com.ibm.crypto.fips.provider
Class AESCipher

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--com.ibm.crypto.fips.provider.AESCipher
All Implemented Interfaces:
AESConstants, AlgorithmStatus

public final class AESCipher
extends javax.crypto.CipherSpi
implements AESConstants, AlgorithmStatus

This class implements the AES algorithm in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding).

AES is a 128-bit block cipher with 128, 192, or 256-bit key.

Version:
1.00 18/09/01
Author:
Paschalis Kaltsatis

Field Summary
static int AES_BLOCK_SIZE
           
 
Constructor Summary
AESCipher()
          Creates an instance of AES cipher with default ECB mode and PKCS5Padding.
AESCipher(java.lang.String mode, java.lang.String paddingScheme)
          Creates an instance of AES cipher with the requested mode and padding.
 
Method Summary
protected  byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineGetBlockSize()
          Returns the block size (in bytes).
protected  byte[] engineGetIV()
          Returns the initialization vector (IV) in a new buffer.
protected  int engineGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int engineGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  java.security.AlgorithmParameters engineGetParameters()
          Returns the parameters used with this cipher.
protected  void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void engineSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void engineSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] engineWrap(java.security.Key key)
          Wrap a key.
protected  byte[] internalDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalGetBlockSize()
          Returns the block size (in bytes).
protected  byte[] internalGetIV()
          Returns the initialization vector (IV) in a new buffer.
protected  int internalGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int internalGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  java.security.AlgorithmParameters internalGetParameters()
          Returns the parameters used with this cipher.
protected  void internalInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void internalInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void internalInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void internalSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void internalSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key internalUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] internalUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int internalUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] internalWrap(java.security.Key key)
          Wrap a key.
 boolean isFipsApproved()
          Module identifies if the cryptographic operation (algorithm) is FIPS certified
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

AES_BLOCK_SIZE

public static final int AES_BLOCK_SIZE
Constructor Detail

AESCipher

public AESCipher()
Creates an instance of AES cipher with default ECB mode and PKCS5Padding.
Throws:
java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.

AESCipher

public AESCipher(java.lang.String mode,
                 java.lang.String paddingScheme)
          throws java.security.NoSuchAlgorithmException,
                 javax.crypto.NoSuchPaddingException
Creates an instance of AES cipher with the requested mode and padding.
Parameters:
mode - the cipher mode
paddingScheme - the padding mechanism
Throws:
java.security.NoSuchAlgorithmException - if the required cipher mode is unavailable
javax.crypto.NoSuchPaddingException - if the required padding mechanism is unavailable
Method Detail

isFipsApproved

public boolean isFipsApproved()
Description copied from interface: AlgorithmStatus
Module identifies if the cryptographic operation (algorithm) is FIPS certified
Specified by:
isFipsApproved in interface AlgorithmStatus
See Also:
AlgorithmStatus.isFipsApproved()

engineSetMode

protected void engineSetMode(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException,
                             FIPSRuntimeException
Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
Overrides:
engineSetMode in class javax.crypto.CipherSpi
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetMode

protected void internalSetMode(java.lang.String mode)
                        throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher. If the mode specified is OFB or CFB mode and the bit number is not specified, then OFB128 or CFB128 will be used.
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

engineSetPadding

protected void engineSetPadding(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException,
                                FIPSRuntimeException
Sets the padding mechanism of this cipher.
Overrides:
engineSetPadding in class javax.crypto.CipherSpi
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetPadding

protected void internalSetPadding(java.lang.String paddingScheme)
                           throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

engineGetBlockSize

protected int engineGetBlockSize()
                          throws FIPSRuntimeException
Returns the block size (in bytes).
Overrides:
engineGetBlockSize in class javax.crypto.CipherSpi
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetBlockSize

protected int internalGetBlockSize()
Returns the block size (in bytes).
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

engineGetOutputSize

protected int engineGetOutputSize(int inputLen)
                           throws FIPSRuntimeException
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Overrides:
engineGetOutputSize in class javax.crypto.CipherSpi
Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetOutputSize

protected int internalGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)

engineGetIV

protected byte[] engineGetIV()
                      throws FIPSRuntimeException
Returns the initialization vector (IV) in a new buffer.

This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

Overrides:
engineGetIV in class javax.crypto.CipherSpi
Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetIV

protected byte[] internalGetIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

engineGetParameters

protected java.security.AlgorithmParameters engineGetParameters()
                                                         throws FIPSRuntimeException
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

Overrides:
engineGetParameters in class javax.crypto.CipherSpi
Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetParameters

protected java.security.AlgorithmParameters internalGetParameters()
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          FIPSRuntimeException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException,
                          FIPSRuntimeException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.spec.AlgorithmParameterSpec params,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.AlgorithmParameters params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException,
                          FIPSRuntimeException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.AlgorithmParameters params,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise an InvalidAlgorithmParameterException if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialized for decryption and requires algorithm parameters and params is null.

engineUpdate

protected byte[] engineUpdate(byte[] input,
                              int inputOffset,
                              int inputLen)
                       throws FIPSRuntimeException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

protected byte[] internalUpdate(byte[] input,
                                int inputOffset,
                                int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

engineUpdate

protected int engineUpdate(byte[] input,
                           int inputOffset,
                           int inputLen,
                           byte[] output,
                           int outputOffset)
                    throws javax.crypto.ShortBufferException,
                           FIPSRuntimeException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

protected int internalUpdate(byte[] input,
                             int inputOffset,
                             int inputLen,
                             byte[] output,
                             int outputOffset)
                      throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

engineDoFinal

protected byte[] engineDoFinal(byte[] input,
                               int inputOffset,
                               int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException,
                               FIPSRuntimeException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

protected byte[] internalDoFinal(byte[] input,
                                 int inputOffset,
                                 int inputLen)
                          throws javax.crypto.IllegalBlockSizeException,
                                 javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineDoFinal

protected int engineDoFinal(byte[] input,
                            int inputOffset,
                            int inputLen,
                            byte[] output,
                            int outputOffset)
                     throws javax.crypto.ShortBufferException,
                            javax.crypto.IllegalBlockSizeException,
                            javax.crypto.BadPaddingException,
                            FIPSRuntimeException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

protected int internalDoFinal(byte[] input,
                              int inputOffset,
                              int inputLen,
                              byte[] output,
                              int outputOffset)
                       throws javax.crypto.ShortBufferException,
                              javax.crypto.IllegalBlockSizeException,
                              javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset inclusive.

If the output buffer is too small to hold the result, a ShortBufferException is thrown.

A call to this method resets this cipher object to the state it was in when previously initialized via a call to engineInit. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call to engineInit) more data.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineWrap

protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException,
                            FIPSRuntimeException
Wrap a key.
Overrides:
engineWrap in class javax.crypto.CipherSpi
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

internalWrap

protected byte[] internalWrap(java.security.Key key)
                       throws javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidKeyException
Wrap a key.
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

engineUnwrap

protected java.security.Key engineUnwrap(byte[] wrappedKey,
                                         java.lang.String wrappedKeyAlgorithm,
                                         int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException,
                                         FIPSRuntimeException
Unwrap a previously wrapped key.
Overrides:
engineUnwrap in class javax.crypto.CipherSpi
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUnwrap

protected java.security.Key internalUnwrap(byte[] wrappedKey,
                                           java.lang.String wrappedKeyAlgorithm,
                                           int wrappedKeyType)
                                    throws java.security.InvalidKeyException,
                                           java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.

engineGetKeySize

protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException,
                               FIPSRuntimeException
Returns the key size of the given key object.

This concrete method has been added to this previously-defined abstract class. It throws an UnsupportedOperationException if it is not overridden by the provider.

Overrides:
engineGetKeySize in class javax.crypto.CipherSpi
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key is invalid.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetKeySize

protected int internalGetKeySize(java.security.Key key)
                          throws java.security.InvalidKeyException
Returns the key size of the given key object.

This concrete method has been added to this previously-defined abstract class. It throws an UnsupportedOperationException if it is not overridden by the provider.

Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key is invalid.