com.ibm.crypto.fips.provider
Class DESedeCipher

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--com.ibm.crypto.fips.provider.DESedeCipher
All Implemented Interfaces:
AlgorithmStatus, DESConstants

public final class DESedeCipher
extends javax.crypto.CipherSpi
implements DESConstants, AlgorithmStatus

This class implements the triple-DES algorithm (DES-EDE) in its various modes (ECB, CFB, OFB, CBC, PCBC) and padding schemes (PKCS5Padding, NoPadding).

Version:
1.24, 04/05/00
Author:
Gigi Ankeny
See Also:
DESCipher

Field Summary
protected static int CBC_MODE
           
protected static int CFB_MODE
           
protected  int cipherMode
           
static int DES_BLOCK_SIZE
           
protected static int ECB_MODE
           
static int[] initPermLeft0
           
static int[] initPermLeft1
           
static int[] initPermLeft2
           
static int[] initPermLeft3
           
static int[] initPermLeft4
           
static int[] initPermLeft5
           
static int[] initPermLeft6
           
static int[] initPermLeft7
           
static int[] initPermLeft8
           
static int[] initPermLeft9
           
static int[] initPermLeftA
           
static int[] initPermLeftB
           
static int[] initPermLeftC
           
static int[] initPermLeftD
           
static int[] initPermLeftE
           
static int[] initPermLeftF
           
static int[] initPermRight0
           
static int[] initPermRight1
           
static int[] initPermRight2
           
static int[] initPermRight3
           
static int[] initPermRight4
           
static int[] initPermRight5
           
static int[] initPermRight6
           
static int[] initPermRight7
           
static int[] initPermRight8
           
static int[] initPermRight9
           
static int[] initPermRightA
           
static int[] initPermRightB
           
static int[] initPermRightC
           
static int[] initPermRightD
           
static int[] initPermRightE
           
static int[] initPermRightF
           
protected static int OFB_MODE
           
protected static int PCBC_MODE
           
static int[] permLeft1
           
static int[] permLeft3
           
static int[] permLeft5
           
static int[] permLeft7
           
static int[] permLeft9
           
static int[] permLeftB
           
static int[] permLeftD
           
static int[] permLeftF
           
static int[] permRight0
           
static int[] permRight2
           
static int[] permRight4
           
static int[] permRight6
           
static int[] permRight8
           
static int[] permRightA
           
static int[] permRightC
           
static int[] permRightE
           
protected  DESedeCrypt rawAlg
           
static int[] s0p
           
static int[] s1p
           
static int[] s2p
           
static int[] s3p
           
static int[] s4p
           
static int[] s5p
           
static int[] s6p
           
static int[] s7p
           
 
Constructor Summary
DESedeCipher()
          Creates an instance of DESede cipher with default ECB mode and PKCS5Padding.
DESedeCipher(java.lang.String mode, java.lang.String paddingScheme)
          Creates an instance of DESede cipher with the requested mode and padding.
 
Method Summary
protected  byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int engineGetBlockSize()
          Returns the block size (in bytes).
protected  byte[] engineGetIV()
          Returns the initialization vector (IV) in a new buffer.
protected  int engineGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int engineGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  java.security.AlgorithmParameters engineGetParameters()
          Returns the parameters used with this cipher.
protected  void engineInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void engineInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
           
protected  void engineInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void engineSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void engineSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key engineUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] engineWrap(java.security.Key key)
          Wrap a key.
protected  byte[] internalDoFinal(byte[] input, int inputOffset, int inputLen)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected  int internalGetBlockSize()
          Returns the block size (in bytes).
protected  byte[] internalGetIV()
          Returns the initialization vector (IV) in a new buffer.
protected  int internalGetKeySize(java.security.Key key)
          Returns the key size of the given key object.
protected  int internalGetOutputSize(int inputLen)
          Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
protected  java.security.AlgorithmParameters internalGetParameters()
          Returns the parameters used with this cipher.
protected  void internalInit(int opmode, java.security.Key key, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
          Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.
protected  void internalInit(int opmode, java.security.Key key, java.security.AlgorithmParameters params, java.security.SecureRandom random)
           
protected  void internalInit(int opmode, java.security.Key key, java.security.SecureRandom random)
          Initializes this cipher with a key and a source of randomness.
protected  void internalSetMode(java.lang.String mode)
          Sets the mode of this cipher.
protected  void internalSetPadding(java.lang.String paddingScheme)
          Sets the padding mechanism of this cipher.
protected  java.security.Key internalUnwrap(byte[] wrappedKey, java.lang.String wrappedKeyAlgorithm, int wrappedKeyType)
          Unwrap a previously wrapped key.
protected  byte[] internalUpdate(byte[] input, int inputOffset, int inputLen)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  int internalUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
          Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.
protected  byte[] internalWrap(java.security.Key key)
          Wrap a key.
 boolean isFipsApproved()
          Module identifies if the cryptographic operation (algorithm) is FIPS certified
protected  void setRawAlg()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

cipherMode

protected int cipherMode

ECB_MODE

protected static final int ECB_MODE

CBC_MODE

protected static final int CBC_MODE

CFB_MODE

protected static final int CFB_MODE

OFB_MODE

protected static final int OFB_MODE

PCBC_MODE

protected static final int PCBC_MODE

rawAlg

protected DESedeCrypt rawAlg

DES_BLOCK_SIZE

public static final int DES_BLOCK_SIZE

s0p

public static final int[] s0p

s1p

public static final int[] s1p

s2p

public static final int[] s2p

s3p

public static final int[] s3p

s4p

public static final int[] s4p

s5p

public static final int[] s5p

s6p

public static final int[] s6p

s7p

public static final int[] s7p

permRight0

public static final int[] permRight0

permLeft1

public static final int[] permLeft1

permRight2

public static final int[] permRight2

permLeft3

public static final int[] permLeft3

permRight4

public static final int[] permRight4

permLeft5

public static final int[] permLeft5

permRight6

public static final int[] permRight6

permLeft7

public static final int[] permLeft7

permRight8

public static final int[] permRight8

permLeft9

public static final int[] permLeft9

permRightA

public static final int[] permRightA

permLeftB

public static final int[] permLeftB

permRightC

public static final int[] permRightC

permLeftD

public static final int[] permLeftD

permRightE

public static final int[] permRightE

permLeftF

public static final int[] permLeftF

initPermLeft0

public static final int[] initPermLeft0

initPermRight0

public static final int[] initPermRight0

initPermLeft1

public static final int[] initPermLeft1

initPermRight1

public static final int[] initPermRight1

initPermLeft2

public static final int[] initPermLeft2

initPermRight2

public static final int[] initPermRight2

initPermLeft3

public static final int[] initPermLeft3

initPermRight3

public static final int[] initPermRight3

initPermLeft4

public static final int[] initPermLeft4

initPermRight4

public static final int[] initPermRight4

initPermLeft5

public static final int[] initPermLeft5

initPermRight5

public static final int[] initPermRight5

initPermLeft6

public static final int[] initPermLeft6

initPermRight6

public static final int[] initPermRight6

initPermLeft7

public static final int[] initPermLeft7

initPermRight7

public static final int[] initPermRight7

initPermLeft8

public static final int[] initPermLeft8

initPermRight8

public static final int[] initPermRight8

initPermLeft9

public static final int[] initPermLeft9

initPermRight9

public static final int[] initPermRight9

initPermLeftA

public static final int[] initPermLeftA

initPermRightA

public static final int[] initPermRightA

initPermLeftB

public static final int[] initPermLeftB

initPermRightB

public static final int[] initPermRightB

initPermLeftC

public static final int[] initPermLeftC

initPermRightC

public static final int[] initPermRightC

initPermLeftD

public static final int[] initPermLeftD

initPermRightD

public static final int[] initPermRightD

initPermLeftE

public static final int[] initPermLeftE

initPermRightE

public static final int[] initPermRightE

initPermLeftF

public static final int[] initPermLeftF

initPermRightF

public static final int[] initPermRightF
Constructor Detail

DESedeCipher

public DESedeCipher()
Creates an instance of DESede cipher with default ECB mode and PKCS5Padding.
Throws:
java.lang.SecurityException - if this constructor fails to authenticate the JCE framework.

DESedeCipher

public DESedeCipher(java.lang.String mode,
                    java.lang.String paddingScheme)
             throws java.security.NoSuchAlgorithmException,
                    javax.crypto.NoSuchPaddingException
Creates an instance of DESede cipher with the requested mode and padding.
Parameters:
mode - the cipher mode
paddingScheme - the padding mechanism
Throws:
java.security.NoSuchAlgorithmException - if the required cipher mode is unavailable
javax.crypto.NoSuchPaddingException - if the required padding mechanism is unavailable
Method Detail

setRawAlg

protected void setRawAlg()

isFipsApproved

public boolean isFipsApproved()
Description copied from interface: AlgorithmStatus
Module identifies if the cryptographic operation (algorithm) is FIPS certified
Specified by:
isFipsApproved in interface AlgorithmStatus
See Also:
AlgorithmStatus.isFipsApproved()

engineSetMode

protected void engineSetMode(java.lang.String mode)
                      throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher.
Overrides:
engineSetMode in class javax.crypto.CipherSpi
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetMode

protected void internalSetMode(java.lang.String mode)
                        throws java.security.NoSuchAlgorithmException
Sets the mode of this cipher.
Parameters:
mode - the cipher mode
Throws:
java.security.NoSuchAlgorithmException - if the requested cipher mode does not exist

engineSetPadding

protected void engineSetPadding(java.lang.String paddingScheme)
                         throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Overrides:
engineSetPadding in class javax.crypto.CipherSpi
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalSetPadding

protected void internalSetPadding(java.lang.String paddingScheme)
                           throws javax.crypto.NoSuchPaddingException
Sets the padding mechanism of this cipher.
Parameters:
padding - the padding mechanism
Throws:
javax.crypto.NoSuchPaddingException - if the requested padding mechanism does not exist

engineGetBlockSize

protected int engineGetBlockSize()
Returns the block size (in bytes).
Overrides:
engineGetBlockSize in class javax.crypto.CipherSpi
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetBlockSize

protected int internalGetBlockSize()
Returns the block size (in bytes).
Returns:
the block size (in bytes), or 0 if the underlying algorithm is not a block cipher

engineGetOutputSize

protected int engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Overrides:
engineGetOutputSize in class javax.crypto.CipherSpi
Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetOutputSize

protected int internalGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

Parameters:
inputLen - the input length (in bytes)
Returns:
the required output buffer size (in bytes)

engineGetIV

protected byte[] engineGetIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

Overrides:
engineGetIV in class javax.crypto.CipherSpi
Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetIV

protected byte[] internalGetIV()
Returns the initialization vector (IV) in a new buffer.

This is useful in the case where a random IV has been created (see init), or in the context of password-based encryption or decryption, where the IV is derived from a user-provided password.

Returns:
the initialization vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException
Initializes this cipher with a key and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher requires an initialization vector (IV), it will get it from random. This behaviour should only be used in encryption or key wrapping mode, however. When initializing a cipher that requires an IV for decryption or key unwrapping, the IV (same IV that was used for encryption or key wrapping) must be provided explicitly as a parameter, in order to get the correct result.

This method also cleans existing buffer and other related state information.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the secret key
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Overrides:
engineInit in class javax.crypto.CipherSpi
Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.spec.AlgorithmParameterSpec params,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness.

The cipher is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value of opmode.

If this cipher (including its underlying feedback or padding scheme) requires any random bytes, it will get them from random.

Parameters:
opmode - the operation mode of this cipher (this is one of the following: ENCRYPT_MODE, DECRYPT_MODE, WRAP_MODE or UNWRAP_MODE)
key - the encryption key
params - the algorithm parameters
random - the source of randomness
Throws:
java.security.InvalidKeyException - if the given key is inappropriate for initializing this cipher
java.security.InvalidAlgorithmParameterException - if the given algorithm parameters are inappropriate for this cipher

engineInit

protected void engineInit(int opmode,
                          java.security.Key key,
                          java.security.AlgorithmParameters params,
                          java.security.SecureRandom random)
                   throws java.security.InvalidKeyException,
                          java.security.InvalidAlgorithmParameterException
Overrides:
engineInit in class javax.crypto.CipherSpi
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalInit

protected void internalInit(int opmode,
                            java.security.Key key,
                            java.security.AlgorithmParameters params,
                            java.security.SecureRandom random)
                     throws java.security.InvalidKeyException,
                            java.security.InvalidAlgorithmParameterException

engineUpdate

protected byte[] engineUpdate(byte[] input,
                              int inputOffset,
                              int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

protected byte[] internalUpdate(byte[] input,
                                int inputOffset,
                                int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
java.lang.IllegalStateException - if this cipher is in a wrong state (e.g., has not been initialized)

engineUpdate

protected int engineUpdate(byte[] input,
                           int inputOffset,
                           int inputLen,
                           byte[] output,
                           int outputOffset)
                    throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Overrides:
engineUpdate in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUpdate

protected int internalUpdate(byte[] input,
                             int inputOffset,
                             int inputLen,
                             byte[] output,
                             int outputOffset)
                      throws javax.crypto.ShortBufferException
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result

engineDoFinal

protected byte[] engineDoFinal(byte[] input,
                               int inputOffset,
                               int inputLen)
                        throws javax.crypto.IllegalBlockSizeException,
                               javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

The cipher is reset to its initial state (uninitialized) after this call.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

protected byte[] internalDoFinal(byte[] input,
                                 int inputOffset,
                                 int inputLen)
                          throws javax.crypto.IllegalBlockSizeException,
                                 javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

The cipher is reset to its initial state (uninitialized) after this call.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
Returns:
the new buffer with the result
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineDoFinal

protected int engineDoFinal(byte[] input,
                            int inputOffset,
                            int inputLen,
                            byte[] output,
                            int outputOffset)
                     throws javax.crypto.IllegalBlockSizeException,
                            javax.crypto.ShortBufferException,
                            javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

The cipher is reset to its initial state (uninitialized) after this call.

Overrides:
engineDoFinal in class javax.crypto.CipherSpi
Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalDoFinal

protected int internalDoFinal(byte[] input,
                              int inputOffset,
                              int inputLen,
                              byte[] output,
                              int outputOffset)
                       throws javax.crypto.IllegalBlockSizeException,
                              javax.crypto.ShortBufferException,
                              javax.crypto.BadPaddingException
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

The cipher is reset to its initial state (uninitialized) after this call.

Parameters:
input - the input buffer
inputOffset - the offset in input where the input starts
inputLen - the input length
output - the buffer for the result
outputOffset - the offset in output where the result is stored
Returns:
the number of bytes stored in output
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
javax.crypto.ShortBufferException - if the given output buffer is too small to hold the result
javax.crypto.BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

engineGetParameters

protected java.security.AlgorithmParameters engineGetParameters()
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

Overrides:
engineGetParameters in class javax.crypto.CipherSpi
Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.
Throws:
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetParameters

protected java.security.AlgorithmParameters internalGetParameters()
Returns the parameters used with this cipher.

The returned parameters may be the same that were used to initialize this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialized with any).

Returns:
the parameters used with this cipher, or null if this cipher does not use any parameters.

engineGetKeySize

protected int engineGetKeySize(java.security.Key key)
                        throws java.security.InvalidKeyException
Returns the key size of the given key object.
Overrides:
engineGetKeySize in class javax.crypto.CipherSpi
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key<.code> is invalid.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalGetKeySize

protected int internalGetKeySize(java.security.Key key)
                          throws java.security.InvalidKeyException
Returns the key size of the given key object.
Parameters:
key - the key object.
Returns:
the key size of the given key object.
Throws:
java.security.InvalidKeyException - if key<.code> is invalid.

engineWrap

protected byte[] engineWrap(java.security.Key key)
                     throws javax.crypto.IllegalBlockSizeException,
                            java.security.InvalidKeyException
Wrap a key.
Overrides:
engineWrap in class javax.crypto.CipherSpi
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalWrap

protected byte[] internalWrap(java.security.Key key)
                       throws javax.crypto.IllegalBlockSizeException,
                              java.security.InvalidKeyException
Wrap a key.
Parameters:
key - the key to be wrapped.
Returns:
the wrapped key.
Throws:
javax.crypto.IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block size.
java.security.InvalidKeyException - if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software only cipher).

engineUnwrap

protected java.security.Key engineUnwrap(byte[] wrappedKey,
                                         java.lang.String wrappedKeyAlgorithm,
                                         int wrappedKeyType)
                                  throws java.security.InvalidKeyException,
                                         java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Overrides:
engineUnwrap in class javax.crypto.CipherSpi
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.
FIPSRuntimeException - if SelfTest.isFipsRunnable returns false.

internalUnwrap

protected java.security.Key internalUnwrap(byte[] wrappedKey,
                                           java.lang.String wrappedKeyAlgorithm,
                                           int wrappedKeyType)
                                    throws java.security.InvalidKeyException,
                                           java.security.NoSuchAlgorithmException
Unwrap a previously wrapped key.
Parameters:
wrappedKey - the key to be unwrapped.
wrappedKeyAlgorithm - the algorithm the wrapped key is for.
wrappedKeyType - the type of the wrapped key. This is one of Cipher.SECRET_KEY, Cipher.PRIVATE_KEY, or Cipher.PUBLIC_KEY.
Returns:
the unwrapped key.
Throws:
java.security.InvalidKeyException - if wrappedKey does not represent a wrapped key, or if the algorithm associated with the wrapped key is different from wrappedKeyAlgorithm and/or its key type is different from wrappedKeyType.
java.security.NoSuchAlgorithmException - if no installed providers can create keys for the wrappedKeyAlgorithm.