1 /*
2 * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package javax.crypto;
27
28 import java.util.*;
29 import java.util.concurrent.ConcurrentHashMap;
30 import java.util.concurrent.ConcurrentMap;
31 import java.util.regex.*;
32
33
34 import java.security.*;
35 import java.security.Provider.Service;
36 import java.security.spec.AlgorithmParameterSpec;
37 import java.security.spec.InvalidParameterSpecException;
38 import java.security.cert.Certificate;
39 import java.security.cert.X509Certificate;
40
41 import javax.crypto.spec.*;
42
43 import java.nio.ByteBuffer;
44 import java.nio.ReadOnlyBufferException;
45
46 import sun.security.util.Debug;
47 import sun.security.jca.*;
48
49 /**
50 * This class provides the functionality of a cryptographic cipher for
51 * encryption and decryption. It forms the core of the Java Cryptographic
52 * Extension (JCE) framework.
53 *
54 * <p>In order to create a Cipher object, the application calls the
55 * Cipher's {@code getInstance} method, and passes the name of the
56 * requested <i>transformation</i> to it. Optionally, the name of a provider
57 * may be specified.
58 *
59 * <p>A <i>transformation</i> is a string that describes the operation (or
60 * set of operations) to be performed on the given input, to produce some
61 * output. A transformation always includes the name of a cryptographic
62 * algorithm (e.g., <i>AES</i>), and may be followed by a feedback mode and
63 * padding scheme.
64 *
65 * <p> A transformation is of the form:
66 *
67 * <ul>
68 * <li>"<i>algorithm/mode/padding</i>" or
69 *
70 * <li>"<i>algorithm</i>"
71 * </ul>
72 *
73 * <P> (in the latter case,
74 * provider-specific default values for the mode and padding scheme are used).
75 * For example, the following is a valid transformation:
76 *
77 * <pre>
78 * Cipher c = Cipher.getInstance("<i>AES/CBC/PKCS5Padding</i>");
79 * </pre>
80 *
81 * Using modes such as {@code CFB} and {@code OFB}, block
82 * ciphers can encrypt data in units smaller than the cipher's actual
83 * block size. When requesting such a mode, you may optionally specify
84 * the number of bits to be processed at a time by appending this number
85 * to the mode name as shown in the "{@code AES/CFB8/NoPadding}" and
86 * "{@code AES/OFB32/PKCS5Padding}" transformations. If no such
87 * number is specified, a provider-specific default is used.
88 * (See the
89 * {@extLink security_guide_jdk_providers JDK Providers Documentation}
90 * for the JDK Providers default values.)
91 * Thus, block ciphers can be turned into byte-oriented stream ciphers by
92 * using an 8 bit mode such as CFB8 or OFB8.
93 * <p>
94 * Modes such as Authenticated Encryption with Associated Data (AEAD)
95 * provide authenticity assurances for both confidential data and
96 * Additional Associated Data (AAD) that is not encrypted. (Please see
97 * <a href="http://www.ietf.org/rfc/rfc5116.txt"> RFC 5116 </a> for more
98 * information on AEAD and AAD algorithms such as GCM/CCM.) Both
99 * confidential and AAD data can be used when calculating the
100 * authentication tag (similar to a {@link Mac}). This tag is appended
101 * to the ciphertext during encryption, and is verified on decryption.
102 * <p>
103 * AEAD modes such as GCM/CCM perform all AAD authenticity calculations
104 * before starting the ciphertext authenticity calculations. To avoid
105 * implementations having to internally buffer ciphertext, all AAD data
106 * must be supplied to GCM/CCM implementations (via the {@code updateAAD}
107 * methods) <b>before</b> the ciphertext is processed (via
108 * the {@code update} and {@code doFinal} methods).
109 * <p>
110 * Note that GCM mode has a uniqueness requirement on IVs used in
111 * encryption with a given key. When IVs are repeated for GCM
112 * encryption, such usages are subject to forgery attacks. Thus, after
113 * each encryption operation using GCM mode, callers should re-initialize
114 * the cipher objects with GCM parameters which has a different IV value.
115 * <pre>
116 * GCMParameterSpec s = ...;
117 * cipher.init(..., s);
118 *
119 * // If the GCM parameters were generated by the provider, it can
120 * // be retrieved by:
121 * // cipher.getParameters().getParameterSpec(GCMParameterSpec.class);
122 *
123 * cipher.updateAAD(...); // AAD
124 * cipher.update(...); // Multi-part update
125 * cipher.doFinal(...); // conclusion of operation
126 *
127 * // Use a different IV value for every encryption
128 * byte[] newIv = ...;
129 * s = new GCMParameterSpec(s.getTLen(), newIv);
130 * cipher.init(..., s);
131 * ...
132 *
133 * </pre>
134 * Every implementation of the Java platform is required to support
135 * the following standard {@code Cipher} transformations with the keysizes
136 * in parentheses:
137 * <ul>
138 * <li>{@code AES/CBC/NoPadding} (128)</li>
139 * <li>{@code AES/CBC/PKCS5Padding} (128)</li>
140 * <li>{@code AES/ECB/NoPadding} (128)</li>
141 * <li>{@code AES/ECB/PKCS5Padding} (128)</li>
142 * <li>{@code AES/GCM/NoPadding} (128)</li>
143 * <li>{@code DES/CBC/NoPadding} (56)</li>
144 * <li>{@code DES/CBC/PKCS5Padding} (56)</li>
145 * <li>{@code DES/ECB/NoPadding} (56)</li>
146 * <li>{@code DES/ECB/PKCS5Padding} (56)</li>
147 * <li>{@code DESede/CBC/NoPadding} (168)</li>
148 * <li>{@code DESede/CBC/PKCS5Padding} (168)</li>
149 * <li>{@code DESede/ECB/NoPadding} (168)</li>
150 * <li>{@code DESede/ECB/PKCS5Padding} (168)</li>
151 * <li>{@code RSA/ECB/PKCS1Padding} (1024, 2048)</li>
152 * <li>{@code RSA/ECB/OAEPWithSHA-1AndMGF1Padding} (1024, 2048)</li>
153 * <li>{@code RSA/ECB/OAEPWithSHA-256AndMGF1Padding} (1024, 2048)</li>
154 * </ul>
155 * These transformations are described in the
156 * <a href="{@docRoot}/../specs/security/standard-names.html#cipher-algorithm-names">
157 * Cipher section</a> of the
158 * Java Security Standard Algorithm Names Specification.
159 * Consult the release documentation for your implementation to see if any
160 * other transformations are supported.
161 *
162 * @author Jan Luehe
163 * @see KeyGenerator
164 * @see SecretKey
165 * @since 1.4
166 */
167
168 public class Cipher {
169
170 private static final Debug debug =
171 Debug.getInstance("jca", "Cipher");
172
173 private static final Debug pdebug =
174 Debug.getInstance("provider", "Provider");
175 private static final boolean skipDebug =
176 Debug.isOn("engine=") && !Debug.isOn("cipher");
177
178 /**
179 * Constant used to initialize cipher to encryption mode.
180 */
181 public static final int ENCRYPT_MODE = 1;
182
183 /**
184 * Constant used to initialize cipher to decryption mode.
185 */
186 public static final int DECRYPT_MODE = 2;
187
188 /**
189 * Constant used to initialize cipher to key-wrapping mode.
190 */
191 public static final int WRAP_MODE = 3;
192
193 /**
194 * Constant used to initialize cipher to key-unwrapping mode.
195 */
196 public static final int UNWRAP_MODE = 4;
197
198 /**
199 * Constant used to indicate the to-be-unwrapped key is a "public key".
200 */
201 public static final int PUBLIC_KEY = 1;
202
203 /**
204 * Constant used to indicate the to-be-unwrapped key is a "private key".
205 */
206 public static final int PRIVATE_KEY = 2;
207
208 /**
209 * Constant used to indicate the to-be-unwrapped key is a "secret key".
210 */
211 public static final int SECRET_KEY = 3;
212
213 // The provider
214 private Provider provider;
215
216 // The provider implementation (delegate)
217 private CipherSpi spi;
218
219 // The transformation
220 private String transformation;
221
222 // Crypto permission representing the maximum allowable cryptographic
223 // strength that this Cipher object can be used for. (The cryptographic
224 // strength is a function of the keysize and algorithm parameters encoded
225 // in the crypto permission.)
226 private CryptoPermission cryptoPerm;
227
228 // The exemption mechanism that needs to be enforced
229 private ExemptionMechanism exmech;
230
231 // Flag which indicates whether or not this cipher has been initialized
232 private boolean initialized = false;
233
234 // The operation mode - store the operation mode after the
235 // cipher has been initialized.
236 private int opmode = 0;
237
238 // The OID for the KeyUsage extension in an X.509 v3 certificate
239 private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15";
240
241 // next SPI to try in provider selection
242 // null once provider is selected
243 private CipherSpi firstSpi;
244
245 // next service to try in provider selection
246 // null once provider is selected
247 private Service firstService;
248
249 // remaining services to try in provider selection
250 // null once provider is selected
251 private Iterator<Service> serviceIterator;
252
253 // list of transform Strings to lookup in the provider
254 private List<Transform> transforms;
255
256 private final Object lock;
257
258 /**
259 * Creates a Cipher object.
260 *
261 * @param cipherSpi the delegate
262 * @param provider the provider
263 * @param transformation the transformation
264 */
265 protected Cipher(CipherSpi cipherSpi,
266 Provider provider,
267 String transformation) {
268 // See bug 4341369 & 4334690 for more info.
269 // If the caller is trusted, then okay.
270 // Otherwise throw a NullPointerException.
271 if (!JceSecurityManager.INSTANCE.isCallerTrusted(provider)) {
272 throw new NullPointerException();
273 }
274 this.spi = cipherSpi;
275 this.provider = provider;
276 this.transformation = transformation;
277 this.cryptoPerm = CryptoAllPermission.INSTANCE;
278 this.lock = null;
279 }
280
281 /**
282 * Creates a Cipher object. Called internally and by NullCipher.
283 *
284 * @param cipherSpi the delegate
285 * @param transformation the transformation
286 */
287 Cipher(CipherSpi cipherSpi, String transformation) {
288 this.spi = cipherSpi;
289 this.transformation = transformation;
290 this.cryptoPerm = CryptoAllPermission.INSTANCE;
291 this.lock = null;
292 }
293
294 private Cipher(CipherSpi firstSpi, Service firstService,
295 Iterator<Service> serviceIterator, String transformation,
296 List<Transform> transforms) {
297 this.firstSpi = firstSpi;
298 this.firstService = firstService;
299 this.serviceIterator = serviceIterator;
300 this.transforms = transforms;
301 this.transformation = transformation;
302 this.lock = new Object();
303 }
304
305 private static String[] tokenizeTransformation(String transformation)
306 throws NoSuchAlgorithmException {
307 if (transformation == null) {
308 throw new NoSuchAlgorithmException("No transformation given");
309 }
310 /*
311 * array containing the components of a Cipher transformation:
312 *
313 * index 0: algorithm component (e.g., AES)
314 * index 1: feedback component (e.g., CFB)
315 * index 2: padding component (e.g., PKCS5Padding)
316 */
317 String[] parts = new String[3];
318 int count = 0;
319 StringTokenizer parser = new StringTokenizer(transformation, "/");
320 try {
321 while (parser.hasMoreTokens() && count < 3) {
322 parts[count++] = parser.nextToken().trim();
323 }
324 if (count == 0 || count == 2 || parser.hasMoreTokens()) {
325 throw new NoSuchAlgorithmException("Invalid transformation"
326 + " format:" +
327 transformation);
328 }
329 } catch (NoSuchElementException e) {
330 throw new NoSuchAlgorithmException("Invalid transformation " +
331 "format:" + transformation);
332 }
333 if ((parts[0] == null) || (parts[0].length() == 0)) {
334 throw new NoSuchAlgorithmException("Invalid transformation:" +
335 "algorithm not specified-"
336 + transformation);
337 }
338 return parts;
339 }
340
341 // Provider attribute name for supported chaining mode
342 private static final String ATTR_MODE = "SupportedModes";
343 // Provider attribute name for supported padding names
344 private static final String ATTR_PAD = "SupportedPaddings";
345
346 // constants indicating whether the provider supports
347 // a given mode or padding
348 private static final int S_NO = 0; // does not support
349 private static final int S_MAYBE = 1; // unable to determine
350 private static final int S_YES = 2; // does support
351
352 /**
353 * Nested class to deal with modes and paddings.
354 */
355 private static class Transform {
356 // transform string to lookup in the provider
357 final String transform;
358 // the mode/padding suffix in upper case. for example, if the algorithm
359 // to lookup is "AES/CBC/PKCS5Padding" suffix is "/CBC/PKCS5PADDING"
360 // if lookup is "AES", suffix is the empty string
361 // needed because aliases prevent straight transform.equals()
362 final String suffix;
363 // value to pass to setMode() or null if no such call required
364 final String mode;
365 // value to pass to setPadding() or null if no such call required
366 final String pad;
367 Transform(String alg, String suffix, String mode, String pad) {
368 this.transform = alg + suffix;
369 this.suffix = suffix.toUpperCase(Locale.ENGLISH);
370 this.mode = mode;
371 this.pad = pad;
372 }
373 // set mode and padding for the given SPI
374 void setModePadding(CipherSpi spi) throws NoSuchAlgorithmException,
375 NoSuchPaddingException {
376 if (mode != null) {
377 spi.engineSetMode(mode);
378 }
379 if (pad != null) {
380 spi.engineSetPadding(pad);
381 }
382 }
383 // check whether the given services supports the mode and
384 // padding described by this Transform
385 int supportsModePadding(Service s) {
386 int smode = supportsMode(s);
387 if (smode == S_NO) {
388 return smode;
389 }
390 int spad = supportsPadding(s);
391 // our constants are defined so that Math.min() is a tri-valued AND
392 return Math.min(smode, spad);
393 }
394
395 // separate methods for mode and padding
396 // called directly by Cipher only to throw the correct exception
397 int supportsMode(Service s) {
398 return supports(s, ATTR_MODE, mode);
399 }
400 int supportsPadding(Service s) {
401 return supports(s, ATTR_PAD, pad);
402 }
403
404 private static int supports(Service s, String attrName, String value) {
405 if (value == null) {
406 return S_YES;
407 }
408 String regexp = s.getAttribute(attrName);
409 if (regexp == null) {
410 return S_MAYBE;
411 }
412 return matches(regexp, value) ? S_YES : S_NO;
413 }
414
415 // ConcurrentMap<String,Pattern> for previously compiled patterns
416 private static final ConcurrentMap<String, Pattern> patternCache =
417 new ConcurrentHashMap<String, Pattern>();
418
419 private static boolean matches(String regexp, String str) {
420 Pattern pattern = patternCache.get(regexp);
421 if (pattern == null) {
422 pattern = Pattern.compile(regexp);
423 patternCache.putIfAbsent(regexp, pattern);
424 }
425 return pattern.matcher(str.toUpperCase(Locale.ENGLISH)).matches();
426 }
427
428 }
429
430 private static List<Transform> getTransforms(String transformation)
431 throws NoSuchAlgorithmException {
432 String[] parts = tokenizeTransformation(transformation);
433
434 String alg = parts[0];
435 String mode = parts[1];
436 String pad = parts[2];
437 if ((mode != null) && (mode.length() == 0)) {
438 mode = null;
439 }
440 if ((pad != null) && (pad.length() == 0)) {
441 pad = null;
442 }
443
444 if ((mode == null) && (pad == null)) {
445 // AES
446 Transform tr = new Transform(alg, "", null, null);
447 return Collections.singletonList(tr);
448 } else { // if ((mode != null) && (pad != null)) {
449 // AES/CBC/PKCS5Padding
450 List<Transform> list = new ArrayList<>(4);
451 list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
452 list.add(new Transform(alg, "/" + mode, null, pad));
453 list.add(new Transform(alg, "//" + pad, mode, null));
454 list.add(new Transform(alg, "", mode, pad));
455 return list;
456 }
457 }
458
459 // get the transform matching the specified service
460 private static Transform getTransform(Service s,
461 List<Transform> transforms) {
462 String alg = s.getAlgorithm().toUpperCase(Locale.ENGLISH);
463 for (Transform tr : transforms) {
464 if (alg.endsWith(tr.suffix)) {
465 return tr;
466 }
467 }
468 return null;
469 }
470
471 /**
472 * Returns a {@code Cipher} object that implements the specified
473 * transformation.
474 *
475 * <p> This method traverses the list of registered security Providers,
476 * starting with the most preferred Provider.
477 * A new Cipher object encapsulating the
478 * CipherSpi implementation from the first
479 * Provider that supports the specified algorithm is returned.
480 *
481 * <p> Note that the list of registered providers may be retrieved via
482 * the {@link Security#getProviders() Security.getProviders()} method.
483 *
484 * @implNote
485 * The JDK Reference Implementation additionally uses the
486 * {@code jdk.security.provider.preferred}
487 * {@link Security#getProperty(String) Security} property to determine
488 * the preferred provider order for the specified algorithm. This
489 * may be different than the order of providers returned by
490 * {@link Security#getProviders() Security.getProviders()}.
491 *
492 * @param transformation the name of the transformation, e.g.,
493 * <i>AES/CBC/PKCS5Padding</i>.
494 * See the Cipher section in the <a href=
495 * "{@docRoot}/../specs/security/standard-names.html#cipher-algorithm-names">
496 * Java Security Standard Algorithm Names Specification</a>
497 * for information about standard transformation names.
498 *
499 * @return a cipher that implements the requested transformation
500 *
501 * @throws NoSuchAlgorithmException if {@code transformation}
502 * is {@code null}, empty, in an invalid format,
503 * or if no {@code Provider} supports a {@code CipherSpi}
504 * implementation for the specified algorithm
505 *
506 * @throws NoSuchPaddingException if {@code transformation}
507 * contains a padding scheme that is not available
508 *
509 * @see java.security.Provider
510 */
511 public static final Cipher getInstance(String transformation)
512 throws NoSuchAlgorithmException, NoSuchPaddingException
513 {
514 if ((transformation == null) || transformation.equals("")) {
515 throw new NoSuchAlgorithmException("Null or empty transformation");
516 }
517 List<Transform> transforms = getTransforms(transformation);
518 List<ServiceId> cipherServices = new ArrayList<>(transforms.size());
519 for (Transform transform : transforms) {
520 cipherServices.add(new ServiceId("Cipher", transform.transform));
521 }
522 List<Service> services = GetInstance.getServices(cipherServices);
523 // make sure there is at least one service from a signed provider
524 // and that it can use the specified mode and padding
525 Iterator<Service> t = services.iterator();
526 Exception failure = null;
527 while (t.hasNext()) {
528 Service s = t.next();
529 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
530 continue;
531 }
532 Transform tr = getTransform(s, transforms);
533 if (tr == null) {
534 // should never happen
535 continue;
536 }
537 int canuse = tr.supportsModePadding(s);
538 if (canuse == S_NO) {
539 // does not support mode or padding we need, ignore
540 continue;
541 }
542 if (canuse == S_YES) {
543 return new Cipher(null, s, t, transformation, transforms);
544 } else { // S_MAYBE, try out if it works
545 try {
546 CipherSpi spi = (CipherSpi)s.newInstance(null);
547 tr.setModePadding(spi);
548 return new Cipher(spi, s, t, transformation, transforms);
549 } catch (Exception e) {
550 failure = e;
551 }
552 }
553 }
554 throw new NoSuchAlgorithmException
555 ("Cannot find any provider supporting " + transformation, failure);
556 }
557
558 /**
559 * Returns a {@code Cipher} object that implements the specified
560 * transformation.
561 *
562 * <p> A new Cipher object encapsulating the
563 * CipherSpi implementation from the specified provider
564 * is returned. The specified provider must be registered
565 * in the security provider list.
566 *
567 * <p> Note that the list of registered providers may be retrieved via
568 * the {@link Security#getProviders() Security.getProviders()} method.
569 *
570 * @param transformation the name of the transformation,
571 * e.g., <i>AES/CBC/PKCS5Padding</i>.
572 * See the Cipher section in the <a href=
573 * "{@docRoot}/../specs/security/standard-names.html#cipher-algorithm-names">
574 * Java Security Standard Algorithm Names Specification</a>
575 * for information about standard transformation names.
576 *
577 * @param provider the name of the provider.
578 *
579 * @return a cipher that implements the requested transformation
580 *
581 * @throws IllegalArgumentException if the {@code provider}
582 * is {@code null} or empty
583 *
584 * @throws NoSuchAlgorithmException if {@code transformation}
585 * is {@code null}, empty, in an invalid format,
586 * or if a {@code CipherSpi} implementation for the
587 * specified algorithm is not available from the specified
588 * provider
589 *
590 * @throws NoSuchPaddingException if {@code transformation}
591 * contains a padding scheme that is not available
592 *
593 * @throws NoSuchProviderException if the specified provider is not
594 * registered in the security provider list
595 *
596 * @see java.security.Provider
597 */
598 public static final Cipher getInstance(String transformation,
599 String provider)
600 throws NoSuchAlgorithmException, NoSuchProviderException,
601 NoSuchPaddingException
602 {
603 if ((transformation == null) || transformation.equals("")) {
604 throw new NoSuchAlgorithmException("Null or empty transformation");
605 }
606 if ((provider == null) || (provider.length() == 0)) {
607 throw new IllegalArgumentException("Missing provider");
608 }
609 Provider p = Security.getProvider(provider);
610 if (p == null) {
611 throw new NoSuchProviderException("No such provider: " +
612 provider);
613 }
614 return getInstance(transformation, p);
615 }
616
617 private String getProviderName() {
618 return (provider == null) ? "(no provider)" : provider.getName();
619 }
620
621 /**
622 * Returns a {@code Cipher} object that implements the specified
623 * transformation.
624 *
625 * <p> A new Cipher object encapsulating the
626 * CipherSpi implementation from the specified Provider
627 * object is returned. Note that the specified Provider object
628 * does not have to be registered in the provider list.
629 *
630 * @param transformation the name of the transformation,
631 * e.g., <i>AES/CBC/PKCS5Padding</i>.
632 * See the Cipher section in the <a href=
633 * "{@docRoot}/../specs/security/standard-names.html#cipher-algorithm-names">
634 * Java Security Standard Algorithm Names Specification</a>
635 * for information about standard transformation names.
636 *
637 * @param provider the provider.
638 *
639 * @return a cipher that implements the requested transformation
640 *
641 * @throws IllegalArgumentException if the {@code provider}
642 * is {@code null}
643 *
644 * @throws NoSuchAlgorithmException if {@code transformation}
645 * is {@code null}, empty, in an invalid format,
646 * or if a {@code CipherSpi} implementation for the
647 * specified algorithm is not available from the specified
648 * {@code Provider} object
649 *
650 * @throws NoSuchPaddingException if {@code transformation}
651 * contains a padding scheme that is not available
652 *
653 * @see java.security.Provider
654 */
655 public static final Cipher getInstance(String transformation,
656 Provider provider)
657 throws NoSuchAlgorithmException, NoSuchPaddingException
658 {
659 if ((transformation == null) || transformation.equals("")) {
660 throw new NoSuchAlgorithmException("Null or empty transformation");
661 }
662 if (provider == null) {
663 throw new IllegalArgumentException("Missing provider");
664 }
665 Exception failure = null;
666 List<Transform> transforms = getTransforms(transformation);
667 boolean providerChecked = false;
668 String paddingError = null;
669 for (Transform tr : transforms) {
670 Service s = provider.getService("Cipher", tr.transform);
671 if (s == null) {
672 continue;
673 }
674 if (providerChecked == false) {
675 // for compatibility, first do the lookup and then verify
676 // the provider. this makes the difference between a NSAE
677 // and a SecurityException if the
678 // provider does not support the algorithm.
679 Exception ve = JceSecurity.getVerificationResult(provider);
680 if (ve != null) {
681 String msg = "JCE cannot authenticate the provider "
682 + provider.getName();
683 throw new SecurityException(msg, ve);
684 }
685 providerChecked = true;
686 }
687 if (tr.supportsMode(s) == S_NO) {
688 continue;
689 }
690 if (tr.supportsPadding(s) == S_NO) {
691 paddingError = tr.pad;
692 continue;
693 }
694 try {
695 CipherSpi spi = (CipherSpi)s.newInstance(null);
696 tr.setModePadding(spi);
697 Cipher cipher = new Cipher(spi, transformation);
698 cipher.provider = s.getProvider();
699 cipher.initCryptoPermission();
700 return cipher;
701 } catch (Exception e) {
702 failure = e;
703 }
704 }
705
706 // throw NoSuchPaddingException if the problem is with padding
707 if (failure instanceof NoSuchPaddingException) {
708 throw (NoSuchPaddingException)failure;
709 }
710 if (paddingError != null) {
711 throw new NoSuchPaddingException
712 ("Padding not supported: " + paddingError);
713 }
714 throw new NoSuchAlgorithmException
715 ("No such algorithm: " + transformation, failure);
716 }
717
718 // If the requested crypto service is export-controlled,
719 // determine the maximum allowable keysize.
720 private void initCryptoPermission() throws NoSuchAlgorithmException {
721 if (JceSecurity.isRestricted() == false) {
722 cryptoPerm = CryptoAllPermission.INSTANCE;
723 exmech = null;
724 return;
725 }
726 cryptoPerm = getConfiguredPermission(transformation);
727 // Instantiate the exemption mechanism (if required)
728 String exmechName = cryptoPerm.getExemptionMechanism();
729 if (exmechName != null) {
730 exmech = ExemptionMechanism.getInstance(exmechName);
731 }
732 }
733
734 // max number of debug warnings to print from chooseFirstProvider()
735 private static int warnCount = 10;
736
737 /**
738 * Choose the Spi from the first provider available. Used if
739 * delayed provider selection is not possible because init()
740 * is not the first method called.
741 */
742 void chooseFirstProvider() {
743 if (spi != null) {
744 return;
745 }
746 synchronized (lock) {
747 if (spi != null) {
748 return;
749 }
750 if (debug != null) {
751 int w = --warnCount;
752 if (w >= 0) {
753 debug.println("Cipher.init() not first method "
754 + "called, disabling delayed provider selection");
755 if (w == 0) {
756 debug.println("Further warnings of this type will "
757 + "be suppressed");
758 }
759 new Exception("Call trace").printStackTrace();
760 }
761 }
762 Exception lastException = null;
763 while ((firstService != null) || serviceIterator.hasNext()) {
764 Service s;
765 CipherSpi thisSpi;
766 if (firstService != null) {
767 s = firstService;
768 thisSpi = firstSpi;
769 firstService = null;
770 firstSpi = null;
771 } else {
772 s = serviceIterator.next();
773 thisSpi = null;
774 }
775 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
776 continue;
777 }
778 Transform tr = getTransform(s, transforms);
779 if (tr == null) {
780 // should never happen
781 continue;
782 }
783 if (tr.supportsModePadding(s) == S_NO) {
784 continue;
785 }
786 try {
787 if (thisSpi == null) {
788 Object obj = s.newInstance(null);
789 if (obj instanceof CipherSpi == false) {
790 continue;
791 }
792 thisSpi = (CipherSpi)obj;
793 }
794 tr.setModePadding(thisSpi);
795 initCryptoPermission();
796 spi = thisSpi;
797 provider = s.getProvider();
798 // not needed any more
799 firstService = null;
800 serviceIterator = null;
801 transforms = null;
802 return;
803 } catch (Exception e) {
804 lastException = e;
805 }
806 }
807 ProviderException e = new ProviderException
808 ("Could not construct CipherSpi instance");
809 if (lastException != null) {
810 e.initCause(lastException);
811 }
812 throw e;
813 }
814 }
815
816 private static final int I_KEY = 1;
817 private static final int I_PARAMSPEC = 2;
818 private static final int I_PARAMS = 3;
819 private static final int I_CERT = 4;
820
821 private void implInit(CipherSpi thisSpi, int type, int opmode, Key key,
822 AlgorithmParameterSpec paramSpec, AlgorithmParameters params,
823 SecureRandom random) throws InvalidKeyException,
824 InvalidAlgorithmParameterException {
825 switch (type) {
826 case I_KEY:
827 checkCryptoPerm(thisSpi, key);
828 thisSpi.engineInit(opmode, key, random);
829 break;
830 case I_PARAMSPEC:
831 checkCryptoPerm(thisSpi, key, paramSpec);
832 thisSpi.engineInit(opmode, key, paramSpec, random);
833 break;
834 case I_PARAMS:
835 checkCryptoPerm(thisSpi, key, params);
836 thisSpi.engineInit(opmode, key, params, random);
837 break;
838 case I_CERT:
839 checkCryptoPerm(thisSpi, key);
840 thisSpi.engineInit(opmode, key, random);
841 break;
842 default:
843 throw new AssertionError("Internal Cipher error: " + type);
844 }
845 }
846
847 private void chooseProvider(int initType, int opmode, Key key,
848 AlgorithmParameterSpec paramSpec,
849 AlgorithmParameters params, SecureRandom random)
850 throws InvalidKeyException, InvalidAlgorithmParameterException {
851 synchronized (lock) {
852 if (spi != null) {
853 implInit(spi, initType, opmode, key, paramSpec, params, random);
854 return;
855 }
856 Exception lastException = null;
857 while ((firstService != null) || serviceIterator.hasNext()) {
858 Service s;
859 CipherSpi thisSpi;
860 if (firstService != null) {
861 s = firstService;
862 thisSpi = firstSpi;
863 firstService = null;
864 firstSpi = null;
865 } else {
866 s = serviceIterator.next();
867 thisSpi = null;
868 }
869 // if provider says it does not support this key, ignore it
870 if (s.supportsParameter(key) == false) {
871 continue;
872 }
873 if (JceSecurity.canUseProvider(s.getProvider()) == false) {
874 continue;
875 }
876 Transform tr = getTransform(s, transforms);
877 if (tr == null) {
878 // should never happen
879 continue;
880 }
881 if (tr.supportsModePadding(s) == S_NO) {
882 continue;
883 }
884 try {
885 if (thisSpi == null) {
886 thisSpi = (CipherSpi)s.newInstance(null);
887 }
888 tr.setModePadding(thisSpi);
889 initCryptoPermission();
890 implInit(thisSpi, initType, opmode, key, paramSpec,
891 params, random);
892 provider = s.getProvider();
893 this.spi = thisSpi;
894 firstService = null;
895 serviceIterator = null;
896 transforms = null;
897 return;
898 } catch (Exception e) {
899 // NoSuchAlgorithmException from newInstance()
900 // InvalidKeyException from init()
901 // RuntimeException (ProviderException) from init()
902 // SecurityException from crypto permission check
903 if (lastException == null) {
904 lastException = e;
905 }
906 }
907 }
908 // no working provider found, fail
909 if (lastException instanceof InvalidKeyException) {
910 throw (InvalidKeyException)lastException;
911 }
912 if (lastException instanceof InvalidAlgorithmParameterException) {
913 throw (InvalidAlgorithmParameterException)lastException;
914 }
915 if (lastException instanceof RuntimeException) {
916 throw (RuntimeException)lastException;
917 }
918 String kName = (key != null) ? key.getClass().getName() : "(null)";
919 throw new InvalidKeyException
920 ("No installed provider supports this key: "
921 + kName, lastException);
922 }
923 }
924
925 /**
926 * Returns the provider of this {@code Cipher} object.
927 *
928 * @return the provider of this {@code Cipher} object
929 */
930 public final Provider getProvider() {
931 chooseFirstProvider();
932 return this.provider;
933 }
934
935 /**
936 * Returns the algorithm name of this {@code Cipher} object.
937 *
938 * <p>This is the same name that was specified in one of the
939 * {@code getInstance} calls that created this {@code Cipher}
940 * object..
941 *
942 * @return the algorithm name of this {@code Cipher} object.
943 */
944 public final String getAlgorithm() {
945 return this.transformation;
946 }
947
948 /**
949 * Returns the block size (in bytes).
950 *
951 * @return the block size (in bytes), or 0 if the underlying algorithm is
952 * not a block cipher
953 */
954 public final int getBlockSize() {
955 chooseFirstProvider();
956 return spi.engineGetBlockSize();
957 }
958
959 /**
960 * Returns the length in bytes that an output buffer would need to be in
961 * order to hold the result of the next {@code update} or
962 * {@code doFinal} operation, given the input length
963 * {@code inputLen} (in bytes).
964 *
965 * <p>This call takes into account any unprocessed (buffered) data from a
966 * previous {@code update} call, padding, and AEAD tagging.
967 *
968 * <p>The actual output length of the next {@code update} or
969 * {@code doFinal} call may be smaller than the length returned by
970 * this method.
971 *
972 * @param inputLen the input length (in bytes)
973 *
974 * @return the required output buffer size (in bytes)
975 *
976 * @exception IllegalStateException if this cipher is in a wrong state
977 * (e.g., has not yet been initialized)
978 */
979 public final int getOutputSize(int inputLen) {
980
981 if (!initialized && !(this instanceof NullCipher)) {
982 throw new IllegalStateException("Cipher not initialized");
983 }
984 if (inputLen < 0) {
985 throw new IllegalArgumentException("Input size must be equal " +
986 "to or greater than zero");
987 }
988 chooseFirstProvider();
989 return spi.engineGetOutputSize(inputLen);
990 }
991
992 /**
993 * Returns the initialization vector (IV) in a new buffer.
994 *
995 * <p>This is useful in the case where a random IV was created,
996 * or in the context of password-based encryption or
997 * decryption, where the IV is derived from a user-supplied password.
998 *
999 * @return the initialization vector in a new buffer, or null if the
1000 * underlying algorithm does not use an IV, or if the IV has not yet
1001 * been set.
1002 */
1003 public final byte[] getIV() {
1004 chooseFirstProvider();
1005 return spi.engineGetIV();
1006 }
1007
1008 /**
1009 * Returns the parameters used with this cipher.
1010 *
1011 * <p>The returned parameters may be the same that were used to initialize
1012 * this cipher, or may contain a combination of default and random
1013 * parameter values used by the underlying cipher implementation if this
1014 * cipher requires algorithm parameters but was not initialized with any.
1015 *
1016 * @return the parameters used with this cipher, or null if this cipher
1017 * does not use any parameters.
1018 */
1019 public final AlgorithmParameters getParameters() {
1020 chooseFirstProvider();
1021 return spi.engineGetParameters();
1022 }
1023
1024 /**
1025 * Returns the exemption mechanism object used with this cipher.
1026 *
1027 * @return the exemption mechanism object used with this cipher, or
1028 * null if this cipher does not use any exemption mechanism.
1029 */
1030 public final ExemptionMechanism getExemptionMechanism() {
1031 chooseFirstProvider();
1032 return exmech;
1033 }
1034
1035 //
1036 // Crypto permission check code below
1037 //
1038 private void checkCryptoPerm(CipherSpi checkSpi, Key key)
1039 throws InvalidKeyException {
1040 if (cryptoPerm == CryptoAllPermission.INSTANCE) {
1041 return;
1042 }
1043 // Check if key size and default parameters are within legal limits
1044 AlgorithmParameterSpec params;
1045 try {
1046 params = getAlgorithmParameterSpec(checkSpi.engineGetParameters());
1047 } catch (InvalidParameterSpecException ipse) {
1048 throw new InvalidKeyException
1049 ("Unsupported default algorithm parameters");
1050 }
1051 if (!passCryptoPermCheck(checkSpi, key, params)) {
1052 throw new InvalidKeyException(
1053 "Illegal key size or default parameters");
1054 }
1055 }
1056
1057 private void checkCryptoPerm(CipherSpi checkSpi, Key key,
1058 AlgorithmParameterSpec params) throws InvalidKeyException,
1059 InvalidAlgorithmParameterException {
1060 if (cryptoPerm == CryptoAllPermission.INSTANCE) {
1061 return;
1062 }
1063 // Determine keysize and check if it is within legal limits
1064 if (!passCryptoPermCheck(checkSpi, key, null)) {
1065 throw new InvalidKeyException("Illegal key size");
1066 }
1067 if ((params != null) && (!passCryptoPermCheck(checkSpi, key, params))) {
1068 throw new InvalidAlgorithmParameterException("Illegal parameters");
1069 }
1070 }
1071
1072 private void checkCryptoPerm(CipherSpi checkSpi, Key key,
1073 AlgorithmParameters params)
1074 throws InvalidKeyException, InvalidAlgorithmParameterException {
1075 if (cryptoPerm == CryptoAllPermission.INSTANCE) {
1076 return;
1077 }
1078 // Convert the specified parameters into specs and then delegate.
1079 AlgorithmParameterSpec pSpec;
1080 try {
1081 pSpec = getAlgorithmParameterSpec(params);
1082 } catch (InvalidParameterSpecException ipse) {
1083 throw new InvalidAlgorithmParameterException
1084 ("Failed to retrieve algorithm parameter specification");
1085 }
1086 checkCryptoPerm(checkSpi, key, pSpec);
1087 }
1088
1089 private boolean passCryptoPermCheck(CipherSpi checkSpi, Key key,
1090 AlgorithmParameterSpec params)
1091 throws InvalidKeyException {
1092 String em = cryptoPerm.getExemptionMechanism();
1093 int keySize = checkSpi.engineGetKeySize(key);
1094 // Use the "algorithm" component of the cipher
1095 // transformation so that the perm check would
1096 // work when the key has the "aliased" algo.
1097 String algComponent;
1098 int index = transformation.indexOf('/');
1099 if (index != -1) {
1100 algComponent = transformation.substring(0, index);
1101 } else {
1102 algComponent = transformation;
1103 }
1104 CryptoPermission checkPerm =
1105 new CryptoPermission(algComponent, keySize, params, em);
1106
1107 if (!cryptoPerm.implies(checkPerm)) {
1108 if (debug != null) {
1109 debug.println("Crypto Permission check failed");
1110 debug.println("granted: " + cryptoPerm);
1111 debug.println("requesting: " + checkPerm);
1112 }
1113 return false;
1114 }
1115 if (exmech == null) {
1116 return true;
1117 }
1118 try {
1119 if (!exmech.isCryptoAllowed(key)) {
1120 if (debug != null) {
1121 debug.println(exmech.getName() + " isn't enforced");
1122 }
1123 return false;
1124 }
1125 } catch (ExemptionMechanismException eme) {
1126 if (debug != null) {
1127 debug.println("Cannot determine whether "+
1128 exmech.getName() + " has been enforced");
1129 eme.printStackTrace();
1130 }
1131 return false;
1132 }
1133 return true;
1134 }
1135
1136 // check if opmode is one of the defined constants
1137 // throw InvalidParameterExeption if not
1138 private static void checkOpmode(int opmode) {
1139 if ((opmode < ENCRYPT_MODE) || (opmode > UNWRAP_MODE)) {
1140 throw new InvalidParameterException("Invalid operation mode");
1141 }
1142 }
1143
1144 private static String getOpmodeString(int opmode) {
1145 switch (opmode) {
1146 case ENCRYPT_MODE:
1147 return "encryption";
1148 case DECRYPT_MODE:
1149 return "decryption";
1150 case WRAP_MODE:
1151 return "key wrapping";
1152 case UNWRAP_MODE:
1153 return "key unwrapping";
1154 default:
1155 return "";
1156 }
1157 }
1158
1159 /**
1160 * Initializes this cipher with a key.
1161 *
1162 * <p>The cipher is initialized for one of the following four operations:
1163 * encryption, decryption, key wrapping or key unwrapping, depending
1164 * on the value of {@code opmode}.
1165 *
1166 * <p>If this cipher requires any algorithm parameters that cannot be
1167 * derived from the given {@code key}, the underlying cipher
1168 * implementation is supposed to generate the required parameters itself
1169 * (using provider-specific default or random values) if it is being
1170 * initialized for encryption or key wrapping, and raise an
1171 * {@code InvalidKeyException} if it is being
1172 * initialized for decryption or key unwrapping.
1173 * The generated parameters can be retrieved using
1174 * {@link #getParameters() getParameters} or
1175 * {@link #getIV() getIV} (if the parameter is an IV).
1176 *
1177 * <p>If this cipher requires algorithm parameters that cannot be
1178 * derived from the input parameters, and there are no reasonable
1179 * provider-specific default values, initialization will
1180 * necessarily fail.
1181 *
1182 * <p>If this cipher (including its underlying feedback or padding scheme)
1183 * requires any random bytes (e.g., for parameter generation), it will get
1184 * them using the {@link java.security.SecureRandom}
1185 * implementation of the highest-priority
1186 * installed provider as the source of randomness.
1187 * (If none of the installed providers supply an implementation of
1188 * SecureRandom, a system-provided source of randomness will be used.)
1189 *
1190 * <p>Note that when a Cipher object is initialized, it loses all
1191 * previously-acquired state. In other words, initializing a Cipher is
1192 * equivalent to creating a new instance of that Cipher and initializing
1193 * it.
1194 *
1195 * @param opmode the operation mode of this cipher (this is one of
1196 * the following:
1197 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1198 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1199 * @param key the key
1200 *
1201 * @exception InvalidKeyException if the given key is inappropriate for
1202 * initializing this cipher, or requires
1203 * algorithm parameters that cannot be
1204 * determined from the given key, or if the given key has a keysize that
1205 * exceeds the maximum allowable keysize (as determined from the
1206 * configured jurisdiction policy files).
1207 * @throws UnsupportedOperationException if {@code opmode} is
1208 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1209 * by the underlying {@code CipherSpi}.
1210 */
1211 public final void init(int opmode, Key key) throws InvalidKeyException {
1212 init(opmode, key, JceSecurity.RANDOM);
1213 }
1214
1215 /**
1216 * Initializes this cipher with a key and a source of randomness.
1217 *
1218 * <p>The cipher is initialized for one of the following four operations:
1219 * encryption, decryption, key wrapping or key unwrapping, depending
1220 * on the value of {@code opmode}.
1221 *
1222 * <p>If this cipher requires any algorithm parameters that cannot be
1223 * derived from the given {@code key}, the underlying cipher
1224 * implementation is supposed to generate the required parameters itself
1225 * (using provider-specific default or random values) if it is being
1226 * initialized for encryption or key wrapping, and raise an
1227 * {@code InvalidKeyException} if it is being
1228 * initialized for decryption or key unwrapping.
1229 * The generated parameters can be retrieved using
1230 * {@link #getParameters() getParameters} or
1231 * {@link #getIV() getIV} (if the parameter is an IV).
1232 *
1233 * <p>If this cipher requires algorithm parameters that cannot be
1234 * derived from the input parameters, and there are no reasonable
1235 * provider-specific default values, initialization will
1236 * necessarily fail.
1237 *
1238 * <p>If this cipher (including its underlying feedback or padding scheme)
1239 * requires any random bytes (e.g., for parameter generation), it will get
1240 * them from {@code random}.
1241 *
1242 * <p>Note that when a Cipher object is initialized, it loses all
1243 * previously-acquired state. In other words, initializing a Cipher is
1244 * equivalent to creating a new instance of that Cipher and initializing
1245 * it.
1246 *
1247 * @param opmode the operation mode of this cipher (this is one of the
1248 * following:
1249 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1250 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1251 * @param key the encryption key
1252 * @param random the source of randomness
1253 *
1254 * @exception InvalidKeyException if the given key is inappropriate for
1255 * initializing this cipher, or requires
1256 * algorithm parameters that cannot be
1257 * determined from the given key, or if the given key has a keysize that
1258 * exceeds the maximum allowable keysize (as determined from the
1259 * configured jurisdiction policy files).
1260 * @throws UnsupportedOperationException if {@code opmode} is
1261 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1262 * by the underlying {@code CipherSpi}.
1263 */
1264 public final void init(int opmode, Key key, SecureRandom random)
1265 throws InvalidKeyException
1266 {
1267 initialized = false;
1268 checkOpmode(opmode);
1269
1270 if (spi != null) {
1271 checkCryptoPerm(spi, key);
1272 spi.engineInit(opmode, key, random);
1273 } else {
1274 try {
1275 chooseProvider(I_KEY, opmode, key, null, null, random);
1276 } catch (InvalidAlgorithmParameterException e) {
1277 // should never occur
1278 throw new InvalidKeyException(e);
1279 }
1280 }
1281
1282 initialized = true;
1283 this.opmode = opmode;
1284
1285 if (!skipDebug && pdebug != null) {
1286 pdebug.println("Cipher." + transformation + " " +
1287 getOpmodeString(opmode) + " algorithm from: " +
1288 getProviderName());
1289 }
1290 }
1291
1292 /**
1293 * Initializes this cipher with a key and a set of algorithm
1294 * parameters.
1295 *
1296 * <p>The cipher is initialized for one of the following four operations:
1297 * encryption, decryption, key wrapping or key unwrapping, depending
1298 * on the value of {@code opmode}.
1299 *
1300 * <p>If this cipher requires any algorithm parameters and
1301 * {@code params} is null, the underlying cipher implementation is
1302 * supposed to generate the required parameters itself (using
1303 * provider-specific default or random values) if it is being
1304 * initialized for encryption or key wrapping, and raise an
1305 * {@code InvalidAlgorithmParameterException} if it is being
1306 * initialized for decryption or key unwrapping.
1307 * The generated parameters can be retrieved using
1308 * {@link #getParameters() getParameters} or
1309 * {@link #getIV() getIV} (if the parameter is an IV).
1310 *
1311 * <p>If this cipher requires algorithm parameters that cannot be
1312 * derived from the input parameters, and there are no reasonable
1313 * provider-specific default values, initialization will
1314 * necessarily fail.
1315 *
1316 * <p>If this cipher (including its underlying feedback or padding scheme)
1317 * requires any random bytes (e.g., for parameter generation), it will get
1318 * them using the {@link java.security.SecureRandom}
1319 * implementation of the highest-priority
1320 * installed provider as the source of randomness.
1321 * (If none of the installed providers supply an implementation of
1322 * SecureRandom, a system-provided source of randomness will be used.)
1323 *
1324 * <p>Note that when a Cipher object is initialized, it loses all
1325 * previously-acquired state. In other words, initializing a Cipher is
1326 * equivalent to creating a new instance of that Cipher and initializing
1327 * it.
1328 *
1329 * @param opmode the operation mode of this cipher (this is one of the
1330 * following:
1331 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1332 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1333 * @param key the encryption key
1334 * @param params the algorithm parameters
1335 *
1336 * @exception InvalidKeyException if the given key is inappropriate for
1337 * initializing this cipher, or its keysize exceeds the maximum allowable
1338 * keysize (as determined from the configured jurisdiction policy files).
1339 * @exception InvalidAlgorithmParameterException if the given algorithm
1340 * parameters are inappropriate for this cipher,
1341 * or this cipher requires
1342 * algorithm parameters and {@code params} is null, or the given
1343 * algorithm parameters imply a cryptographic strength that would exceed
1344 * the legal limits (as determined from the configured jurisdiction
1345 * policy files).
1346 * @throws UnsupportedOperationException if {@code opmode} is
1347 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1348 * by the underlying {@code CipherSpi}.
1349 */
1350 public final void init(int opmode, Key key, AlgorithmParameterSpec params)
1351 throws InvalidKeyException, InvalidAlgorithmParameterException
1352 {
1353 init(opmode, key, params, JceSecurity.RANDOM);
1354 }
1355
1356 /**
1357 * Initializes this cipher with a key, a set of algorithm
1358 * parameters, and a source of randomness.
1359 *
1360 * <p>The cipher is initialized for one of the following four operations:
1361 * encryption, decryption, key wrapping or key unwrapping, depending
1362 * on the value of {@code opmode}.
1363 *
1364 * <p>If this cipher requires any algorithm parameters and
1365 * {@code params} is null, the underlying cipher implementation is
1366 * supposed to generate the required parameters itself (using
1367 * provider-specific default or random values) if it is being
1368 * initialized for encryption or key wrapping, and raise an
1369 * {@code InvalidAlgorithmParameterException} if it is being
1370 * initialized for decryption or key unwrapping.
1371 * The generated parameters can be retrieved using
1372 * {@link #getParameters() getParameters} or
1373 * {@link #getIV() getIV} (if the parameter is an IV).
1374 *
1375 * <p>If this cipher requires algorithm parameters that cannot be
1376 * derived from the input parameters, and there are no reasonable
1377 * provider-specific default values, initialization will
1378 * necessarily fail.
1379 *
1380 * <p>If this cipher (including its underlying feedback or padding scheme)
1381 * requires any random bytes (e.g., for parameter generation), it will get
1382 * them from {@code random}.
1383 *
1384 * <p>Note that when a Cipher object is initialized, it loses all
1385 * previously-acquired state. In other words, initializing a Cipher is
1386 * equivalent to creating a new instance of that Cipher and initializing
1387 * it.
1388 *
1389 * @param opmode the operation mode of this cipher (this is one of the
1390 * following:
1391 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1392 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1393 * @param key the encryption key
1394 * @param params the algorithm parameters
1395 * @param random the source of randomness
1396 *
1397 * @exception InvalidKeyException if the given key is inappropriate for
1398 * initializing this cipher, or its keysize exceeds the maximum allowable
1399 * keysize (as determined from the configured jurisdiction policy files).
1400 * @exception InvalidAlgorithmParameterException if the given algorithm
1401 * parameters are inappropriate for this cipher,
1402 * or this cipher requires
1403 * algorithm parameters and {@code params} is null, or the given
1404 * algorithm parameters imply a cryptographic strength that would exceed
1405 * the legal limits (as determined from the configured jurisdiction
1406 * policy files).
1407 * @throws UnsupportedOperationException if {@code opmode} is
1408 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1409 * by the underlying {@code CipherSpi}.
1410 */
1411 public final void init(int opmode, Key key, AlgorithmParameterSpec params,
1412 SecureRandom random)
1413 throws InvalidKeyException, InvalidAlgorithmParameterException
1414 {
1415 initialized = false;
1416 checkOpmode(opmode);
1417
1418 if (spi != null) {
1419 checkCryptoPerm(spi, key, params);
1420 spi.engineInit(opmode, key, params, random);
1421 } else {
1422 chooseProvider(I_PARAMSPEC, opmode, key, params, null, random);
1423 }
1424
1425 initialized = true;
1426 this.opmode = opmode;
1427
1428 if (!skipDebug && pdebug != null) {
1429 pdebug.println("Cipher." + transformation + " " +
1430 getOpmodeString(opmode) + " algorithm from: " +
1431 getProviderName());
1432 }
1433 }
1434
1435 /**
1436 * Initializes this cipher with a key and a set of algorithm
1437 * parameters.
1438 *
1439 * <p>The cipher is initialized for one of the following four operations:
1440 * encryption, decryption, key wrapping or key unwrapping, depending
1441 * on the value of {@code opmode}.
1442 *
1443 * <p>If this cipher requires any algorithm parameters and
1444 * {@code params} is null, the underlying cipher implementation is
1445 * supposed to generate the required parameters itself (using
1446 * provider-specific default or random values) if it is being
1447 * initialized for encryption or key wrapping, and raise an
1448 * {@code InvalidAlgorithmParameterException} if it is being
1449 * initialized for decryption or key unwrapping.
1450 * The generated parameters can be retrieved using
1451 * {@link #getParameters() getParameters} or
1452 * {@link #getIV() getIV} (if the parameter is an IV).
1453 *
1454 * <p>If this cipher requires algorithm parameters that cannot be
1455 * derived from the input parameters, and there are no reasonable
1456 * provider-specific default values, initialization will
1457 * necessarily fail.
1458 *
1459 * <p>If this cipher (including its underlying feedback or padding scheme)
1460 * requires any random bytes (e.g., for parameter generation), it will get
1461 * them using the {@link java.security.SecureRandom}
1462 * implementation of the highest-priority
1463 * installed provider as the source of randomness.
1464 * (If none of the installed providers supply an implementation of
1465 * SecureRandom, a system-provided source of randomness will be used.)
1466 *
1467 * <p>Note that when a Cipher object is initialized, it loses all
1468 * previously-acquired state. In other words, initializing a Cipher is
1469 * equivalent to creating a new instance of that Cipher and initializing
1470 * it.
1471 *
1472 * @param opmode the operation mode of this cipher (this is one of the
1473 * following: {@code ENCRYPT_MODE},
1474 * {@code DECRYPT_MODE}, {@code WRAP_MODE}
1475 * or {@code UNWRAP_MODE})
1476 * @param key the encryption key
1477 * @param params the algorithm parameters
1478 *
1479 * @exception InvalidKeyException if the given key is inappropriate for
1480 * initializing this cipher, or its keysize exceeds the maximum allowable
1481 * keysize (as determined from the configured jurisdiction policy files).
1482 * @exception InvalidAlgorithmParameterException if the given algorithm
1483 * parameters are inappropriate for this cipher,
1484 * or this cipher requires
1485 * algorithm parameters and {@code params} is null, or the given
1486 * algorithm parameters imply a cryptographic strength that would exceed
1487 * the legal limits (as determined from the configured jurisdiction
1488 * policy files).
1489 * @throws UnsupportedOperationException if {@code opmode} is
1490 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1491 * by the underlying {@code CipherSpi}.
1492 */
1493 public final void init(int opmode, Key key, AlgorithmParameters params)
1494 throws InvalidKeyException, InvalidAlgorithmParameterException
1495 {
1496 init(opmode, key, params, JceSecurity.RANDOM);
1497 }
1498
1499 /**
1500 * Initializes this cipher with a key, a set of algorithm
1501 * parameters, and a source of randomness.
1502 *
1503 * <p>The cipher is initialized for one of the following four operations:
1504 * encryption, decryption, key wrapping or key unwrapping, depending
1505 * on the value of {@code opmode}.
1506 *
1507 * <p>If this cipher requires any algorithm parameters and
1508 * {@code params} is null, the underlying cipher implementation is
1509 * supposed to generate the required parameters itself (using
1510 * provider-specific default or random values) if it is being
1511 * initialized for encryption or key wrapping, and raise an
1512 * {@code InvalidAlgorithmParameterException} if it is being
1513 * initialized for decryption or key unwrapping.
1514 * The generated parameters can be retrieved using
1515 * {@link #getParameters() getParameters} or
1516 * {@link #getIV() getIV} (if the parameter is an IV).
1517 *
1518 * <p>If this cipher requires algorithm parameters that cannot be
1519 * derived from the input parameters, and there are no reasonable
1520 * provider-specific default values, initialization will
1521 * necessarily fail.
1522 *
1523 * <p>If this cipher (including its underlying feedback or padding scheme)
1524 * requires any random bytes (e.g., for parameter generation), it will get
1525 * them from {@code random}.
1526 *
1527 * <p>Note that when a Cipher object is initialized, it loses all
1528 * previously-acquired state. In other words, initializing a Cipher is
1529 * equivalent to creating a new instance of that Cipher and initializing
1530 * it.
1531 *
1532 * @param opmode the operation mode of this cipher (this is one of the
1533 * following: {@code ENCRYPT_MODE},
1534 * {@code DECRYPT_MODE}, {@code WRAP_MODE}
1535 * or {@code UNWRAP_MODE})
1536 * @param key the encryption key
1537 * @param params the algorithm parameters
1538 * @param random the source of randomness
1539 *
1540 * @exception InvalidKeyException if the given key is inappropriate for
1541 * initializing this cipher, or its keysize exceeds the maximum allowable
1542 * keysize (as determined from the configured jurisdiction policy files).
1543 * @exception InvalidAlgorithmParameterException if the given algorithm
1544 * parameters are inappropriate for this cipher,
1545 * or this cipher requires
1546 * algorithm parameters and {@code params} is null, or the given
1547 * algorithm parameters imply a cryptographic strength that would exceed
1548 * the legal limits (as determined from the configured jurisdiction
1549 * policy files).
1550 * @throws UnsupportedOperationException if {@code opmode} is
1551 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1552 * by the underlying {@code CipherSpi}.
1553 */
1554 public final void init(int opmode, Key key, AlgorithmParameters params,
1555 SecureRandom random)
1556 throws InvalidKeyException, InvalidAlgorithmParameterException
1557 {
1558 initialized = false;
1559 checkOpmode(opmode);
1560
1561 if (spi != null) {
1562 checkCryptoPerm(spi, key, params);
1563 spi.engineInit(opmode, key, params, random);
1564 } else {
1565 chooseProvider(I_PARAMS, opmode, key, null, params, random);
1566 }
1567
1568 initialized = true;
1569 this.opmode = opmode;
1570
1571 if (!skipDebug && pdebug != null) {
1572 pdebug.println("Cipher." + transformation + " " +
1573 getOpmodeString(opmode) + " algorithm from: " +
1574 getProviderName());
1575 }
1576 }
1577
1578 /**
1579 * Initializes this cipher with the public key from the given certificate.
1580 * <p> The cipher is initialized for one of the following four operations:
1581 * encryption, decryption, key wrapping or key unwrapping, depending
1582 * on the value of {@code opmode}.
1583 *
1584 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
1585 * extension field marked as critical, and the value of the <i>key usage</i>
1586 * extension field implies that the public key in
1587 * the certificate and its corresponding private key are not
1588 * supposed to be used for the operation represented by the value
1589 * of {@code opmode},
1590 * an {@code InvalidKeyException}
1591 * is thrown.
1592 *
1593 * <p> If this cipher requires any algorithm parameters that cannot be
1594 * derived from the public key in the given certificate, the underlying
1595 * cipher
1596 * implementation is supposed to generate the required parameters itself
1597 * (using provider-specific default or random values) if it is being
1598 * initialized for encryption or key wrapping, and raise an
1599 * {@code InvalidKeyException} if it is being initialized for decryption or
1600 * key unwrapping.
1601 * The generated parameters can be retrieved using
1602 * {@link #getParameters() getParameters} or
1603 * {@link #getIV() getIV} (if the parameter is an IV).
1604 *
1605 * <p>If this cipher requires algorithm parameters that cannot be
1606 * derived from the input parameters, and there are no reasonable
1607 * provider-specific default values, initialization will
1608 * necessarily fail.
1609 *
1610 * <p>If this cipher (including its underlying feedback or padding scheme)
1611 * requires any random bytes (e.g., for parameter generation), it will get
1612 * them using the
1613 * {@code SecureRandom}
1614 * implementation of the highest-priority
1615 * installed provider as the source of randomness.
1616 * (If none of the installed providers supply an implementation of
1617 * SecureRandom, a system-provided source of randomness will be used.)
1618 *
1619 * <p>Note that when a Cipher object is initialized, it loses all
1620 * previously-acquired state. In other words, initializing a Cipher is
1621 * equivalent to creating a new instance of that Cipher and initializing
1622 * it.
1623 *
1624 * @param opmode the operation mode of this cipher (this is one of the
1625 * following:
1626 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1627 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1628 * @param certificate the certificate
1629 *
1630 * @exception InvalidKeyException if the public key in the given
1631 * certificate is inappropriate for initializing this cipher, or this
1632 * cipher requires algorithm parameters that cannot be determined from the
1633 * public key in the given certificate, or the keysize of the public key
1634 * in the given certificate has a keysize that exceeds the maximum
1635 * allowable keysize (as determined by the configured jurisdiction policy
1636 * files).
1637 * @throws UnsupportedOperationException if {@code opmode} is
1638 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1639 * by the underlying {@code CipherSpi}.
1640 */
1641 public final void init(int opmode, Certificate certificate)
1642 throws InvalidKeyException
1643 {
1644 init(opmode, certificate, JceSecurity.RANDOM);
1645 }
1646
1647 /**
1648 * Initializes this cipher with the public key from the given certificate
1649 * and
1650 * a source of randomness.
1651 *
1652 * <p>The cipher is initialized for one of the following four operations:
1653 * encryption, decryption, key wrapping
1654 * or key unwrapping, depending on
1655 * the value of {@code opmode}.
1656 *
1657 * <p>If the certificate is of type X.509 and has a <i>key usage</i>
1658 * extension field marked as critical, and the value of the <i>key usage</i>
1659 * extension field implies that the public key in
1660 * the certificate and its corresponding private key are not
1661 * supposed to be used for the operation represented by the value of
1662 * {@code opmode},
1663 * an {@code InvalidKeyException}
1664 * is thrown.
1665 *
1666 * <p>If this cipher requires any algorithm parameters that cannot be
1667 * derived from the public key in the given {@code certificate},
1668 * the underlying cipher
1669 * implementation is supposed to generate the required parameters itself
1670 * (using provider-specific default or random values) if it is being
1671 * initialized for encryption or key wrapping, and raise an
1672 * {@code InvalidKeyException} if it is being
1673 * initialized for decryption or key unwrapping.
1674 * The generated parameters can be retrieved using
1675 * {@link #getParameters() getParameters} or
1676 * {@link #getIV() getIV} (if the parameter is an IV).
1677 *
1678 * <p>If this cipher requires algorithm parameters that cannot be
1679 * derived from the input parameters, and there are no reasonable
1680 * provider-specific default values, initialization will
1681 * necessarily fail.
1682 *
1683 * <p>If this cipher (including its underlying feedback or padding scheme)
1684 * requires any random bytes (e.g., for parameter generation), it will get
1685 * them from {@code random}.
1686 *
1687 * <p>Note that when a Cipher object is initialized, it loses all
1688 * previously-acquired state. In other words, initializing a Cipher is
1689 * equivalent to creating a new instance of that Cipher and initializing
1690 * it.
1691 *
1692 * @param opmode the operation mode of this cipher (this is one of the
1693 * following:
1694 * {@code ENCRYPT_MODE}, {@code DECRYPT_MODE},
1695 * {@code WRAP_MODE} or {@code UNWRAP_MODE})
1696 * @param certificate the certificate
1697 * @param random the source of randomness
1698 *
1699 * @exception InvalidKeyException if the public key in the given
1700 * certificate is inappropriate for initializing this cipher, or this
1701 * cipher
1702 * requires algorithm parameters that cannot be determined from the
1703 * public key in the given certificate, or the keysize of the public key
1704 * in the given certificate has a keysize that exceeds the maximum
1705 * allowable keysize (as determined by the configured jurisdiction policy
1706 * files).
1707 * @throws UnsupportedOperationException if {@code opmode} is
1708 * {@code WRAP_MODE} or {@code UNWRAP_MODE} but the mode is not implemented
1709 * by the underlying {@code CipherSpi}.
1710 */
1711 public final void init(int opmode, Certificate certificate,
1712 SecureRandom random)
1713 throws InvalidKeyException
1714 {
1715 initialized = false;
1716 checkOpmode(opmode);
1717
1718 // Check key usage if the certificate is of
1719 // type X.509.
1720 if (certificate instanceof java.security.cert.X509Certificate) {
1721 // Check whether the cert has a key usage extension
1722 // marked as a critical extension.
1723 X509Certificate cert = (X509Certificate)certificate;
1724 Set<String> critSet = cert.getCriticalExtensionOIDs();
1725
1726 if (critSet != null && !critSet.isEmpty()
1727 && critSet.contains(KEY_USAGE_EXTENSION_OID)) {
1728 boolean[] keyUsageInfo = cert.getKeyUsage();
1729 // keyUsageInfo[2] is for keyEncipherment;
1730 // keyUsageInfo[3] is for dataEncipherment.
1731 if ((keyUsageInfo != null) &&
1732 (((opmode == Cipher.ENCRYPT_MODE) &&
1733 (keyUsageInfo.length > 3) &&
1734 (keyUsageInfo[3] == false)) ||
1735 ((opmode == Cipher.WRAP_MODE) &&
1736 (keyUsageInfo.length > 2) &&
1737 (keyUsageInfo[2] == false)))) {
1738 throw new InvalidKeyException("Wrong key usage");
1739 }
1740 }
1741 }
1742
1743 PublicKey publicKey =
1744 (certificate==null? null:certificate.getPublicKey());
1745
1746 if (spi != null) {
1747 checkCryptoPerm(spi, publicKey);
1748 spi.engineInit(opmode, publicKey, random);
1749 } else {
1750 try {
1751 chooseProvider(I_CERT, opmode, publicKey, null, null, random);
1752 } catch (InvalidAlgorithmParameterException e) {
1753 // should never occur
1754 throw new InvalidKeyException(e);
1755 }
1756 }
1757
1758 initialized = true;
1759 this.opmode = opmode;
1760
1761 if (!skipDebug && pdebug != null) {
1762 pdebug.println("Cipher." + transformation + " " +
1763 getOpmodeString(opmode) + " algorithm from: " +
1764 getProviderName());
1765 }
1766 }
1767
1768 /**
1769 * Ensures that Cipher is in a valid state for update() and doFinal()
1770 * calls - should be initialized and in ENCRYPT_MODE or DECRYPT_MODE.
1771 * @throws IllegalStateException if Cipher object is not in valid state.
1772 */
1773 private void checkCipherState() {
1774 if (!(this instanceof NullCipher)) {
1775 if (!initialized) {
1776 throw new IllegalStateException("Cipher not initialized");
1777 }
1778 if ((opmode != Cipher.ENCRYPT_MODE) &&
1779 (opmode != Cipher.DECRYPT_MODE)) {
1780 throw new IllegalStateException("Cipher not initialized " +
1781 "for encryption/decryption");
1782 }
1783 }
1784 }
1785
1786 /**
1787 * Continues a multiple-part encryption or decryption operation
1788 * (depending on how this cipher was initialized), processing another data
1789 * part.
1790 *
1791 * <p>The bytes in the {@code input} buffer are processed, and the
1792 * result is stored in a new buffer.
1793 *
1794 * <p>If {@code input} has a length of zero, this method returns
1795 * {@code null}.
1796 *
1797 * @param input the input buffer
1798 *
1799 * @return the new buffer with the result, or null if the underlying
1800 * cipher is a block cipher and the input data is too short to result in a
1801 * new block.
1802 *
1803 * @exception IllegalStateException if this cipher is in a wrong state
1804 * (e.g., has not been initialized)
1805 */
1806 public final byte[] update(byte[] input) {
1807 checkCipherState();
1808
1809 // Input sanity check
1810 if (input == null) {
1811 throw new IllegalArgumentException("Null input buffer");
1812 }
1813
1814 chooseFirstProvider();
1815 if (input.length == 0) {
1816 return null;
1817 }
1818 return spi.engineUpdate(input, 0, input.length);
1819 }
1820
1821 /**
1822 * Continues a multiple-part encryption or decryption operation
1823 * (depending on how this cipher was initialized), processing another data
1824 * part.
1825 *
1826 * <p>The first {@code inputLen} bytes in the {@code input}
1827 * buffer, starting at {@code inputOffset} inclusive, are processed,
1828 * and the result is stored in a new buffer.
1829 *
1830 * <p>If {@code inputLen} is zero, this method returns
1831 * {@code null}.
1832 *
1833 * @param input the input buffer
1834 * @param inputOffset the offset in {@code input} where the input
1835 * starts
1836 * @param inputLen the input length
1837 *
1838 * @return the new buffer with the result, or null if the underlying
1839 * cipher is a block cipher and the input data is too short to result in a
1840 * new block.
1841 *
1842 * @exception IllegalStateException if this cipher is in a wrong state
1843 * (e.g., has not been initialized)
1844 */
1845 public final byte[] update(byte[] input, int inputOffset, int inputLen) {
1846 checkCipherState();
1847
1848 // Input sanity check
1849 if (input == null || inputOffset < 0
1850 || inputLen > (input.length - inputOffset) || inputLen < 0) {
1851 throw new IllegalArgumentException("Bad arguments");
1852 }
1853
1854 chooseFirstProvider();
1855 if (inputLen == 0) {
1856 return null;
1857 }
1858 return spi.engineUpdate(input, inputOffset, inputLen);
1859 }
1860
1861 /**
1862 * Continues a multiple-part encryption or decryption operation
1863 * (depending on how this cipher was initialized), processing another data
1864 * part.
1865 *
1866 * <p>The first {@code inputLen} bytes in the {@code input}
1867 * buffer, starting at {@code inputOffset} inclusive, are processed,
1868 * and the result is stored in the {@code output} buffer.
1869 *
1870 * <p>If the {@code output} buffer is too small to hold the result,
1871 * a {@code ShortBufferException} is thrown. In this case, repeat this
1872 * call with a larger output buffer. Use
1873 * {@link #getOutputSize(int) getOutputSize} to determine how big
1874 * the output buffer should be.
1875 *
1876 * <p>If {@code inputLen} is zero, this method returns
1877 * a length of zero.
1878 *
1879 * <p>Note: this method should be copy-safe, which means the
1880 * {@code input} and {@code output} buffers can reference
1881 * the same byte array and no unprocessed input data is overwritten
1882 * when the result is copied into the output buffer.
1883 *
1884 * @param input the input buffer
1885 * @param inputOffset the offset in {@code input} where the input
1886 * starts
1887 * @param inputLen the input length
1888 * @param output the buffer for the result
1889 *
1890 * @return the number of bytes stored in {@code output}
1891 *
1892 * @exception IllegalStateException if this cipher is in a wrong state
1893 * (e.g., has not been initialized)
1894 * @exception ShortBufferException if the given output buffer is too small
1895 * to hold the result
1896 */
1897 public final int update(byte[] input, int inputOffset, int inputLen,
1898 byte[] output)
1899 throws ShortBufferException {
1900 checkCipherState();
1901
1902 // Input sanity check
1903 if (input == null || inputOffset < 0
1904 || inputLen > (input.length - inputOffset) || inputLen < 0) {
1905 throw new IllegalArgumentException("Bad arguments");
1906 }
1907
1908 chooseFirstProvider();
1909 if (inputLen == 0) {
1910 return 0;
1911 }
1912 return spi.engineUpdate(input, inputOffset, inputLen,
1913 output, 0);
1914 }
1915
1916 /**
1917 * Continues a multiple-part encryption or decryption operation
1918 * (depending on how this cipher was initialized), processing another data
1919 * part.
1920 *
1921 * <p>The first {@code inputLen} bytes in the {@code input}
1922 * buffer, starting at {@code inputOffset} inclusive, are processed,
1923 * and the result is stored in the {@code output} buffer, starting at
1924 * {@code outputOffset} inclusive.
1925 *
1926 * <p>If the {@code output} buffer is too small to hold the result,
1927 * a {@code ShortBufferException} is thrown. In this case, repeat this
1928 * call with a larger output buffer. Use
1929 * {@link #getOutputSize(int) getOutputSize} to determine how big
1930 * the output buffer should be.
1931 *
1932 * <p>If {@code inputLen} is zero, this method returns
1933 * a length of zero.
1934 *
1935 * <p>Note: this method should be copy-safe, which means the
1936 * {@code input} and {@code output} buffers can reference
1937 * the same byte array and no unprocessed input data is overwritten
1938 * when the result is copied into the output buffer.
1939 *
1940 * @param input the input buffer
1941 * @param inputOffset the offset in {@code input} where the input
1942 * starts
1943 * @param inputLen the input length
1944 * @param output the buffer for the result
1945 * @param outputOffset the offset in {@code output} where the result
1946 * is stored
1947 *
1948 * @return the number of bytes stored in {@code output}
1949 *
1950 * @exception IllegalStateException if this cipher is in a wrong state
1951 * (e.g., has not been initialized)
1952 * @exception ShortBufferException if the given output buffer is too small
1953 * to hold the result
1954 */
1955 public final int update(byte[] input, int inputOffset, int inputLen,
1956 byte[] output, int outputOffset)
1957 throws ShortBufferException {
1958 checkCipherState();
1959
1960 // Input sanity check
1961 if (input == null || inputOffset < 0
1962 || inputLen > (input.length - inputOffset) || inputLen < 0
1963 || outputOffset < 0) {
1964 throw new IllegalArgumentException("Bad arguments");
1965 }
1966
1967 chooseFirstProvider();
1968 if (inputLen == 0) {
1969 return 0;
1970 }
1971 return spi.engineUpdate(input, inputOffset, inputLen,
1972 output, outputOffset);
1973 }
1974
1975 /**
1976 * Continues a multiple-part encryption or decryption operation
1977 * (depending on how this cipher was initialized), processing another data
1978 * part.
1979 *
1980 * <p>All {@code input.remaining()} bytes starting at
1981 * {@code input.position()} are processed. The result is stored
1982 * in the output buffer.
1983 * Upon return, the input buffer's position will be equal
1984 * to its limit; its limit will not have changed. The output buffer's
1985 * position will have advanced by n, where n is the value returned
1986 * by this method; the output buffer's limit will not have changed.
1987 *
1988 * <p>If {@code output.remaining()} bytes are insufficient to
1989 * hold the result, a {@code ShortBufferException} is thrown.
1990 * In this case, repeat this call with a larger output buffer. Use
1991 * {@link #getOutputSize(int) getOutputSize} to determine how big
1992 * the output buffer should be.
1993 *
1994 * <p>Note: this method should be copy-safe, which means the
1995 * {@code input} and {@code output} buffers can reference
1996 * the same block of memory and no unprocessed input data is overwritten
1997 * when the result is copied into the output buffer.
1998 *
1999 * @param input the input ByteBuffer
2000 * @param output the output ByteByffer
2001 *
2002 * @return the number of bytes stored in {@code output}
2003 *
2004 * @exception IllegalStateException if this cipher is in a wrong state
2005 * (e.g., has not been initialized)
2006 * @exception IllegalArgumentException if input and output are the
2007 * same object
2008 * @exception ReadOnlyBufferException if the output buffer is read-only
2009 * @exception ShortBufferException if there is insufficient space in the
2010 * output buffer
2011 * @since 1.5
2012 */
2013 public final int update(ByteBuffer input, ByteBuffer output)
2014 throws ShortBufferException {
2015 checkCipherState();
2016
2017 if ((input == null) || (output == null)) {
2018 throw new IllegalArgumentException("Buffers must not be null");
2019 }
2020 if (input == output) {
2021 throw new IllegalArgumentException("Input and output buffers must "
2022 + "not be the same object, consider using buffer.duplicate()");
2023 }
2024 if (output.isReadOnly()) {
2025 throw new ReadOnlyBufferException();
2026 }
2027
2028 chooseFirstProvider();
2029 return spi.engineUpdate(input, output);
2030 }
2031
2032 /**
2033 * Finishes a multiple-part encryption or decryption operation, depending
2034 * on how this cipher was initialized.
2035 *
2036 * <p>Input data that may have been buffered during a previous
2037 * {@code update} operation is processed, with padding (if requested)
2038 * being applied.
2039 * If an AEAD mode such as GCM/CCM is being used, the authentication
2040 * tag is appended in the case of encryption, or verified in the
2041 * case of decryption.
2042 * The result is stored in a new buffer.
2043 *
2044 * <p>Upon finishing, this method resets this cipher object to the state
2045 * it was in when previously initialized via a call to {@code init}.
2046 * That is, the object is reset and available to encrypt or decrypt
2047 * (depending on the operation mode that was specified in the call to
2048 * {@code init}) more data.
2049 *
2050 * <p>Note: if any exception is thrown, this cipher object may need to
2051 * be reset before it can be used again.
2052 *
2053 * @return the new buffer with the result
2054 *
2055 * @exception IllegalStateException if this cipher is in a wrong state
2056 * (e.g., has not been initialized)
2057 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2058 * no padding has been requested (only in encryption mode), and the total
2059 * input length of the data processed by this cipher is not a multiple of
2060 * block size; or if this encryption algorithm is unable to
2061 * process the input data provided.
2062 * @exception BadPaddingException if this cipher is in decryption mode,
2063 * and (un)padding has been requested, but the decrypted data is not
2064 * bounded by the appropriate padding bytes
2065 * @exception AEADBadTagException if this cipher is decrypting in an
2066 * AEAD mode (such as GCM/CCM), and the received authentication tag
2067 * does not match the calculated value
2068 */
2069 public final byte[] doFinal()
2070 throws IllegalBlockSizeException, BadPaddingException {
2071 checkCipherState();
2072
2073 chooseFirstProvider();
2074 return spi.engineDoFinal(null, 0, 0);
2075 }
2076
2077 /**
2078 * Finishes a multiple-part encryption or decryption operation, depending
2079 * on how this cipher was initialized.
2080 *
2081 * <p>Input data that may have been buffered during a previous
2082 * {@code update} operation is processed, with padding (if requested)
2083 * being applied.
2084 * If an AEAD mode such as GCM/CCM is being used, the authentication
2085 * tag is appended in the case of encryption, or verified in the
2086 * case of decryption.
2087 * The result is stored in the {@code output} buffer, starting at
2088 * {@code outputOffset} inclusive.
2089 *
2090 * <p>If the {@code output} buffer is too small to hold the result,
2091 * a {@code ShortBufferException} is thrown. In this case, repeat this
2092 * call with a larger output buffer. Use
2093 * {@link #getOutputSize(int) getOutputSize} to determine how big
2094 * the output buffer should be.
2095 *
2096 * <p>Upon finishing, this method resets this cipher object to the state
2097 * it was in when previously initialized via a call to {@code init}.
2098 * That is, the object is reset and available to encrypt or decrypt
2099 * (depending on the operation mode that was specified in the call to
2100 * {@code init}) more data.
2101 *
2102 * <p>Note: if any exception is thrown, this cipher object may need to
2103 * be reset before it can be used again.
2104 *
2105 * @param output the buffer for the result
2106 * @param outputOffset the offset in {@code output} where the result
2107 * is stored
2108 *
2109 * @return the number of bytes stored in {@code output}
2110 *
2111 * @exception IllegalStateException if this cipher is in a wrong state
2112 * (e.g., has not been initialized)
2113 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2114 * no padding has been requested (only in encryption mode), and the total
2115 * input length of the data processed by this cipher is not a multiple of
2116 * block size; or if this encryption algorithm is unable to
2117 * process the input data provided.
2118 * @exception ShortBufferException if the given output buffer is too small
2119 * to hold the result
2120 * @exception BadPaddingException if this cipher is in decryption mode,
2121 * and (un)padding has been requested, but the decrypted data is not
2122 * bounded by the appropriate padding bytes
2123 * @exception AEADBadTagException if this cipher is decrypting in an
2124 * AEAD mode (such as GCM/CCM), and the received authentication tag
2125 * does not match the calculated value
2126 */
2127 public final int doFinal(byte[] output, int outputOffset)
2128 throws IllegalBlockSizeException, ShortBufferException,
2129 BadPaddingException {
2130 checkCipherState();
2131
2132 // Input sanity check
2133 if ((output == null) || (outputOffset < 0)) {
2134 throw new IllegalArgumentException("Bad arguments");
2135 }
2136
2137 chooseFirstProvider();
2138 return spi.engineDoFinal(null, 0, 0, output, outputOffset);
2139 }
2140
2141 /**
2142 * Encrypts or decrypts data in a single-part operation, or finishes a
2143 * multiple-part operation. The data is encrypted or decrypted,
2144 * depending on how this cipher was initialized.
2145 *
2146 * <p>The bytes in the {@code input} buffer, and any input bytes that
2147 * may have been buffered during a previous {@code update} operation,
2148 * are processed, with padding (if requested) being applied.
2149 * If an AEAD mode such as GCM/CCM is being used, the authentication
2150 * tag is appended in the case of encryption, or verified in the
2151 * case of decryption.
2152 * The result is stored in a new buffer.
2153 *
2154 * <p>Upon finishing, this method resets this cipher object to the state
2155 * it was in when previously initialized via a call to {@code init}.
2156 * That is, the object is reset and available to encrypt or decrypt
2157 * (depending on the operation mode that was specified in the call to
2158 * {@code init}) more data.
2159 *
2160 * <p>Note: if any exception is thrown, this cipher object may need to
2161 * be reset before it can be used again.
2162 *
2163 * @param input the input buffer
2164 *
2165 * @return the new buffer with the result
2166 *
2167 * @exception IllegalStateException if this cipher is in a wrong state
2168 * (e.g., has not been initialized)
2169 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2170 * no padding has been requested (only in encryption mode), and the total
2171 * input length of the data processed by this cipher is not a multiple of
2172 * block size; or if this encryption algorithm is unable to
2173 * process the input data provided.
2174 * @exception BadPaddingException if this cipher is in decryption mode,
2175 * and (un)padding has been requested, but the decrypted data is not
2176 * bounded by the appropriate padding bytes
2177 * @exception AEADBadTagException if this cipher is decrypting in an
2178 * AEAD mode (such as GCM/CCM), and the received authentication tag
2179 * does not match the calculated value
2180 */
2181 public final byte[] doFinal(byte[] input)
2182 throws IllegalBlockSizeException, BadPaddingException {
2183 checkCipherState();
2184
2185 // Input sanity check
2186 if (input == null) {
2187 throw new IllegalArgumentException("Null input buffer");
2188 }
2189
2190 chooseFirstProvider();
2191 return spi.engineDoFinal(input, 0, input.length);
2192 }
2193
2194 /**
2195 * Encrypts or decrypts data in a single-part operation, or finishes a
2196 * multiple-part operation. The data is encrypted or decrypted,
2197 * depending on how this cipher was initialized.
2198 *
2199 * <p>The first {@code inputLen} bytes in the {@code input}
2200 * buffer, starting at {@code inputOffset} inclusive, and any input
2201 * bytes that may have been buffered during a previous {@code update}
2202 * operation, are processed, with padding (if requested) being applied.
2203 * If an AEAD mode such as GCM/CCM is being used, the authentication
2204 * tag is appended in the case of encryption, or verified in the
2205 * case of decryption.
2206 * The result is stored in a new buffer.
2207 *
2208 * <p>Upon finishing, this method resets this cipher object to the state
2209 * it was in when previously initialized via a call to {@code init}.
2210 * That is, the object is reset and available to encrypt or decrypt
2211 * (depending on the operation mode that was specified in the call to
2212 * {@code init}) more data.
2213 *
2214 * <p>Note: if any exception is thrown, this cipher object may need to
2215 * be reset before it can be used again.
2216 *
2217 * @param input the input buffer
2218 * @param inputOffset the offset in {@code input} where the input
2219 * starts
2220 * @param inputLen the input length
2221 *
2222 * @return the new buffer with the result
2223 *
2224 * @exception IllegalStateException if this cipher is in a wrong state
2225 * (e.g., has not been initialized)
2226 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2227 * no padding has been requested (only in encryption mode), and the total
2228 * input length of the data processed by this cipher is not a multiple of
2229 * block size; or if this encryption algorithm is unable to
2230 * process the input data provided.
2231 * @exception BadPaddingException if this cipher is in decryption mode,
2232 * and (un)padding has been requested, but the decrypted data is not
2233 * bounded by the appropriate padding bytes
2234 * @exception AEADBadTagException if this cipher is decrypting in an
2235 * AEAD mode (such as GCM/CCM), and the received authentication tag
2236 * does not match the calculated value
2237 */
2238 public final byte[] doFinal(byte[] input, int inputOffset, int inputLen)
2239 throws IllegalBlockSizeException, BadPaddingException {
2240 checkCipherState();
2241
2242 // Input sanity check
2243 if (input == null || inputOffset < 0
2244 || inputLen > (input.length - inputOffset) || inputLen < 0) {
2245 throw new IllegalArgumentException("Bad arguments");
2246 }
2247
2248 chooseFirstProvider();
2249 return spi.engineDoFinal(input, inputOffset, inputLen);
2250 }
2251
2252 /**
2253 * Encrypts or decrypts data in a single-part operation, or finishes a
2254 * multiple-part operation. The data is encrypted or decrypted,
2255 * depending on how this cipher was initialized.
2256 *
2257 * <p>The first {@code inputLen} bytes in the {@code input}
2258 * buffer, starting at {@code inputOffset} inclusive, and any input
2259 * bytes that may have been buffered during a previous {@code update}
2260 * operation, are processed, with padding (if requested) being applied.
2261 * If an AEAD mode such as GCM/CCM is being used, the authentication
2262 * tag is appended in the case of encryption, or verified in the
2263 * case of decryption.
2264 * The result is stored in the {@code output} buffer.
2265 *
2266 * <p>If the {@code output} buffer is too small to hold the result,
2267 * a {@code ShortBufferException} is thrown. In this case, repeat this
2268 * call with a larger output buffer. Use
2269 * {@link #getOutputSize(int) getOutputSize} to determine how big
2270 * the output buffer should be.
2271 *
2272 * <p>Upon finishing, this method resets this cipher object to the state
2273 * it was in when previously initialized via a call to {@code init}.
2274 * That is, the object is reset and available to encrypt or decrypt
2275 * (depending on the operation mode that was specified in the call to
2276 * {@code init}) more data.
2277 *
2278 * <p>Note: if any exception is thrown, this cipher object may need to
2279 * be reset before it can be used again.
2280 *
2281 * <p>Note: this method should be copy-safe, which means the
2282 * {@code input} and {@code output} buffers can reference
2283 * the same byte array and no unprocessed input data is overwritten
2284 * when the result is copied into the output buffer.
2285 *
2286 * @param input the input buffer
2287 * @param inputOffset the offset in {@code input} where the input
2288 * starts
2289 * @param inputLen the input length
2290 * @param output the buffer for the result
2291 *
2292 * @return the number of bytes stored in {@code output}
2293 *
2294 * @exception IllegalStateException if this cipher is in a wrong state
2295 * (e.g., has not been initialized)
2296 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2297 * no padding has been requested (only in encryption mode), and the total
2298 * input length of the data processed by this cipher is not a multiple of
2299 * block size; or if this encryption algorithm is unable to
2300 * process the input data provided.
2301 * @exception ShortBufferException if the given output buffer is too small
2302 * to hold the result
2303 * @exception BadPaddingException if this cipher is in decryption mode,
2304 * and (un)padding has been requested, but the decrypted data is not
2305 * bounded by the appropriate padding bytes
2306 * @exception AEADBadTagException if this cipher is decrypting in an
2307 * AEAD mode (such as GCM/CCM), and the received authentication tag
2308 * does not match the calculated value
2309 */
2310 public final int doFinal(byte[] input, int inputOffset, int inputLen,
2311 byte[] output)
2312 throws ShortBufferException, IllegalBlockSizeException,
2313 BadPaddingException {
2314 checkCipherState();
2315
2316 // Input sanity check
2317 if (input == null || inputOffset < 0
2318 || inputLen > (input.length - inputOffset) || inputLen < 0) {
2319 throw new IllegalArgumentException("Bad arguments");
2320 }
2321
2322 chooseFirstProvider();
2323 return spi.engineDoFinal(input, inputOffset, inputLen,
2324 output, 0);
2325 }
2326
2327 /**
2328 * Encrypts or decrypts data in a single-part operation, or finishes a
2329 * multiple-part operation. The data is encrypted or decrypted,
2330 * depending on how this cipher was initialized.
2331 *
2332 * <p>The first {@code inputLen} bytes in the {@code input}
2333 * buffer, starting at {@code inputOffset} inclusive, and any input
2334 * bytes that may have been buffered during a previous
2335 * {@code update} operation, are processed, with padding
2336 * (if requested) being applied.
2337 * If an AEAD mode such as GCM/CCM is being used, the authentication
2338 * tag is appended in the case of encryption, or verified in the
2339 * case of decryption.
2340 * The result is stored in the {@code output} buffer, starting at
2341 * {@code outputOffset} inclusive.
2342 *
2343 * <p>If the {@code output} buffer is too small to hold the result,
2344 * a {@code ShortBufferException} is thrown. In this case, repeat this
2345 * call with a larger output buffer. Use
2346 * {@link #getOutputSize(int) getOutputSize} to determine how big
2347 * the output buffer should be.
2348 *
2349 * <p>Upon finishing, this method resets this cipher object to the state
2350 * it was in when previously initialized via a call to {@code init}.
2351 * That is, the object is reset and available to encrypt or decrypt
2352 * (depending on the operation mode that was specified in the call to
2353 * {@code init}) more data.
2354 *
2355 * <p>Note: if any exception is thrown, this cipher object may need to
2356 * be reset before it can be used again.
2357 *
2358 * <p>Note: this method should be copy-safe, which means the
2359 * {@code input} and {@code output} buffers can reference
2360 * the same byte array and no unprocessed input data is overwritten
2361 * when the result is copied into the output buffer.
2362 *
2363 * @param input the input buffer
2364 * @param inputOffset the offset in {@code input} where the input
2365 * starts
2366 * @param inputLen the input length
2367 * @param output the buffer for the result
2368 * @param outputOffset the offset in {@code output} where the result
2369 * is stored
2370 *
2371 * @return the number of bytes stored in {@code output}
2372 *
2373 * @exception IllegalStateException if this cipher is in a wrong state
2374 * (e.g., has not been initialized)
2375 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2376 * no padding has been requested (only in encryption mode), and the total
2377 * input length of the data processed by this cipher is not a multiple of
2378 * block size; or if this encryption algorithm is unable to
2379 * process the input data provided.
2380 * @exception ShortBufferException if the given output buffer is too small
2381 * to hold the result
2382 * @exception BadPaddingException if this cipher is in decryption mode,
2383 * and (un)padding has been requested, but the decrypted data is not
2384 * bounded by the appropriate padding bytes
2385 * @exception AEADBadTagException if this cipher is decrypting in an
2386 * AEAD mode (such as GCM/CCM), and the received authentication tag
2387 * does not match the calculated value
2388 */
2389 public final int doFinal(byte[] input, int inputOffset, int inputLen,
2390 byte[] output, int outputOffset)
2391 throws ShortBufferException, IllegalBlockSizeException,
2392 BadPaddingException {
2393 checkCipherState();
2394
2395 // Input sanity check
2396 if (input == null || inputOffset < 0
2397 || inputLen > (input.length - inputOffset) || inputLen < 0
2398 || outputOffset < 0) {
2399 throw new IllegalArgumentException("Bad arguments");
2400 }
2401
2402 chooseFirstProvider();
2403 return spi.engineDoFinal(input, inputOffset, inputLen,
2404 output, outputOffset);
2405 }
2406
2407 /**
2408 * Encrypts or decrypts data in a single-part operation, or finishes a
2409 * multiple-part operation. The data is encrypted or decrypted,
2410 * depending on how this cipher was initialized.
2411 *
2412 * <p>All {@code input.remaining()} bytes starting at
2413 * {@code input.position()} are processed.
2414 * If an AEAD mode such as GCM/CCM is being used, the authentication
2415 * tag is appended in the case of encryption, or verified in the
2416 * case of decryption.
2417 * The result is stored in the output buffer.
2418 * Upon return, the input buffer's position will be equal
2419 * to its limit; its limit will not have changed. The output buffer's
2420 * position will have advanced by n, where n is the value returned
2421 * by this method; the output buffer's limit will not have changed.
2422 *
2423 * <p>If {@code output.remaining()} bytes are insufficient to
2424 * hold the result, a {@code ShortBufferException} is thrown.
2425 * In this case, repeat this call with a larger output buffer. Use
2426 * {@link #getOutputSize(int) getOutputSize} to determine how big
2427 * the output buffer should be.
2428 *
2429 * <p>Upon finishing, this method resets this cipher object to the state
2430 * it was in when previously initialized via a call to {@code init}.
2431 * That is, the object is reset and available to encrypt or decrypt
2432 * (depending on the operation mode that was specified in the call to
2433 * {@code init}) more data.
2434 *
2435 * <p>Note: if any exception is thrown, this cipher object may need to
2436 * be reset before it can be used again.
2437 *
2438 * <p>Note: this method should be copy-safe, which means the
2439 * {@code input} and {@code output} buffers can reference
2440 * the same byte array and no unprocessed input data is overwritten
2441 * when the result is copied into the output buffer.
2442 *
2443 * @param input the input ByteBuffer
2444 * @param output the output ByteBuffer
2445 *
2446 * @return the number of bytes stored in {@code output}
2447 *
2448 * @exception IllegalStateException if this cipher is in a wrong state
2449 * (e.g., has not been initialized)
2450 * @exception IllegalArgumentException if input and output are the
2451 * same object
2452 * @exception ReadOnlyBufferException if the output buffer is read-only
2453 * @exception IllegalBlockSizeException if this cipher is a block cipher,
2454 * no padding has been requested (only in encryption mode), and the total
2455 * input length of the data processed by this cipher is not a multiple of
2456 * block size; or if this encryption algorithm is unable to
2457 * process the input data provided.
2458 * @exception ShortBufferException if there is insufficient space in the
2459 * output buffer
2460 * @exception BadPaddingException if this cipher is in decryption mode,
2461 * and (un)padding has been requested, but the decrypted data is not
2462 * bounded by the appropriate padding bytes
2463 * @exception AEADBadTagException if this cipher is decrypting in an
2464 * AEAD mode (such as GCM/CCM), and the received authentication tag
2465 * does not match the calculated value
2466 *
2467 * @since 1.5
2468 */
2469 public final int doFinal(ByteBuffer input, ByteBuffer output)
2470 throws ShortBufferException, IllegalBlockSizeException,
2471 BadPaddingException {
2472 checkCipherState();
2473
2474 if ((input == null) || (output == null)) {
2475 throw new IllegalArgumentException("Buffers must not be null");
2476 }
2477 if (input == output) {
2478 throw new IllegalArgumentException("Input and output buffers must "
2479 + "not be the same object, consider using buffer.duplicate()");
2480 }
2481 if (output.isReadOnly()) {
2482 throw new ReadOnlyBufferException();
2483 }
2484
2485 chooseFirstProvider();
2486 return spi.engineDoFinal(input, output);
2487 }
2488
2489 /**
2490 * Wrap a key.
2491 *
2492 * @param key the key to be wrapped.
2493 *
2494 * @return the wrapped key.
2495 *
2496 * @exception IllegalStateException if this cipher is in a wrong
2497 * state (e.g., has not been initialized).
2498 *
2499 * @exception IllegalBlockSizeException if this cipher is a block
2500 * cipher, no padding has been requested, and the length of the
2501 * encoding of the key to be wrapped is not a
2502 * multiple of the block size.
2503 *
2504 * @exception InvalidKeyException if it is impossible or unsafe to
2505 * wrap the key with this cipher (e.g., a hardware protected key is
2506 * being passed to a software-only cipher).
2507 *
2508 * @throws UnsupportedOperationException if the corresponding method in the
2509 * {@code CipherSpi} is not supported.
2510 */
2511 public final byte[] wrap(Key key)
2512 throws IllegalBlockSizeException, InvalidKeyException {
2513 if (!(this instanceof NullCipher)) {
2514 if (!initialized) {
2515 throw new IllegalStateException("Cipher not initialized");
2516 }
2517 if (opmode != Cipher.WRAP_MODE) {
2518 throw new IllegalStateException("Cipher not initialized " +
2519 "for wrapping keys");
2520 }
2521 }
2522
2523 chooseFirstProvider();
2524 return spi.engineWrap(key);
2525 }
2526
2527 /**
2528 * Unwrap a previously wrapped key.
2529 *
2530 * @param wrappedKey the key to be unwrapped.
2531 *
2532 * @param wrappedKeyAlgorithm the algorithm associated with the wrapped
2533 * key.
2534 *
2535 * @param wrappedKeyType the type of the wrapped key. This must be one of
2536 * {@code SECRET_KEY}, {@code PRIVATE_KEY}, or
2537 * {@code PUBLIC_KEY}.
2538 *
2539 * @return the unwrapped key.
2540 *
2541 * @exception IllegalStateException if this cipher is in a wrong state
2542 * (e.g., has not been initialized).
2543 *
2544 * @exception NoSuchAlgorithmException if no installed providers
2545 * can create keys of type {@code wrappedKeyType} for the
2546 * {@code wrappedKeyAlgorithm}.
2547 *
2548 * @exception InvalidKeyException if {@code wrappedKey} does not
2549 * represent a wrapped key of type {@code wrappedKeyType} for
2550 * the {@code wrappedKeyAlgorithm}.
2551 *
2552 * @throws UnsupportedOperationException if the corresponding method in the
2553 * {@code CipherSpi} is not supported.
2554 */
2555 public final Key unwrap(byte[] wrappedKey,
2556 String wrappedKeyAlgorithm,
2557 int wrappedKeyType)
2558 throws InvalidKeyException, NoSuchAlgorithmException {
2559
2560 if (!(this instanceof NullCipher)) {
2561 if (!initialized) {
2562 throw new IllegalStateException("Cipher not initialized");
2563 }
2564 if (opmode != Cipher.UNWRAP_MODE) {
2565 throw new IllegalStateException("Cipher not initialized " +
2566 "for unwrapping keys");
2567 }
2568 }
2569 if ((wrappedKeyType != SECRET_KEY) &&
2570 (wrappedKeyType != PRIVATE_KEY) &&
2571 (wrappedKeyType != PUBLIC_KEY)) {
2572 throw new InvalidParameterException("Invalid key type");
2573 }
2574
2575 chooseFirstProvider();
2576 return spi.engineUnwrap(wrappedKey,
2577 wrappedKeyAlgorithm,
2578 wrappedKeyType);
2579 }
2580
2581 private AlgorithmParameterSpec getAlgorithmParameterSpec(
2582 AlgorithmParameters params)
2583 throws InvalidParameterSpecException {
2584 if (params == null) {
2585 return null;
2586 }
2587
2588 String alg = params.getAlgorithm().toUpperCase(Locale.ENGLISH);
2589
2590 if (alg.equalsIgnoreCase("RC2")) {
2591 return params.getParameterSpec(RC2ParameterSpec.class);
2592 }
2593
2594 if (alg.equalsIgnoreCase("RC5")) {
2595 return params.getParameterSpec(RC5ParameterSpec.class);
2596 }
2597
2598 if (alg.startsWith("PBE")) {
2599 return params.getParameterSpec(PBEParameterSpec.class);
2600 }
2601
2602 if (alg.startsWith("DES")) {
2603 return params.getParameterSpec(IvParameterSpec.class);
2604 }
2605 return null;
2606 }
2607
2608 private static CryptoPermission getConfiguredPermission(
2609 String transformation) throws NullPointerException,
2610 NoSuchAlgorithmException {
2611 if (transformation == null) throw new NullPointerException();
2612 String[] parts = tokenizeTransformation(transformation);
2613 return JceSecurityManager.INSTANCE.getCryptoPermission(parts[0]);
2614 }
2615
2616 /**
2617 * Returns the maximum key length for the specified transformation
2618 * according to the installed JCE jurisdiction policy files. If
2619 * JCE unlimited strength jurisdiction policy files are installed,
2620 * Integer.MAX_VALUE will be returned.
2621 * For more information on the default key sizes and the JCE jurisdiction
2622 * policy files, please see the Cryptographic defaults and limitations in
2623 * the {@extLink security_guide_jdk_providers JDK Providers Documentation}.
2624 *
2625 * @param transformation the cipher transformation.
2626 * @return the maximum key length in bits or Integer.MAX_VALUE.
2627 * @exception NullPointerException if {@code transformation} is null.
2628 * @exception NoSuchAlgorithmException if {@code transformation}
2629 * is not a valid transformation, i.e. in the form of "algorithm" or
2630 * "algorithm/mode/padding".
2631 * @since 1.5
2632 */
2633 public static final int getMaxAllowedKeyLength(String transformation)
2634 throws NoSuchAlgorithmException {
2635 CryptoPermission cp = getConfiguredPermission(transformation);
2636 return cp.getMaxKeySize();
2637 }
2638
2639 /**
2640 * Returns an AlgorithmParameterSpec object which contains
2641 * the maximum cipher parameter value according to the
2642 * jurisdiction policy file. If JCE unlimited strength jurisdiction
2643 * policy files are installed or there is no maximum limit on the
2644 * parameters for the specified transformation in the policy file,
2645 * null will be returned.
2646 *
2647 * @param transformation the cipher transformation.
2648 * @return an AlgorithmParameterSpec which holds the maximum
2649 * value or null.
2650 * @exception NullPointerException if {@code transformation}
2651 * is null.
2652 * @exception NoSuchAlgorithmException if {@code transformation}
2653 * is not a valid transformation, i.e. in the form of "algorithm" or
2654 * "algorithm/mode/padding".
2655 * @since 1.5
2656 */
2657 public static final AlgorithmParameterSpec getMaxAllowedParameterSpec(
2658 String transformation) throws NoSuchAlgorithmException {
2659 CryptoPermission cp = getConfiguredPermission(transformation);
2660 return cp.getAlgorithmParameterSpec();
2661 }
2662
2663 /**
2664 * Continues a multi-part update of the Additional Authentication
2665 * Data (AAD).
2666 * <p>
2667 * Calls to this method provide AAD to the cipher when operating in
2668 * modes such as AEAD (GCM/CCM). If this cipher is operating in
2669 * either GCM or CCM mode, all AAD must be supplied before beginning
2670 * operations on the ciphertext (via the {@code update} and
2671 * {@code doFinal} methods).
2672 *
2673 * @param src the buffer containing the Additional Authentication Data
2674 *
2675 * @throws IllegalArgumentException if the {@code src}
2676 * byte array is null
2677 * @throws IllegalStateException if this cipher is in a wrong state
2678 * (e.g., has not been initialized), does not accept AAD, or if
2679 * operating in either GCM or CCM mode and one of the {@code update}
2680 * methods has already been called for the active
2681 * encryption/decryption operation
2682 * @throws UnsupportedOperationException if the corresponding method
2683 * in the {@code CipherSpi} has not been overridden by an
2684 * implementation
2685 *
2686 * @since 1.7
2687 */
2688 public final void updateAAD(byte[] src) {
2689 if (src == null) {
2690 throw new IllegalArgumentException("src buffer is null");
2691 }
2692
2693 updateAAD(src, 0, src.length);
2694 }
2695
2696 /**
2697 * Continues a multi-part update of the Additional Authentication
2698 * Data (AAD), using a subset of the provided buffer.
2699 * <p>
2700 * Calls to this method provide AAD to the cipher when operating in
2701 * modes such as AEAD (GCM/CCM). If this cipher is operating in
2702 * either GCM or CCM mode, all AAD must be supplied before beginning
2703 * operations on the ciphertext (via the {@code update}
2704 * and {@code doFinal} methods).
2705 *
2706 * @param src the buffer containing the AAD
2707 * @param offset the offset in {@code src} where the AAD input starts
2708 * @param len the number of AAD bytes
2709 *
2710 * @throws IllegalArgumentException if the {@code src}
2711 * byte array is null, or the {@code offset} or {@code length}
2712 * is less than 0, or the sum of the {@code offset} and
2713 * {@code len} is greater than the length of the
2714 * {@code src} byte array
2715 * @throws IllegalStateException if this cipher is in a wrong state
2716 * (e.g., has not been initialized), does not accept AAD, or if
2717 * operating in either GCM or CCM mode and one of the {@code update}
2718 * methods has already been called for the active
2719 * encryption/decryption operation
2720 * @throws UnsupportedOperationException if the corresponding method
2721 * in the {@code CipherSpi} has not been overridden by an
2722 * implementation
2723 *
2724 * @since 1.7
2725 */
2726 public final void updateAAD(byte[] src, int offset, int len) {
2727 checkCipherState();
2728
2729 // Input sanity check
2730 if ((src == null) || (offset < 0) || (len < 0)
2731 || ((len + offset) > src.length)) {
2732 throw new IllegalArgumentException("Bad arguments");
2733 }
2734
2735 chooseFirstProvider();
2736 if (len == 0) {
2737 return;
2738 }
2739 spi.engineUpdateAAD(src, offset, len);
2740 }
2741
2742 /**
2743 * Continues a multi-part update of the Additional Authentication
2744 * Data (AAD).
2745 * <p>
2746 * Calls to this method provide AAD to the cipher when operating in
2747 * modes such as AEAD (GCM/CCM). If this cipher is operating in
2748 * either GCM or CCM mode, all AAD must be supplied before beginning
2749 * operations on the ciphertext (via the {@code update}
2750 * and {@code doFinal} methods).
2751 * <p>
2752 * All {@code src.remaining()} bytes starting at
2753 * {@code src.position()} are processed.
2754 * Upon return, the input buffer's position will be equal
2755 * to its limit; its limit will not have changed.
2756 *
2757 * @param src the buffer containing the AAD
2758 *
2759 * @throws IllegalArgumentException if the {@code src ByteBuffer}
2760 * is null
2761 * @throws IllegalStateException if this cipher is in a wrong state
2762 * (e.g., has not been initialized), does not accept AAD, or if
2763 * operating in either GCM or CCM mode and one of the {@code update}
2764 * methods has already been called for the active
2765 * encryption/decryption operation
2766 * @throws UnsupportedOperationException if the corresponding method
2767 * in the {@code CipherSpi} has not been overridden by an
2768 * implementation
2769 *
2770 * @since 1.7
2771 */
2772 public final void updateAAD(ByteBuffer src) {
2773 checkCipherState();
2774
2775 // Input sanity check
2776 if (src == null) {
2777 throw new IllegalArgumentException("src ByteBuffer is null");
2778 }
2779
2780 chooseFirstProvider();
2781 if (src.remaining() == 0) {
2782 return;
2783 }
2784 spi.engineUpdateAAD(src);
2785 }
2786 }