|
JavaTM 2 Platform Std. Ed. v1.4.2 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javax.crypto.CipherSpi
This class defines the Service Provider Interface (SPI)
for the Cipher
class.
All the abstract methods in this class must be implemented by each
cryptographic service provider who wishes to supply the implementation
of a particular cipher algorithm.
In order to create an instance of Cipher
, which
encapsulates an instance of this CipherSpi
class, an
application calls one of the
getInstance
factory methods of the
Cipher
engine class and specifies the requested
transformation.
Optionally, the application may also specify the name of a provider.
A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback mode and padding scheme.
A transformation is of the form:
(in the latter case, provider-specific default values for the mode and padding scheme are used). For example, the following is a valid transformation:
Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
A provider may supply a separate class for each combination
of algorithm/mode/padding, or may decide to provide more generic
classes representing sub-transformations corresponding to
algorithm or algorithm/mode or algorithm//padding
(note the double slashes),
in which case the requested mode and/or padding are set automatically by
the getInstance
methods of Cipher
, which invoke
the engineSetMode
and
engineSetPadding
methods of the provider's subclass of CipherSpi
.
A Cipher
property in a provider master class may have one of
the following formats:
// provider's subclass of "CipherSpi" implements "algName" with
// pluggable mode and padding
Cipher.
algName
// provider's subclass of "CipherSpi" implements "algName" in the
// specified "mode", with pluggable padding
Cipher.
algName/mode
// provider's subclass of "CipherSpi" implements "algName" with the
// specified "padding", with pluggable mode
Cipher.
algName//padding
// provider's subclass of "CipherSpi" implements "algName" with the
// specified "mode" and "padding"
Cipher.
algName/mode/padding
For example, a provider may supply a subclass of CipherSpi
that implements DES/ECB/PKCS5Padding, one that implements
DES/CBC/PKCS5Padding, one that implements
DES/CFB/PKCS5Padding, and yet another one that implements
DES/OFB/PKCS5Padding. That provider would have the following
Cipher
properties in its master class:
Cipher.
DES/ECB/PKCS5Padding
Cipher.
DES/CBC/PKCS5Padding
Cipher.
DES/CFB/PKCS5Padding
Cipher.
DES/OFB/PKCS5Padding
Another provider may implement a class for each of the above modes
(i.e., one class for ECB, one for CBC, one for CFB,
and one for OFB), one class for PKCS5Padding,
and a generic DES class that subclasses from CipherSpi
.
That provider would have the following
Cipher
properties in its master class:
Cipher.
DES
The getInstance
factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi
for a
transformation of the form "algorithm":
CipherSpi
for the specified "algorithm".
If the answer is YES, instantiate this class, for whose mode and padding scheme default values (as supplied by the provider) are used.
If the answer is NO, throw a NoSuchAlgorithmException
exception.
The getInstance
factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi
for a
transformation of the form "algorithm/mode/padding":
CipherSpi
for the specified "algorithm/mode/padding" transformation.
If the answer is YES, instantiate it.
If the answer is NO, go to the next step.
CipherSpi
for the sub-transformation "algorithm/mode".
If the answer is YES, instantiate it, and call
engineSetPadding(padding)
on the new instance.
If the answer is NO, go to the next step.
CipherSpi
for the sub-transformation "algorithm//padding" (note the double
slashes).
If the answer is YES, instantiate it, and call
engineSetMode(mode)
on the new instance.
If the answer is NO, go to the next step.
CipherSpi
for the sub-transformation "algorithm".
If the answer is YES, instantiate it, and call
engineSetMode(mode)
and
engineSetPadding(padding)
on the new instance.
If the answer is NO, throw a NoSuchAlgorithmException
exception.
KeyGenerator
,
SecretKey
Constructor Summary | |
CipherSpi()
|
Method Summary | |
protected abstract byte[] |
engineDoFinal(byte[] input,
int inputOffset,
int inputLen)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. |
protected abstract int |
engineDoFinal(byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset)
Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. |
protected abstract int |
engineGetBlockSize()
Returns the block size (in bytes). |
protected abstract byte[] |
engineGetIV()
Returns the initialization vector (IV) in a new buffer. |
protected int |
engineGetKeySize(Key key)
Returns the key size of the given key object in bits. |
protected abstract int |
engineGetOutputSize(int inputLen)
Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update
or doFinal operation, given the input length
inputLen (in bytes). |
protected abstract AlgorithmParameters |
engineGetParameters()
Returns the parameters used with this cipher. |
protected abstract void |
engineInit(int opmode,
Key key,
AlgorithmParameterSpec params,
SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness. |
protected abstract void |
engineInit(int opmode,
Key key,
AlgorithmParameters params,
SecureRandom random)
Initializes this cipher with a key, a set of algorithm parameters, and a source of randomness. |
protected abstract void |
engineInit(int opmode,
Key key,
SecureRandom random)
Initializes this cipher with a key and a source of randomness. |
protected abstract void |
engineSetMode(String mode)
Sets the mode of this cipher. |
protected abstract void |
engineSetPadding(String padding)
Sets the padding mechanism of this cipher. |
protected Key |
engineUnwrap(byte[] wrappedKey,
String wrappedKeyAlgorithm,
int wrappedKeyType)
Unwrap a previously wrapped key. |
protected abstract byte[] |
engineUpdate(byte[] input,
int inputOffset,
int inputLen)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part. |
protected abstract int |
engineUpdate(byte[] input,
int inputOffset,
int inputLen,
byte[] output,
int outputOffset)
Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized), processing another data part. |
protected byte[] |
engineWrap(Key key)
Wrap a key. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public CipherSpi()
Method Detail |
protected abstract void engineSetMode(String mode) throws NoSuchAlgorithmException
mode
- the cipher mode
NoSuchAlgorithmException
- if the requested cipher mode does
not existprotected abstract void engineSetPadding(String padding) throws NoSuchPaddingException
padding
- the padding mechanism
NoSuchPaddingException
- if the requested padding mechanism
does not existprotected abstract int engineGetBlockSize()
protected abstract int engineGetOutputSize(int inputLen)
update
or doFinal
operation, given the input length
inputLen
(in bytes).
This call takes into account any unprocessed (buffered) data from a
previous update
call, and padding.
The actual output length of the next update
or
doFinal
call may be smaller than the length returned by
this method.
inputLen
- the input length (in bytes)
protected abstract byte[] engineGetIV()
This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.
protected abstract AlgorithmParameters engineGetParameters()
The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.
protected abstract void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException
The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode
.
If this cipher requires any algorithm parameters that cannot be
derived from the given key
, the underlying cipher
implementation is supposed to generate the required parameters itself
(using provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidKeyException
if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters
or
engineGetIV
(if the parameter is an IV).
If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random
.
Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
opmode
- the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE
, DECRYPT_MODE
,
WRAP_MODE
or UNWRAP_MODE
)key
- the encryption keyrandom
- the source of randomness
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher, or if this cipher is being initialized for
decryption and requires algorithm parameters that cannot be
determined from the given key.protected abstract void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode
.
If this cipher requires any algorithm parameters and
params
is null, the underlying cipher implementation is
supposed to generate the required parameters itself (using
provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidAlgorithmParameterException
if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters
or
engineGetIV
(if the parameter is an IV).
If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random
.
Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
opmode
- the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE
, DECRYPT_MODE
,
WRAP_MODE
or UNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parametersrandom
- the source of randomness
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
InvalidAlgorithmParameterException
- if the given algorithm
parameters are inappropriate for this cipher,
or if this cipher is being initialized for decryption and requires
algorithm parameters and params
is null.protected abstract void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
The cipher is initialized for one of the following four operations:
encryption, decryption, key wrapping or key unwrapping, depending on
the value of opmode
.
If this cipher requires any algorithm parameters and
params
is null, the underlying cipher implementation is
supposed to generate the required parameters itself (using
provider-specific default or random values) if it is being
initialized for encryption or key wrapping, and raise an
InvalidAlgorithmParameterException
if it is being
initialized for decryption or key unwrapping.
The generated parameters can be retrieved using
engineGetParameters
or
engineGetIV
(if the parameter is an IV).
If this cipher (including its underlying feedback or padding scheme)
requires any random bytes (e.g., for parameter generation), it will get
them from random
.
Note that when a Cipher object is initialized, it loses all previously-acquired state. In other words, initializing a Cipher is equivalent to creating a new instance of that Cipher and initializing it.
opmode
- the operation mode of this cipher (this is one of
the following:
ENCRYPT_MODE
, DECRYPT_MODE
,
WRAP_MODE
or UNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parametersrandom
- the source of randomness
InvalidKeyException
- if the given key is inappropriate for
initializing this cipher
InvalidAlgorithmParameterException
- if the given algorithm
parameters are inappropriate for this cipher,
or if this cipher is being initialized for decryption and requires
algorithm parameters and params
is null.protected abstract byte[] engineUpdate(byte[] input, int inputOffset, int inputLen)
The first inputLen
bytes in the input
buffer, starting at inputOffset
inclusive, are processed,
and the result is stored in a new buffer.
input
- the input bufferinputOffset
- the offset in input
where the input
startsinputLen
- the input length
protected abstract int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException
The first inputLen
bytes in the input
buffer, starting at inputOffset
inclusive, are processed,
and the result is stored in the output
buffer, starting at
outputOffset
inclusive.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown.
input
- the input bufferinputOffset
- the offset in input
where the input
startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset in output
where the result
is stored
output
ShortBufferException
- if the given output buffer is too small
to hold the resultprotected abstract byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException
The first inputLen
bytes in the input
buffer, starting at inputOffset
inclusive, and any input
bytes that may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
The result is stored in a new buffer.
Upon finishing, this method resets this cipher object to the state
it was in when previously initialized via a call to
engineInit
.
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to
engineInit
) more data.
Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.
input
- the input bufferinputOffset
- the offset in input
where the input
startsinputLen
- the input length
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytesprotected abstract int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException
The first inputLen
bytes in the input
buffer, starting at inputOffset
inclusive, and any input
bytes that may have been buffered during a previous update
operation, are processed, with padding (if requested) being applied.
The result is stored in the output
buffer, starting at
outputOffset
inclusive.
If the output
buffer is too small to hold the result,
a ShortBufferException
is thrown.
Upon finishing, this method resets this cipher object to the state
it was in when previously initialized via a call to
engineInit
.
That is, the object is reset and available to encrypt or decrypt
(depending on the operation mode that was specified in the call to
engineInit
) more data.
Note: if any exception is thrown, this cipher object may need to be reset before it can be used again.
input
- the input bufferinputOffset
- the offset in input
where the input
startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset in output
where the result
is stored
output
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested (only in encryption mode), and the total
input length of the data processed by this cipher is not a multiple of
block size
ShortBufferException
- if the given output buffer is too small
to hold the result
BadPaddingException
- if this cipher is in decryption mode,
and (un)padding has been requested, but the decrypted data is not
bounded by the appropriate padding bytesprotected byte[] engineWrap(Key key) throws IllegalBlockSizeException, InvalidKeyException
This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.) It may be overridden by a provider to wrap a key. Such an override is expected to throw an IllegalBlockSizeException or InvalidKeyException (under the specified circumstances), if the given key cannot be wrapped. If this method is not overridden, it always throws an UnsupportedOperationException.
key
- the key to be wrapped.
IllegalBlockSizeException
- if this cipher is a block cipher,
no padding has been requested, and the length of the encoding of the
key to be wrapped is not a multiple of the block size.
InvalidKeyException
- if it is impossible or unsafe to
wrap the key with this cipher (e.g., a hardware protected key is
being passed to a software-only cipher).protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException
This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.) It may be overridden by a provider to unwrap a previously wrapped key. Such an override is expected to throw an InvalidKeyException if the given wrapped key cannot be unwrapped. If this method is not overridden, it always throws an UnsupportedOperationException.
wrappedKey
- the key to be unwrapped.wrappedKeyAlgorithm
- the algorithm associated with the wrapped
key.wrappedKeyType
- the type of the wrapped key. This is one of
SECRET_KEY
, PRIVATE_KEY
, or
PUBLIC_KEY
.
NoSuchAlgorithmException
- if no installed providers
can create keys of type wrappedKeyType
for the
wrappedKeyAlgorithm
.
InvalidKeyException
- if wrappedKey
does not
represent a wrapped key of type wrappedKeyType
for
the wrappedKeyAlgorithm
.protected int engineGetKeySize(Key key) throws InvalidKeyException
This concrete method has been added to this previously-defined
abstract class. It throws an UnsupportedOperationException
if it is not overridden by the provider.
key
- the key object.
InvalidKeyException
- if key
is invalid.
|
JavaTM 2 Platform Std. Ed. v1.4.2 |
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2003, 2010 Oracle and/or its affiliates. All rights reserved. Use is subject to license terms. Also see the documentation redistribution policy.