 * <p>Note: if any exception is thrown, this cipher object may need to 2145 * be reset before it can be used again. 2146 * 2147 * @param input the input buffer 2148 * @param inputOffset the offset in <code>input</code> where the input 2149 * starts 2150 * @param inputLen the input length 2151 * 2152 * @return the new buffer with the result 2153 * 2154 * @exception IllegalStateException if this cipher is in a wrong state 2155 * (e.g., has not been initialized) 2156 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2157 * no padding has been requested (only in encryption mode), and the total 2158 * input length of the data processed by this cipher is not a multiple of 2159 * block size; or if this encryption algorithm is unable to 2160 * process the input data provided. 2161 * @exception BadPaddingException if this cipher is in decryption mode, 2162 * and (un)padding has been requested, but the decrypted data is not 2163 * bounded by the appropriate padding bytes 2164 * @exception AEADBadTagException if this cipher is decrypting in an 2165 * AEAD mode (such as GCM/CCM), and the received authentication tag 2166 * does not match the calculated value 2167 */ 2168 public final byte[] doFinal(byte[] input, int inputOffset, int inputLen) 2169 throws IllegalBlockSizeException, BadPaddingException { 2170 checkCipherState(); 2171 2172 // Input sanity check 2173 if (input == null || inputOffset < 0 2174 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2175 throw new IllegalArgumentException("Bad arguments"); 2176 } 2177 2178 chooseFirstProvider(); 2179 return spi.engineDoFinal(input, inputOffset, inputLen); 2180 } 2181 2182 /** 2183 * Encrypts or decrypts data in a single-part operation, or finishes a 2184 * multiple-part operation. The data is encrypted or decrypted, 2185 * depending on how this cipher was initialized. 2186 * 2187 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2188 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2189 * bytes that may have been buffered during a previous <code>update</code> 2190 * operation, are processed, with padding (if requested) being applied. 2191 * If an AEAD mode such as GCM/CCM is being used, the authentication 2192 * tag is appended in the case of encryption, or verified in the 2193 * case of decryption. 2194 * The result is stored in the <code>output</code> buffer. 2195 * 2196 * <p>If the <code>output</code> buffer is too small to hold the result, 2197 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 2198 * call with a larger output buffer. Use 2199 * {@link #getOutputSize(int) getOutputSize} to determine how big 2200 * the output buffer should be. 2201 * 2202 * <p>Upon finishing, this method resets this cipher object to the state 2203 * it was in when previously initialized via a call to <code>init</code>. 2204 * That is, the object is reset and available to encrypt or decrypt 2205 * (depending on the operation mode that was specified in the call to 2206 * <code>init</code>) more data. 2207 * 2208 * <p>Note: if any exception is thrown, this cipher object may need to 2209 * be reset before it can be used again. 2210 * 2211 * <p>Note: this method should be copy-safe, which means the 2212 * <code>input</code> and <code>output</code> buffers can reference 2213 * the same byte array and no unprocessed input data is overwritten 2214 * when the result is copied into the output buffer. 2215 * 2216 * @param input the input buffer 2217 * @param inputOffset the offset in <code>input</code> where the input 2218 * starts 2219 * @param inputLen the input length 2220 * @param output the buffer for the result 2221 * 2222 * @return the number of bytes stored in <code>output</code> 2223 * 2224 * @exception IllegalStateException if this cipher is in a wrong state 2225 * (e.g., has not been initialized) 2226 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2227 * no padding has been requested (only in encryption mode), and the total 2228 * input length of the data processed by this cipher is not a multiple of 2229 * block size; or if this encryption algorithm is unable to 2230 * process the input data provided. 2231 * @exception ShortBufferException if the given output buffer is too small 2232 * to hold the result 2233 * @exception BadPaddingException if this cipher is in decryption mode, 2234 * and (un)padding has been requested, but the decrypted data is not 2235 * bounded by the appropriate padding bytes 2236 * @exception AEADBadTagException if this cipher is decrypting in an 2237 * AEAD mode (such as GCM/CCM), and the received authentication tag 2238 * does not match the calculated value 2239 */ 2240 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2241 byte[] output) 2242 throws ShortBufferException, IllegalBlockSizeException, 2243 BadPaddingException { 2244 checkCipherState(); 2245 2246 // Input sanity check 2247 if (input == null || inputOffset < 0 2248 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2249 throw new IllegalArgumentException("Bad arguments"); 2250 } 2251 2252 chooseFirstProvider(); 2253 return spi.engineDoFinal(input, inputOffset, inputLen, 2254 output, 0); 2255 } 2256 2257 /** 2258 * Encrypts or decrypts data in a single-part operation, or finishes a 2259 * multiple-part operation. The data is encrypted or decrypted, 2260 * depending on how this cipher was initialized. 2261 * 2262 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2263 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2264 * bytes that may have been buffered during a previous 2265 * <code>update</code> operation, are processed, with padding 2266 * (if requested) being applied. 2267 * If an AEAD mode such as GCM/CCM is being used, the authentication 2268 * tag is appended in the case of encryption, or verified in the 2269 * case of decryption. 2270 * The result is stored in the <code>output</code> buffer, starting at 2271 * <code>outputOffset</code> inclusive. 2272 * 2273 * <p>If the <code>output</code> buffer is too small to hold the result, 2274 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 2275 * call with a larger output buffer. Use 2276 * {@link #getOutputSize(int) getOutputSize} to determine how big 2277 * the output buffer should be. 2278 * 2279 * <p>Upon finishing, this method resets this cipher object to the state 2280 * it was in when previously initialized via a call to <code>init</code>. 2281 * That is, the object is reset and available to encrypt or decrypt 2282 * (depending on the operation mode that was specified in the call to 2283 * <code>init</code>) more data. 2284 * 2285 * <p>Note: if any exception is thrown, this cipher object may need to 2286 * be reset before it can be used again. 2287 * 2288 * <p>Note: this method should be copy-safe, which means the 2289 * <code>input</code> and <code>output</code> buffers can reference 2290 * the same byte array and no unprocessed input data is overwritten 2291 * when the result is copied into the output buffer. 2292 * 2293 * @param input the input buffer 2294 * @param inputOffset the offset in <code>input</code> where the input 2295 * starts 2296 * @param inputLen the input length 2297 * @param output the buffer for the result 2298 * @param outputOffset the offset in <code>output</code> where the result 2299 * is stored 2300 * 2301 * @return the number of bytes stored in <code>output</code> 2302 * 2303 * @exception IllegalStateException if this cipher is in a wrong state 2304 * (e.g., has not been initialized) 2305 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2306 * no padding has been requested (only in encryption mode), and the total 2307 * input length of the data processed by this cipher is not a multiple of 2308 * block size; or if this encryption algorithm is unable to 2309 * process the input data provided. 2310 * @exception ShortBufferException if the given output buffer is too small 2311 * to hold the result 2312 * @exception BadPaddingException if this cipher is in decryption mode, 2313 * and (un)padding has been requested, but the decrypted data is not 2314 * bounded by the appropriate padding bytes 2315 * @exception AEADBadTagException if this cipher is decrypting in an 2316 * AEAD mode (such as GCM/CCM), and the received authentication tag 2317 * does not match the calculated value 2318 */ 2319 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2320 byte[] output, int outputOffset) 2321 throws ShortBufferException, IllegalBlockSizeException, 2322 BadPaddingException { 2323 checkCipherState(); 2324 2325 // Input sanity check 2326 if (input == null || inputOffset < 0 2327 || inputLen > (input.length - inputOffset) || inputLen < 0 2328 || outputOffset < 0) { 2329 throw new IllegalArgumentException("Bad arguments"); 2330 } 2331 2332 chooseFirstProvider(); 2333 return spi.engineDoFinal(input, inputOffset, inputLen, 2334 output, outputOffset); 2335 } 2336 2337 /** 2338 * Encrypts or decrypts data in a single-part operation, or finishes a 2339 * multiple-part operation. The data is encrypted or decrypted, 2340 * depending on how this cipher was initialized. 2341 * 2342 * <p>All <code>input.remaining()</code> bytes starting at 2343 * <code>input.position()</code> are processed. 2344 * If an AEAD mode such as GCM/CCM is being used, the authentication 2345 * tag is appended in the case of encryption, or verified in the 2346 * case of decryption. 2347 * The result is stored in the output buffer. 2348 * Upon return, the input buffer's position will be equal 2349 * to its limit; its limit will not have changed. The output buffer's 2350 * position will have advanced by n, where n is the value returned 2351 * by this method; the output buffer's limit will not have changed. 2352 * 2353 * <p>If <code>output.remaining()</code> bytes are insufficient to 2354 * hold the result, a <code>ShortBufferException</code> is thrown. 2355 * In this case, repeat this call with a larger output buffer. Use 2356 * {@link #getOutputSize(int) getOutputSize} to determine how big 2357 * the output buffer should be. 2358 * 2359 * <p>Upon finishing, this method resets this cipher object to the state 2360 * it was in when previously initialized via a call to <code>init</code>. 2361 * That is, the object is reset and available to encrypt or decrypt 2362 * (depending on the operation mode that was specified in the call to 2363 * <code>init</code>) more data. 2364 * 2365 * <p>Note: if any exception is thrown, this cipher object may need to 2366 * be reset before it can be used again. 2367 * 2368 * <p>Note: this method should be copy-safe, which means the 2369 * <code>input</code> and <code>output</code> buffers can reference 2370 * the same byte array and no unprocessed input data is overwritten 2371 * when the result is copied into the output buffer. 2372 * 2373 * @param input the input ByteBuffer 2374 * @param output the output ByteBuffer 2375 * 2376 * @return the number of bytes stored in <code>output</code> 2377 * 2378 * @exception IllegalStateException if this cipher is in a wrong state 2379 * (e.g., has not been initialized) 2380 * @exception IllegalArgumentException if input and output are the 2381 * same object 2382 * @exception ReadOnlyBufferException if the output buffer is read-only 2383 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2384 * no padding has been requested (only in encryption mode), and the total 2385 * input length of the data processed by this cipher is not a multiple of 2386 * block size; or if this encryption algorithm is unable to 2387 * process the input data provided. 2388 * @exception ShortBufferException if there is insufficient space in the 2389 * output buffer 2390 * @exception BadPaddingException if this cipher is in decryption mode, 2391 * and (un)padding has been requested, but the decrypted data is not 2392 * bounded by the appropriate padding bytes 2393 * @exception AEADBadTagException if this cipher is decrypting in an 2394 * AEAD mode (such as GCM/CCM), and the received authentication tag 2395 * does not match the calculated value 2396 * 2397 * @since 1.5 2398 */ 2399 public final int doFinal(ByteBuffer input, ByteBuffer output) 2400 throws ShortBufferException, IllegalBlockSizeException, 2401 BadPaddingException { 2402 checkCipherState(); 2403 2404 if ((input == null) || (output == null)) { 2405 throw new IllegalArgumentException("Buffers must not be null"); 2406 } 2407 if (input == output) { 2408 throw new IllegalArgumentException("Input and output buffers must " 2409 + "not be the same object, consider using buffer.duplicate()"); 2410 } 2411 if (output.isReadOnly()) { 2412 throw new ReadOnlyBufferException(); 2413 } 2414 2415 chooseFirstProvider(); 2416 return spi.engineDoFinal(input, output); 2417 } 2418 2419 /** 2420 * Wrap a key. 2421 * 2422 * @param key the key to be wrapped. 2423 * 2424 * @return the wrapped key. 2425 * 2426 * @exception IllegalStateException if this cipher is in a wrong 2427 * state (e.g., has not been initialized). 2428 * 2429 * @exception IllegalBlockSizeException if this cipher is a block 2430 * cipher, no padding has been requested, and the length of the 2431 * encoding of the key to be wrapped is not a 2432 * multiple of the block size. 2433 * 2434 * @exception InvalidKeyException if it is impossible or unsafe to 2435 * wrap the key with this cipher (e.g., a hardware protected key is 2436 * being passed to a software-only cipher). 2437 * 2438 * @throws UnsupportedOperationException if the corresponding method in the 2439 * {@code CipherSpi} is not supported. 2440 */ 2441 public final byte[] wrap(Key key) 2442 throws IllegalBlockSizeException, InvalidKeyException { 2443 if (!(this instanceof NullCipher)) { 2444 if (!initialized) { 2445 throw new IllegalStateException("Cipher not initialized"); 2446 } 2447 if (opmode != Cipher.WRAP_MODE) { 2448 throw new IllegalStateException("Cipher not initialized " + 2449 "for wrapping keys"); 2450 } 2451 } 2452 2453 chooseFirstProvider(); 2454 return spi.engineWrap(key); 2455 } 2456 2457 /** 2458 * Unwrap a previously wrapped key. 2459 * 2460 * @param wrappedKey the key to be unwrapped. 2461 * 2462 * @param wrappedKeyAlgorithm the algorithm associated with the wrapped 2463 * key. 2464 * 2465 * @param wrappedKeyType the type of the wrapped key. This must be one of 2466 * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or 2467 * <code>PUBLIC_KEY</code>. 2468 * 2469 * @return the unwrapped key. 2470 * 2471 * @exception IllegalStateException if this cipher is in a wrong state 2472 * (e.g., has not been initialized). 2473 * 2474 * @exception NoSuchAlgorithmException if no installed providers 2475 * can create keys of type <code>wrappedKeyType</code> for the 2476 * <code>wrappedKeyAlgorithm</code>. 2477 * 2478 * @exception InvalidKeyException if <code>wrappedKey</code> does not 2479 * represent a wrapped key of type <code>wrappedKeyType</code> for 2480 * the <code>wrappedKeyAlgorithm</code>. 2481 * 2482 * @throws UnsupportedOperationException if the corresponding method in the 2483 * {@code CipherSpi} is not supported. 2484 */ 2485 public final Key unwrap(byte[] wrappedKey, 2486 String wrappedKeyAlgorithm, 2487 int wrappedKeyType) 2488 throws InvalidKeyException, NoSuchAlgorithmException { 2489 2490 if (!(this instanceof NullCipher)) { 2491 if (!initialized) { 2492 throw new IllegalStateException("Cipher not initialized"); 2493 } 2494 if (opmode != Cipher.UNWRAP_MODE) { 2495 throw new IllegalStateException("Cipher not initialized " + 2496 "for unwrapping keys"); 2497 } 2498 } 2499 if ((wrappedKeyType != SECRET_KEY) && 2500 (wrappedKeyType != PRIVATE_KEY) && 2501 (wrappedKeyType != PUBLIC_KEY)) { 2502 throw new InvalidParameterException("Invalid key type"); 2503 } 2504 2505 chooseFirstProvider(); 2506 return spi.engineUnwrap(wrappedKey, 2507 wrappedKeyAlgorithm, 2508 wrappedKeyType); 2509 } 2510 2511 private AlgorithmParameterSpec getAlgorithmParameterSpec( 2512 AlgorithmParameters params) 2513 throws InvalidParameterSpecException { 2514 if (params == null) { 2515 return null; 2516 } 2517 2518 String alg = params.getAlgorithm().toUpperCase(Locale.ENGLISH); 2519 2520 if (alg.equalsIgnoreCase("RC2")) { 2521 return params.getParameterSpec(RC2ParameterSpec.class); 2522 } 2523 2524 if (alg.equalsIgnoreCase("RC5")) { 2525 return params.getParameterSpec(RC5ParameterSpec.class); 2526 } 2527 2528 if (alg.startsWith("PBE")) { 2529 return params.getParameterSpec(PBEParameterSpec.class); 2530 } 2531 2532 if (alg.startsWith("DES")) { 2533 return params.getParameterSpec(IvParameterSpec.class); 2534 } 2535 return null; 2536 } 2537 2538 private static CryptoPermission getConfiguredPermission( 2539 String transformation) throws NullPointerException, 2540 NoSuchAlgorithmException { 2541 if (transformation == null) throw new NullPointerException(); 2542 String[] parts = tokenizeTransformation(transformation); 2543 return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]); 2544 } 2545 2546 /** 2547 * Returns the maximum key length for the specified transformation 2548 * according to the installed JCE jurisdiction policy files. If 2549 * JCE unlimited strength jurisdiction policy files are installed, 2550 * Integer.MAX_VALUE will be returned. 2551 * For more information on default key size in JCE jurisdiction 2552 * policy files, please see Appendix E in the 2553 * <a href= 2554 * "{@docRoot}/../technotes/guides/security/crypto/CryptoSpec.html#AppC"> 2555 * Java Cryptography Architecture Reference Guide</a>. 2556 * 2557 * @param transformation the cipher transformation. 2558 * @return the maximum key length in bits or Integer.MAX_VALUE. 2559 * @exception NullPointerException if <code>transformation</code> is null. 2560 * @exception NoSuchAlgorithmException if <code>transformation</code> 2561 * is not a valid transformation, i.e. in the form of "algorithm" or 2562 * "algorithm/mode/padding". 2563 * @since 1.5 2564 */ 2565 public static final int getMaxAllowedKeyLength(String transformation) 2566 throws NoSuchAlgorithmException { 2567 CryptoPermission cp = getConfiguredPermission(transformation); 2568 return cp.getMaxKeySize(); 2569 } 2570 2571 /** 2572 * Returns an AlgorithmParameterSpec object which contains 2573 * the maximum cipher parameter value according to the 2574 * jurisdiction policy file. If JCE unlimited strength jurisdiction 2575 * policy files are installed or there is no maximum limit on the 2576 * parameters for the specified transformation in the policy file, 2577 * null will be returned. 2578 * 2579 * @param transformation the cipher transformation. 2580 * @return an AlgorithmParameterSpec which holds the maximum 2581 * value or null. 2582 * @exception NullPointerException if <code>transformation</code> 2583 * is null. 2584 * @exception NoSuchAlgorithmException if <code>transformation</code> 2585 * is not a valid transformation, i.e. in the form of "algorithm" or 2586 * "algorithm/mode/padding". 2587 * @since 1.5 2588 */ 2589 public static final AlgorithmParameterSpec getMaxAllowedParameterSpec( 2590 String transformation) throws NoSuchAlgorithmException { 2591 CryptoPermission cp = getConfiguredPermission(transformation); 2592 return cp.getAlgorithmParameterSpec(); 2593 } 2594 2595 /** 2596 * Continues a multi-part update of the Additional Authentication 2597 * Data (AAD). 2598 * <p> 2599 * Calls to this method provide AAD to the cipher when operating in 2600 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2601 * either GCM or CCM mode, all AAD must be supplied before beginning 2602 * operations on the ciphertext (via the {@code update} and {@code 2603 * doFinal} methods). 2604 * 2605 * @param src the buffer containing the Additional Authentication Data 2606 * 2607 * @throws IllegalArgumentException if the {@code src} 2608 * byte array is null 2609 * @throws IllegalStateException if this cipher is in a wrong state 2610 * (e.g., has not been initialized), does not accept AAD, or if 2611 * operating in either GCM or CCM mode and one of the {@code update} 2612 * methods has already been called for the active 2613 * encryption/decryption operation 2614 * @throws UnsupportedOperationException if the corresponding method 2615 * in the {@code CipherSpi} has not been overridden by an 2616 * implementation 2617 * 2618 * @since 1.7 2619 */ 2620 public final void updateAAD(byte[] src) { 2621 if (src == null) { 2622 throw new IllegalArgumentException("src buffer is null"); 2623 } 2624 2625 updateAAD(src, 0, src.length); 2626 } 2627 2628 /** 2629 * Continues a multi-part update of the Additional Authentication 2630 * Data (AAD), using a subset of the provided buffer. 2631 * <p> 2632 * Calls to this method provide AAD to the cipher when operating in 2633 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2634 * either GCM or CCM mode, all AAD must be supplied before beginning 2635 * operations on the ciphertext (via the {@code update} and {@code 2636 * doFinal} methods). 2637 * 2638 * @param src the buffer containing the AAD 2639 * @param offset the offset in {@code src} where the AAD input starts 2640 * @param len the number of AAD bytes 2641 * 2642 * @throws IllegalArgumentException if the {@code src} 2643 * byte array is null, or the {@code offset} or {@code length} 2644 * is less than 0, or the sum of the {@code offset} and 2645 * {@code len} is greater than the length of the 2646 * {@code src} byte array 2647 * @throws IllegalStateException if this cipher is in a wrong state 2648 * (e.g., has not been initialized), does not accept AAD, or if 2649 * operating in either GCM or CCM mode and one of the {@code update} 2650 * methods has already been called for the active 2651 * encryption/decryption operation 2652 * @throws UnsupportedOperationException if the corresponding method 2653 * in the {@code CipherSpi} has not been overridden by an 2654 * implementation 2655 * 2656 * @since 1.7 2657 */ 2658 public final void updateAAD(byte[] src, int offset, int len) { 2659 checkCipherState(); 2660 2661 // Input sanity check 2662 if ((src == null) || (offset < 0) || (len < 0) 2663 || ((len + offset) > src.length)) { 2664 throw new IllegalArgumentException("Bad arguments"); 2665 } 2666 2667 chooseFirstProvider(); 2668 if (len == 0) { 2669 return; 2670 } 2671 spi.engineUpdateAAD(src, offset, len); 2672 } 2673 2674 /** 2675 * Continues a multi-part update of the Additional Authentication 2676 * Data (AAD). 2677 * <p> 2678 * Calls to this method provide AAD to the cipher when operating in 2679 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2680 * either GCM or CCM mode, all AAD must be supplied before beginning 2681 * operations on the ciphertext (via the {@code update} and {@code 2682 * doFinal} methods). 2683 * <p> 2684 * All {@code src.remaining()} bytes starting at 2685 * {@code src.position()} are processed. 2686 * Upon return, the input buffer's position will be equal 2687 * to its limit; its limit will not have changed. 2688 * 2689 * @param src the buffer containing the AAD 2690 * 2691 * @throws IllegalArgumentException if the {@code src ByteBuffer} 2692 * is null 2693 * @throws IllegalStateException if this cipher is in a wrong state 2694 * (e.g., has not been initialized), does not accept AAD, or if 2695 * operating in either GCM or CCM mode and one of the {@code update} 2696 * methods has already been called for the active 2697 * encryption/decryption operation 2698 * @throws UnsupportedOperationException if the corresponding method 2699 * in the {@code CipherSpi} has not been overridden by an 2700 * implementation 2701 * 2702 * @since 1.7 2703 */ 2704 public final void updateAAD(ByteBuffer src) { 2705 checkCipherState(); 2706 2707 // Input sanity check 2708 if (src == null) { 2709 throw new IllegalArgumentException("src ByteBuffer is null"); 2710 } 2711 2712 chooseFirstProvider(); 2713 if (src.remaining() == 0) { 2714 return; 2715 } 2716 spi.engineUpdateAAD(src); 2717 } 2718 }