1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved. 4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 5 * 6 * This code is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License version 2 only, as 8 * published by the Free Software Foundation. Oracle designates this 9 * particular file as subject to the "Classpath" exception as provided 10 * by Oracle in the LICENSE file that accompanied this code. 11 * 12 * This code is distributed in the hope that it will be useful, but WITHOUT 13 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 * version 2 for more details (a copy is included in the LICENSE file that 16 * accompanied this code). 17 * 18 * You should have received a copy of the GNU General Public License version 19 * 2 along with this work; if not, write to the Free Software Foundation, 20 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 21 * 22 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 23 * or visit www.oracle.com if you need additional information or have any 24 * questions. 25 */ 26 27 package javax.crypto; 28 29 import java.util.*; 30 import java.util.concurrent.ConcurrentHashMap; 31 import java.util.concurrent.ConcurrentMap; 32 import java.util.regex.*; 33 34 import static java.util.Locale.ENGLISH; 35 36 import java.security.*; 37 import java.security.Provider.Service; 38 import java.security.spec.AlgorithmParameterSpec; 39 import java.security.spec.InvalidParameterSpecException; 40 import java.security.cert.Certificate; 41 import java.security.cert.X509Certificate; 42 43 import javax.crypto.spec.*; 44 45 import java.nio.ByteBuffer; 46 import java.nio.ReadOnlyBufferException; 47 48 import sun.security.util.Debug; 49 import sun.security.jca.*; 50 import sun.security.jca.GetInstance.Instance; 51 52 /** 53 * This class provides the functionality of a cryptographic cipher for 54 * encryption and decryption. It forms the core of the Java Cryptographic 55 * Extension (JCE) framework. 56 * 57 * <p>In order to create a Cipher object, the application calls the 58 * Cipher's <code>getInstance</code> method, and passes the name of the 59 * requested <i>transformation</i> to it. Optionally, the name of a provider 60 * may be specified. 61 * 62 * <p>A <i>transformation</i> is a string that describes the operation (or 63 * set of operations) to be performed on the given input, to produce some 64 * output. A transformation always includes the name of a cryptographic 65 * algorithm (e.g., <i>DES</i>), and may be followed by a feedback mode and 66 * padding scheme. 67 * 68 * <p> A transformation is of the form:<p> 69 * 70 * <ul> 71 * <li>"<i>algorithm/mode/padding</i>" or 72 * <p> 73 * <li>"<i>algorithm</i>" 74 * </ul> 75 * 76 * <P> (in the latter case, 77 * provider-specific default values for the mode and padding scheme are used). 78 * For example, the following is a valid transformation:<p> 79 * 80 * <pre> 81 * Cipher c = Cipher.getInstance("<i>DES/CBC/PKCS5Padding</i>"); 82 * </pre> 83 * 84 * Using modes such as <code>CFB</code> and <code>OFB</code>, block 85 * ciphers can encrypt data in units smaller than the cipher's actual 86 * block size. When requesting such a mode, you may optionally specify 87 * the number of bits to be processed at a time by appending this number 88 * to the mode name as shown in the "<code>DES/CFB8/NoPadding</code>" and 89 * "<code>DES/OFB32/PKCS5Padding</code>" transformations. If no such 90 * number is specified, a provider-specific default is used. (For 91 * example, the SunJCE provider uses a default of 64 bits for DES.) 92 * Thus, block ciphers can be turned into byte-oriented stream ciphers by 93 * using an 8 bit mode such as CFB8 or OFB8. 94 * <p> 95 * Modes such as Authenticated Encryption with Associated Data (AEAD) 96 * provide authenticity assurances for both confidential data and 97 * Additional Associated Data (AAD) that is not encrypted. (Please see 98 * <a href="http://www.ietf.org/rfc/rfc5116.txt"> RFC 5116 </a> for more 99 * information on AEAD and AEAD algorithms such as GCM/CCM.) Both 100 * confidential and AAD data can be used when calculating the 101 * authentication tag (similar to a {@link Mac}). This tag is appended 102 * to the ciphertext during encryption, and is verified on decryption. 103 * <p> 104 * AEAD modes such as GCM/CCM perform all AAD authenticity calculations 105 * before starting the ciphertext authenticity calculations. To avoid 106 * implementations having to internally buffer ciphertext, all AAD data 107 * must be supplied to GCM/CCM implementations (via the {@code 108 * updateAAD} methods) <b>before</b> the ciphertext is processed (via 109 * the {@code update} and {@code doFinal} methods). 110 * 111 * <pre> 112 * GCMParameterSpec s = new GCMParameterSpec(...); 113 * cipher.init(..., s); 114 * 115 * // If the GCMParameterSpec is needed again 116 * cipher.getParameters().getParameterSpec(GCMParameterSpec.class)); 117 * 118 * cipher.updateAAD(...); // AAD 119 * cipher.update(...); // Multi-part update 120 * cipher.doFinal(...); // conclusion of operation 121 * </pre> 122 * <p> Android provides the following <code>Cipher</code> transformations: 123 * <table> 124 * <thead> 125 * <tr> 126 * <th>Name</th> 127 * <th>Supported (API Levels)</th> 128 * </tr> 129 * </thead> 130 * <tr> 131 * <td>AES/CBC/ISO10126Padding</td> 132 * <td>1+</td> 133 * </tr> 134 * <tr> 135 * <td>AES/CBC/NoPadding</td> 136 * <td>1+</td> 137 * </tr> 138 * <tr> 139 * <td>AES/CBC/PKCS5Padding</td> 140 * <td>1+</td> 141 * </tr> 142 * <tr> 143 * <td>AES/CFB/ISO10126Padding</td> 144 * <td>1+</td> 145 * </tr> 146 * <tr> 147 * <td>AES/CFB/NoPadding</td> 148 * <td>1+</td> 149 * </tr> 150 * <tr> 151 * <td>AES/CFB/PKCS5Padding</td> 152 * <td>1+</td> 153 * </tr> 154 * <tr> 155 * <td>AES/CTR/ISO10126Padding</td> 156 * <td>1+</td> 157 * </tr> 158 * <tr> 159 * <td>AES/CTR/NoPadding</td> 160 * <td>1+</td> 161 * </tr> 162 * <tr> 163 * <td>AES/CTR/PKCS5Padding</td> 164 * <td>1+</td> 165 * </tr> 166 * <tr> 167 * <td>AES/CTS/ISO10126Padding</td> 168 * <td>1+</td> 169 * </tr> 170 * <tr> 171 * <td>AES/CTS/NoPadding</td> 172 * <td>1+</td> 173 * </tr> 174 * <tr> 175 * <td>AES/CTS/PKCS5Padding</td> 176 * <td>1+</td> 177 * </tr> 178 * <tr> 179 * <td>AES/ECB/ISO10126Padding</td> 180 * <td>1+</td> 181 * </tr> 182 * <tr> 183 * <td>AES/ECB/NoPadding</td> 184 * <td>1+</td> 185 * </tr> 186 * <tr> 187 * <td>AES/ECB/PKCS5Padding</td> 188 * <td>1+</td> 189 * </tr> 190 * <tr> 191 * <td>AES/OFB/ISO10126Padding</td> 192 * <td>1+</td> 193 * </tr> 194 * <tr> 195 * <td>AES/OFB/NoPadding</td> 196 * <td>1+</td> 197 * </tr> 198 * <tr> 199 * <td>AES/OFB/PKCS5Padding</td> 200 * <td>1+</td> 201 * </tr> 202 * <tr> 203 * <td>ARCFOUR/ECB/NoPadding</td> 204 * <td>10+</td> 205 * </tr> 206 * <tr> 207 * <td>BLOWFISH/CBC/ISO10126Padding</td> 208 * <td>10+</td> 209 * </tr> 210 * <tr> 211 * <td>BLOWFISH/CBC/NoPadding</td> 212 * <td>10+</td> 213 * </tr> 214 * <tr> 215 * <td>BLOWFISH/CBC/PKCS5Padding</td> 216 * <td>10+</td> 217 * </tr> 218 * <tr> 219 * <td>BLOWFISH/CFB/ISO10126Padding</td> 220 * <td>10+</td> 221 * </tr> 222 * <tr> 223 * <td>BLOWFISH/CFB/NoPadding</td> 224 * <td>10+</td> 225 * </tr> 226 * <tr> 227 * <td>BLOWFISH/CFB/PKCS5Padding</td> 228 * <td>10+</td> 229 * </tr> 230 * <tr> 231 * <td>BLOWFISH/CTR/ISO10126Padding</td> 232 * <td>10+</td> 233 * </tr> 234 * <tr> 235 * <td>BLOWFISH/CTR/NoPadding</td> 236 * <td>10+</td> 237 * </tr> 238 * <tr> 239 * <td>BLOWFISH/CTR/PKCS5Padding</td> 240 * <td>10+</td> 241 * </tr> 242 * <tr> 243 * <td>BLOWFISH/CTS/ISO10126Padding</td> 244 * <td>10+</td> 245 * </tr> 246 * <tr> 247 * <td>BLOWFISH/CTS/NoPadding</td> 248 * <td>10+</td> 249 * </tr> 250 * <tr> 251 * <td>BLOWFISH/CTS/PKCS5Padding</td> 252 * <td>10+</td> 253 * </tr> 254 * <tr> 255 * <td>BLOWFISH/ECB/ISO10126Padding</td> 256 * <td>10+</td> 257 * </tr> 258 * <tr> 259 * <td>BLOWFISH/ECB/NoPadding</td> 260 * <td>10+</td> 261 * </tr> 262 * <tr> 263 * <td>BLOWFISH/ECB/PKCS5Padding</td> 264 * <td>10+</td> 265 * </tr> 266 * <tr> 267 * <td>BLOWFISH/OFB/ISO10126Padding</td> 268 * <td>10+</td> 269 * </tr> 270 * <tr> 271 * <td>BLOWFISH/OFB/NoPadding</td> 272 * <td>10+</td> 273 * </tr> 274 * <tr> 275 * <td>BLOWFISH/OFB/PKCS5Padding</td> 276 * <td>10+</td> 277 * </tr> 278 * <tr> 279 * <td>DES/CBC/ISO10126Padding</td> 280 * <td>1+</td> 281 * </tr> 282 * <tr> 283 * <td>DES/CBC/NoPadding</td> 284 * <td>1+</td> 285 * </tr> 286 * <tr> 287 * <td>DES/CBC/PKCS5Padding</td> 288 * <td>1+</td> 289 * </tr> 290 * <tr> 291 * <td>DES/CFB/ISO10126Padding</td> 292 * <td>1+</td> 293 * </tr> 294 * <tr> 295 * <td>DES/CFB/NoPadding</td> 296 * <td>1+</td> 297 * </tr> 298 * <tr> 299 * <td>DES/CFB/PKCS5Padding</td> 300 * <td>1+</td> 301 * </tr> 302 * <tr> 303 * <td>DES/CTR/ISO10126Padding</td> 304 * <td>1+</td> 305 * </tr> 306 * <tr> 307 * <td>DES/CTR/NoPadding</td> 308 * <td>1+</td> 309 * </tr> 310 * <tr> 311 * <td>DES/CTR/PKCS5Padding</td> 312 * <td>1+</td> 313 * </tr> 314 * <tr> 315 * <td>DES/CTS/ISO10126Padding</td> 316 * <td>1+</td> 317 * </tr> 318 * <tr> 319 * <td>DES/CTS/NoPadding</td> 320 * <td>1+</td> 321 * </tr> 322 * <tr> 323 * <td>DES/CTS/PKCS5Padding</td> 324 * <td>1+</td> 325 * </tr> 326 * <tr> 327 * <td>DES/ECB/ISO10126Padding</td> 328 * <td>1+</td> 329 * </tr> 330 * <tr> 331 * <td>DES/ECB/NoPadding</td> 332 * <td>1+</td> 333 * </tr> 334 * <tr> 335 * <td>DES/ECB/PKCS5Padding</td> 336 * <td>1+</td> 337 * </tr> 338 * <tr> 339 * <td>DES/OFB/ISO10126Padding</td> 340 * <td>1+</td> 341 * </tr> 342 * <tr> 343 * <td>DES/OFB/NoPadding</td> 344 * <td>1+</td> 345 * </tr> 346 * <tr> 347 * <td>DES/OFB/PKCS5Padding</td> 348 * <td>1+</td> 349 * </tr> 350 * <tr> 351 * <td>DESede/CBC/ISO10126Padding</td> 352 * <td>1+</td> 353 * </tr> 354 * <tr> 355 * <td>DESede/CBC/NoPadding</td> 356 * <td>1+</td> 357 * </tr> 358 * <tr> 359 * <td>DESede/CBC/PKCS5Padding</td> 360 * <td>1+</td> 361 * </tr> 362 * <tr> 363 * <td>DESede/CFB/ISO10126Padding</td> 364 * <td>1+</td> 365 * </tr> 366 * <tr> 367 * <td>DESede/CFB/NoPadding</td> 368 * <td>1+</td> 369 * </tr> 370 * <tr> 371 * <td>DESede/CFB/PKCS5Padding</td> 372 * <td>1+</td> 373 * </tr> 374 * <tr> 375 * <td>DESede/CTR/ISO10126Padding</td> 376 * <td>1+</td> 377 * </tr> 378 * <tr> 379 * <td>DESede/CTR/NoPadding</td> 380 * <td>1+</td> 381 * </tr> 382 * <tr> 383 * <td>DESede/CTR/PKCS5Padding</td> 384 * <td>1+</td> 385 * </tr> 386 * <tr> 387 * <td>DESede/CTS/ISO10126Padding</td> 388 * <td>1+</td> 389 * </tr> 390 * <tr> 391 * <td>DESede/CTS/NoPadding</td> 392 * <td>1+</td> 393 * </tr> 394 * <tr> 395 * <td>DESede/CTS/PKCS5Padding</td> 396 * <td>1+</td> 397 * </tr> 398 * <tr> 399 * <td>DESede/ECB/ISO10126Padding</td> 400 * <td>1+</td> 401 * </tr> 402 * <tr> 403 * <td>DESede/ECB/NoPadding</td> 404 * <td>1+</td> 405 * </tr> 406 * <tr> 407 * <td>DESede/ECB/PKCS5Padding</td> 408 * <td>1+</td> 409 * </tr> 410 * <tr> 411 * <td>DESede/OFB/ISO10126Padding</td> 412 * <td>1+</td> 413 * </tr> 414 * <tr> 415 * <td>DESede/OFB/NoPadding</td> 416 * <td>1+</td> 417 * </tr> 418 * <tr> 419 * <td>DESede/OFB/PKCS5Padding</td> 420 * <td>1+</td> 421 * </tr> 422 * <tr> 423 * <td>PBEwithMD5andDES/CBC/ISO10126Padding</td> 424 * <td>1+</td> 425 * </tr> 426 * <tr> 427 * <td>PBEwithMD5andDES/CBC/NoPadding</td> 428 * <td>1+</td> 429 * </tr> 430 * <tr> 431 * <td>PBEwithMD5andDES/CBC/PKCS5Padding</td> 432 * <td>1+</td> 433 * </tr> 434 * <tr> 435 * <td>PBEwithMD5andDES/CFB/ISO10126Padding</td> 436 * <td>1+</td> 437 * </tr> 438 * <tr> 439 * <td>PBEwithMD5andDES/CFB/NoPadding</td> 440 * <td>1+</td> 441 * </tr> 442 * <tr> 443 * <td>PBEwithMD5andDES/CFB/PKCS5Padding</td> 444 * <td>1+</td> 445 * </tr> 446 * <tr> 447 * <td>PBEwithMD5andDES/CTR/ISO10126Padding</td> 448 * <td>1+</td> 449 * </tr> 450 * <tr> 451 * <td>PBEwithMD5andDES/CTR/NoPadding</td> 452 * <td>1+</td> 453 * </tr> 454 * <tr> 455 * <td>PBEwithMD5andDES/CTR/PKCS5Padding</td> 456 * <td>1+</td> 457 * </tr> 458 * <tr> 459 * <td>PBEwithMD5andDES/CTS/ISO10126Padding</td> 460 * <td>1+</td> 461 * </tr> 462 * <tr> 463 * <td>PBEwithMD5andDES/CTS/NoPadding</td> 464 * <td>1+</td> 465 * </tr> 466 * <tr> 467 * <td>PBEwithMD5andDES/CTS/PKCS5Padding</td> 468 * <td>1+</td> 469 * </tr> 470 * <tr> 471 * <td>PBEwithMD5andDES/ECB/ISO10126Padding</td> 472 * <td>1+</td> 473 * </tr> 474 * <tr> 475 * <td>PBEwithMD5andDES/ECB/NoPadding</td> 476 * <td>1+</td> 477 * </tr> 478 * <tr> 479 * <td>PBEwithMD5andDES/ECB/PKCS5Padding</td> 480 * <td>1+</td> 481 * </tr> 482 * <tr> 483 * <td>PBEwithMD5andDES/OFB/ISO10126Padding</td> 484 * <td>1+</td> 485 * </tr> 486 * <tr> 487 * <td>PBEwithMD5andDES/OFB/NoPadding</td> 488 * <td>1+</td> 489 * </tr> 490 * <tr> 491 * <td>PBEwithMD5andDES/OFB/PKCS5Padding</td> 492 * <td>1+</td> 493 * </tr> 494 * <tr> 495 * <td>PBEwithSHA1andDESede/CBC/ISO10126Padding</td> 496 * <td>1+</td> 497 * </tr> 498 * <tr> 499 * <td>PBEwithSHA1andDESede/CBC/NoPadding</td> 500 * <td>1+</td> 501 * </tr> 502 * <tr> 503 * <td>PBEwithSHA1andDESede/CBC/PKCS5Padding</td> 504 * <td>1+</td> 505 * </tr> 506 * <tr> 507 * <td>PBEwithSHA1andDESede/CFB/ISO10126Padding</td> 508 * <td>1+</td> 509 * </tr> 510 * <tr> 511 * <td>PBEwithSHA1andDESede/CFB/NoPadding</td> 512 * <td>1+</td> 513 * </tr> 514 * <tr> 515 * <td>PBEwithSHA1andDESede/CFB/PKCS5Padding</td> 516 * <td>1+</td> 517 * </tr> 518 * <tr> 519 * <td>PBEwithSHA1andDESede/CTR/ISO10126Padding</td> 520 * <td>1+</td> 521 * </tr> 522 * <tr> 523 * <td>PBEwithSHA1andDESede/CTR/NoPadding</td> 524 * <td>1+</td> 525 * </tr> 526 * <tr> 527 * <td>PBEwithSHA1andDESede/CTR/PKCS5Padding</td> 528 * <td>1+</td> 529 * </tr> 530 * <tr> 531 * <td>PBEwithSHA1andDESede/CTS/ISO10126Padding</td> 532 * <td>1+</td> 533 * </tr> 534 * <tr> 535 * <td>PBEwithSHA1andDESede/CTS/NoPadding</td> 536 * <td>1+</td> 537 * </tr> 538 * <tr> 539 * <td>PBEwithSHA1andDESede/CTS/PKCS5Padding</td> 540 * <td>1+</td> 541 * </tr> 542 * <tr> 543 * <td>PBEwithSHA1andDESede/ECB/ISO10126Padding</td> 544 * <td>1+</td> 545 * </tr> 546 * <tr> 547 * <td>PBEwithSHA1andDESede/ECB/NoPadding</td> 548 * <td>1+</td> 549 * </tr> 550 * <tr> 551 * <td>PBEwithSHA1andDESede/ECB/PKCS5Padding</td> 552 * <td>1+</td> 553 * </tr> 554 * <tr> 555 * <td>PBEwithSHA1andDESede/OFB/ISO10126Padding</td> 556 * <td>1+</td> 557 * </tr> 558 * <tr> 559 * <td>PBEwithSHA1andDESede/OFB/NoPadding</td> 560 * <td>1+</td> 561 * </tr> 562 * <tr> 563 * <td>PBEwithSHA1andDESede/OFB/PKCS5Padding</td> 564 * <td>1+</td> 565 * </tr> 566 * <tr> 567 * <td>RC4/ECB/NoPadding</td> 568 * <td>10+</td> 569 * </tr> 570 * <tr> 571 * <td>RSA/ECB/NoPadding</td> 572 * <td>1+</td> 573 * </tr> 574 * <tr> 575 * <td>RSA/ECB/OAEPPadding</td> 576 * <td>1+</td> 577 * </tr> 578 * <tr> 579 * <td>RSA/ECB/OAEPwithSHA-1andMGF1Padding</td> 580 * <td>10+</td> 581 * </tr> 582 * <tr> 583 * <td>RSA/ECB/OAEPwithSHA-256andMGF1Padding</td> 584 * <td>10+</td> 585 * </tr> 586 * <tr> 587 * <td>RSA/ECB/PKCS1Padding</td> 588 * <td>1+</td> 589 * </tr> 590 * <tr> 591 * <td>RSA/NONE/NoPadding</td> 592 * <td>1+</td> 593 * </tr> 594 * <tr> 595 * <td>RSA/NONE/OAEPPadding</td> 596 * <td>1+</td> 597 * </tr> 598 * <tr> 599 * <td>RSA/NONE/OAEPwithSHA-1andMGF1Padding</td> 600 * <td>10+</td> 601 * </tr> 602 * <tr> 603 * <td>RSA/NONE/OAEPwithSHA-256andMGF1Padding</td> 604 * <td>10+</td> 605 * </tr> 606 * <tr> 607 * <td>RSA/NONE/PKCS1Padding</td> 608 * <td>1+</td> 609 * </tr> 610 * </tbody> 611 * </tbody> 612 * </table> 613 * 614 * These transformations are described in the 615 * <a href="{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#Cipher"> 616 * Cipher section</a> of the 617 * Java Cryptography Architecture Standard Algorithm Name Documentation. 618 * 619 * @author Jan Luehe 620 * @see KeyGenerator 621 * @see SecretKey 622 * @since 1.4 623 */ 624 625 public class Cipher { 626 627 private static final Debug debug = 628 Debug.getInstance("jca", "Cipher"); 629 630 /** 631 * Constant used to initialize cipher to encryption mode. 632 */ 633 public static final int ENCRYPT_MODE = 1; 634 635 /** 636 * Constant used to initialize cipher to decryption mode. 637 */ 638 public static final int DECRYPT_MODE = 2; 639 640 /** 641 * Constant used to initialize cipher to key-wrapping mode. 642 */ 643 public static final int WRAP_MODE = 3; 644 645 /** 646 * Constant used to initialize cipher to key-unwrapping mode. 647 */ 648 public static final int UNWRAP_MODE = 4; 649 650 /** 651 * Constant used to indicate the to-be-unwrapped key is a "public key". 652 */ 653 public static final int PUBLIC_KEY = 1; 654 655 /** 656 * Constant used to indicate the to-be-unwrapped key is a "private key". 657 */ 658 public static final int PRIVATE_KEY = 2; 659 660 /** 661 * Constant used to indicate the to-be-unwrapped key is a "secret key". 662 */ 663 public static final int SECRET_KEY = 3; 664 665 // The provider 666 private Provider provider; 667 668 // The provider implementation (delegate) 669 private CipherSpi spi; 670 671 // The transformation 672 final private String transformation; 673 674 // The tokenized version of transformation 675 final private String[] tokenizedTransformation; 676 677 // The exemption mechanism that needs to be enforced 678 private ExemptionMechanism exmech; 679 680 // Flag which indicates whether or not this cipher has been initialized 681 private boolean initialized = false; 682 683 // The operation mode - store the operation mode after the 684 // cipher has been initialized. 685 private int opmode = 0; 686 687 // The OID for the KeyUsage extension in an X.509 v3 certificate 688 private static final String KEY_USAGE_EXTENSION_OID = "2.5.29.15"; 689 690 private final SpiAndProviderUpdater spiAndProviderUpdater; 691 692 693 /** 694 * Creates a Cipher object. 695 * 696 * @param cipherSpi the delegate 697 * @param provider the provider 698 * @param transformation the transformation 699 */ 700 protected Cipher(CipherSpi cipherSpi, 701 Provider provider, 702 String transformation) { 703 if (cipherSpi == null) { 704 throw new NullPointerException("cipherSpi == null"); 705 } 706 if (!(cipherSpi instanceof NullCipherSpi) && provider == null) { 707 throw new NullPointerException("provider == null"); 708 } 709 710 this.spi = cipherSpi; 711 this.provider = provider; 712 this.transformation = transformation; 713 this.tokenizedTransformation = null; 714 715 this.spiAndProviderUpdater = 716 new SpiAndProviderUpdater(provider, cipherSpi); 717 } 718 719 private Cipher(CipherSpi cipherSpi, 720 Provider provider, 721 String transformation, 722 String[] tokenizedTransformation) { 723 this.spi = cipherSpi; 724 this.provider = provider; 725 this.transformation = transformation; 726 this.tokenizedTransformation = tokenizedTransformation; 727 728 this.spiAndProviderUpdater = 729 new SpiAndProviderUpdater(provider, cipherSpi); 730 } 731 732 private static String[] tokenizeTransformation(String transformation) 733 throws NoSuchAlgorithmException { 734 if (transformation == null || transformation.isEmpty()) { 735 throw new NoSuchAlgorithmException("No transformation given"); 736 } 737 /* 738 * array containing the components of a Cipher transformation: 739 * 740 * index 0: algorithm component (e.g., DES) 741 * index 1: feedback component (e.g., CFB) 742 * index 2: padding component (e.g., PKCS5Padding) 743 */ 744 String[] parts = new String[3]; 745 int count = 0; 746 StringTokenizer parser = new StringTokenizer(transformation, "/"); 747 try { 748 while (parser.hasMoreTokens() && count < 3) { 749 parts[count++] = parser.nextToken().trim(); 750 } 751 if (count == 0 || count == 2 || parser.hasMoreTokens()) { 752 throw new NoSuchAlgorithmException("Invalid transformation" 753 + " format:" + 754 transformation); 755 } 756 } catch (NoSuchElementException e) { 757 throw new NoSuchAlgorithmException("Invalid transformation " + 758 "format:" + transformation); 759 } 760 if ((parts[0] == null) || (parts[0].length() == 0)) { 761 throw new NoSuchAlgorithmException("Invalid transformation:" + 762 "algorithm not specified-" 763 + transformation); 764 } 765 return parts; 766 } 767 768 /** 769 * Returns a <code>Cipher</code> object that implements the specified 770 * transformation. 771 * 772 * <p> This method traverses the list of registered security Providers, 773 * starting with the most preferred Provider. 774 * A new Cipher object encapsulating the 775 * CipherSpi implementation from the first 776 * Provider that supports the specified algorithm is returned. 777 * 778 * <p> Note that the list of registered providers may be retrieved via 779 * the {@link Security#getProviders() Security.getProviders()} method. 780 * 781 * @param transformation the name of the transformation, e.g., 782 * <i>DES/CBC/PKCS5Padding</i>. 783 * See the Cipher section in the <a href= 784 * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#Cipher"> 785 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 786 * for information about standard transformation names. 787 * 788 * @return a cipher that implements the requested transformation. 789 * 790 * @exception NoSuchAlgorithmException if <code>transformation</code> 791 * is null, empty, in an invalid format, 792 * or if no Provider supports a CipherSpi implementation for the 793 * specified algorithm. 794 * 795 * @exception NoSuchPaddingException if <code>transformation</code> 796 * contains a padding scheme that is not available. 797 * 798 * @see java.security.Provider 799 */ 800 public static final Cipher getInstance(String transformation) 801 throws NoSuchAlgorithmException, NoSuchPaddingException 802 { 803 return createCipher(transformation, null); 804 } 805 806 /** 807 * Returns a <code>Cipher</code> object that implements the specified 808 * transformation. 809 * 810 * <p> A new Cipher object encapsulating the 811 * CipherSpi implementation from the specified provider 812 * is returned. The specified provider must be registered 813 * in the security provider list. 814 * 815 * <p> Note that the list of registered providers may be retrieved via 816 * the {@link Security#getProviders() Security.getProviders()} method. 817 * 818 * @param transformation the name of the transformation, 819 * e.g., <i>DES/CBC/PKCS5Padding</i>. 820 * See the Cipher section in the <a href= 821 * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#Cipher"> 822 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 823 * for information about standard transformation names. 824 * 825 * @param provider the name of the provider. 826 * 827 * @return a cipher that implements the requested transformation. 828 * 829 * @exception NoSuchAlgorithmException if <code>transformation</code> 830 * is null, empty, in an invalid format, 831 * or if a CipherSpi implementation for the specified algorithm 832 * is not available from the specified provider. 833 * 834 * @exception NoSuchProviderException if the specified provider is not 835 * registered in the security provider list. 836 * 837 * @exception NoSuchPaddingException if <code>transformation</code> 838 * contains a padding scheme that is not available. 839 * 840 * @exception IllegalArgumentException if the <code>provider</code> 841 * is null or empty. 842 * 843 * @see java.security.Provider 844 */ 845 public static final Cipher getInstance(String transformation, 846 String provider) 847 throws NoSuchAlgorithmException, NoSuchProviderException, 848 NoSuchPaddingException 849 { 850 if ((provider == null) || (provider.length() == 0)) { 851 throw new IllegalArgumentException("Missing provider"); 852 } 853 Provider p = Security.getProvider(provider); 854 if (p == null) { 855 throw new NoSuchProviderException("No such provider: " + 856 provider); 857 } 858 return createCipher(transformation, p); 859 } 860 861 /** 862 * Returns a <code>Cipher</code> object that implements the specified 863 * transformation. 864 * 865 * <p> A new Cipher object encapsulating the 866 * CipherSpi implementation from the specified Provider 867 * object is returned. Note that the specified Provider object 868 * does not have to be registered in the provider list. 869 * 870 * @param transformation the name of the transformation, 871 * e.g., <i>DES/CBC/PKCS5Padding</i>. 872 * See the Cipher section in the <a href= 873 * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/StandardNames.html#Cipher"> 874 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 875 * for information about standard transformation names. 876 * 877 * @param provider the provider. 878 * 879 * @return a cipher that implements the requested transformation. 880 * 881 * @exception NoSuchAlgorithmException if <code>transformation</code> 882 * is null, empty, in an invalid format, 883 * or if a CipherSpi implementation for the specified algorithm 884 * is not available from the specified Provider object. 885 * 886 * @exception NoSuchPaddingException if <code>transformation</code> 887 * contains a padding scheme that is not available. 888 * 889 * @exception IllegalArgumentException if the <code>provider</code> 890 * is null. 891 * 892 * @see java.security.Provider 893 */ 894 public static final Cipher getInstance(String transformation, 895 Provider provider) 896 throws NoSuchAlgorithmException, NoSuchPaddingException 897 { 898 if (provider == null) { 899 throw new IllegalArgumentException("Missing provider"); 900 } 901 return createCipher(transformation, provider); 902 } 903 904 static final Cipher createCipher(String transformation, Provider provider) 905 throws NoSuchAlgorithmException, NoSuchPaddingException { 906 String[] tokenizedTransformation = tokenizeTransformation(transformation); 907 908 CipherSpiAndProvider cipherSpiAndProvider = null; 909 try { 910 cipherSpiAndProvider = 911 tryCombinations(null /*params*/, provider, tokenizedTransformation); 912 } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { 913 // Shouldn't happen. 914 throw new IllegalStateException("Key/Algorithm excepton despite not passing one", e); 915 } 916 917 if (cipherSpiAndProvider == null) { 918 if (provider == null) { 919 throw new NoSuchAlgorithmException("No provider found for " + transformation); 920 } else { 921 throw new NoSuchAlgorithmException("Provider " + provider.getName() 922 + " does not provide " + transformation); 923 } 924 } 925 926 // exceptions and stuff 927 return new Cipher(null, provider, transformation, tokenizedTransformation); 928 } 929 930 /** 931 * Choose the Spi from the first provider available. Used if 932 * delayed provider selection is not possible because init() 933 * is not the first method called. 934 */ 935 void updateProviderIfNeeded() { 936 try { 937 spiAndProviderUpdater.updateAndGetSpiAndProvider(null, spi, provider); 938 } catch (Exception lastException) { 939 ProviderException e = new ProviderException 940 ("Could not construct CipherSpi instance"); 941 if (lastException != null) { 942 e.initCause(lastException); 943 } 944 throw e; 945 } 946 } 947 948 private void chooseProvider(InitType initType, int opmode, Key key, 949 AlgorithmParameterSpec paramSpec, 950 AlgorithmParameters params, SecureRandom random) 951 throws InvalidKeyException, InvalidAlgorithmParameterException { 952 953 try { 954 final InitParams initParams = new InitParams(initType, opmode, key, random, 955 paramSpec, params); 956 spiAndProviderUpdater.updateAndGetSpiAndProvider(initParams, spi, provider); 957 } catch (Exception lastException) { 958 // no working provider found, fail 959 if (lastException instanceof InvalidKeyException) { 960 throw (InvalidKeyException)lastException; 961 } 962 if (lastException instanceof InvalidAlgorithmParameterException) { 963 throw (InvalidAlgorithmParameterException)lastException; 964 } 965 if (lastException instanceof RuntimeException) { 966 throw (RuntimeException)lastException; 967 } 968 String kName = (key != null) ? key.getClass().getName() : "(null)"; 969 throw new InvalidKeyException 970 ("No installed provider supports this key: " 971 + kName, lastException); 972 } 973 } 974 975 /** 976 * Returns the provider of this <code>Cipher</code> object. 977 * 978 * @return the provider of this <code>Cipher</code> object 979 */ 980 public final Provider getProvider() { 981 updateProviderIfNeeded(); 982 return this.provider; 983 } 984 985 /** 986 * Returns the algorithm name of this <code>Cipher</code> object. 987 * 988 * <p>This is the same name that was specified in one of the 989 * <code>getInstance</code> calls that created this <code>Cipher</code> 990 * object.. 991 * 992 * @return the algorithm name of this <code>Cipher</code> object. 993 */ 994 public final String getAlgorithm() { 995 return this.transformation; 996 } 997 998 /** 999 * Returns the block size (in bytes). 1000 * 1001 * @return the block size (in bytes), or 0 if the underlying algorithm is 1002 * not a block cipher 1003 */ 1004 public final int getBlockSize() { 1005 updateProviderIfNeeded(); 1006 return spi.engineGetBlockSize(); 1007 } 1008 1009 /** 1010 * Returns the length in bytes that an output buffer would need to be in 1011 * order to hold the result of the next <code>update</code> or 1012 * <code>doFinal</code> operation, given the input length 1013 * <code>inputLen</code> (in bytes). 1014 * 1015 * <p>This call takes into account any unprocessed (buffered) data from a 1016 * previous <code>update</code> call, padding, and AEAD tagging. 1017 * 1018 * <p>The actual output length of the next <code>update</code> or 1019 * <code>doFinal</code> call may be smaller than the length returned by 1020 * this method. 1021 * 1022 * @param inputLen the input length (in bytes) 1023 * 1024 * @return the required output buffer size (in bytes) 1025 * 1026 * @exception IllegalStateException if this cipher is in a wrong state 1027 * (e.g., has not yet been initialized) 1028 */ 1029 public final int getOutputSize(int inputLen) { 1030 1031 if (!initialized && !(this instanceof NullCipher)) { 1032 throw new IllegalStateException("Cipher not initialized"); 1033 } 1034 if (inputLen < 0) { 1035 throw new IllegalArgumentException("Input size must be equal " + 1036 "to or greater than zero"); 1037 } 1038 updateProviderIfNeeded(); 1039 return spi.engineGetOutputSize(inputLen); 1040 } 1041 1042 /** 1043 * Returns the initialization vector (IV) in a new buffer. 1044 * 1045 * <p>This is useful in the case where a random IV was created, 1046 * or in the context of password-based encryption or 1047 * decryption, where the IV is derived from a user-supplied password. 1048 * 1049 * @return the initialization vector in a new buffer, or null if the 1050 * underlying algorithm does not use an IV, or if the IV has not yet 1051 * been set. 1052 */ 1053 public final byte[] getIV() { 1054 updateProviderIfNeeded(); 1055 return spi.engineGetIV(); 1056 } 1057 1058 /** 1059 * Returns the parameters used with this cipher. 1060 * 1061 * <p>The returned parameters may be the same that were used to initialize 1062 * this cipher, or may contain a combination of default and random 1063 * parameter values used by the underlying cipher implementation if this 1064 * cipher requires algorithm parameters but was not initialized with any. 1065 * 1066 * @return the parameters used with this cipher, or null if this cipher 1067 * does not use any parameters. 1068 */ 1069 public final AlgorithmParameters getParameters() { 1070 updateProviderIfNeeded(); 1071 return spi.engineGetParameters(); 1072 } 1073 1074 /** 1075 * Returns the exemption mechanism object used with this cipher. 1076 * 1077 * @return the exemption mechanism object used with this cipher, or 1078 * null if this cipher does not use any exemption mechanism. 1079 */ 1080 public final ExemptionMechanism getExemptionMechanism() { 1081 updateProviderIfNeeded(); 1082 return exmech; 1083 } 1084 1085 // check if opmode is one of the defined constants 1086 // throw InvalidParameterExeption if not 1087 private static void checkOpmode(int opmode) { 1088 if ((opmode < ENCRYPT_MODE) || (opmode > UNWRAP_MODE)) { 1089 throw new InvalidParameterException("Invalid operation mode"); 1090 } 1091 } 1092 1093 /** 1094 * Initializes this cipher with a key. 1095 * 1096 * <p>The cipher is initialized for one of the following four operations: 1097 * encryption, decryption, key wrapping or key unwrapping, depending 1098 * on the value of <code>opmode</code>. 1099 * 1100 * <p>If this cipher requires any algorithm parameters that cannot be 1101 * derived from the given <code>key</code>, the underlying cipher 1102 * implementation is supposed to generate the required parameters itself 1103 * (using provider-specific default or random values) if it is being 1104 * initialized for encryption or key wrapping, and raise an 1105 * <code>InvalidKeyException</code> if it is being 1106 * initialized for decryption or key unwrapping. 1107 * The generated parameters can be retrieved using 1108 * {@link #getParameters() getParameters} or 1109 * {@link #getIV() getIV} (if the parameter is an IV). 1110 * 1111 * <p>If this cipher requires algorithm parameters that cannot be 1112 * derived from the input parameters, and there are no reasonable 1113 * provider-specific default values, initialization will 1114 * necessarily fail. 1115 * 1116 * <p>If this cipher (including its underlying feedback or padding scheme) 1117 * requires any random bytes (e.g., for parameter generation), it will get 1118 * them using the {@link SecureRandom <code>SecureRandom</code>} 1119 * implementation of the highest-priority 1120 * installed provider as the source of randomness. 1121 * (If none of the installed providers supply an implementation of 1122 * SecureRandom, a system-provided source of randomness will be used.) 1123 * 1124 * <p>Note that when a Cipher object is initialized, it loses all 1125 * previously-acquired state. In other words, initializing a Cipher is 1126 * equivalent to creating a new instance of that Cipher and initializing 1127 * it. 1128 * 1129 * @param opmode the operation mode of this cipher (this is one of 1130 * the following: 1131 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1132 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1133 * @param key the key 1134 * 1135 * @exception InvalidKeyException if the given key is inappropriate for 1136 * initializing this cipher, or requires 1137 * algorithm parameters that cannot be 1138 * determined from the given key, or if the given key has a keysize that 1139 * exceeds the maximum allowable keysize (as determined from the 1140 * configured jurisdiction policy files). 1141 */ 1142 public final void init(int opmode, Key key) throws InvalidKeyException { 1143 init(opmode, key, JceSecurity.RANDOM); 1144 } 1145 1146 /** 1147 * Initializes this cipher with a key and a source of randomness. 1148 * 1149 * <p>The cipher is initialized for one of the following four operations: 1150 * encryption, decryption, key wrapping or key unwrapping, depending 1151 * on the value of <code>opmode</code>. 1152 * 1153 * <p>If this cipher requires any algorithm parameters that cannot be 1154 * derived from the given <code>key</code>, the underlying cipher 1155 * implementation is supposed to generate the required parameters itself 1156 * (using provider-specific default or random values) if it is being 1157 * initialized for encryption or key wrapping, and raise an 1158 * <code>InvalidKeyException</code> if it is being 1159 * initialized for decryption or key unwrapping. 1160 * The generated parameters can be retrieved using 1161 * {@link #getParameters() getParameters} or 1162 * {@link #getIV() getIV} (if the parameter is an IV). 1163 * 1164 * <p>If this cipher requires algorithm parameters that cannot be 1165 * derived from the input parameters, and there are no reasonable 1166 * provider-specific default values, initialization will 1167 * necessarily fail. 1168 * 1169 * <p>If this cipher (including its underlying feedback or padding scheme) 1170 * requires any random bytes (e.g., for parameter generation), it will get 1171 * them from <code>random</code>. 1172 * 1173 * <p>Note that when a Cipher object is initialized, it loses all 1174 * previously-acquired state. In other words, initializing a Cipher is 1175 * equivalent to creating a new instance of that Cipher and initializing 1176 * it. 1177 * 1178 * @param opmode the operation mode of this cipher (this is one of the 1179 * following: 1180 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1181 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1182 * @param key the encryption key 1183 * @param random the source of randomness 1184 * 1185 * @exception InvalidKeyException if the given key is inappropriate for 1186 * initializing this cipher, or requires 1187 * algorithm parameters that cannot be 1188 * determined from the given key, or if the given key has a keysize that 1189 * exceeds the maximum allowable keysize (as determined from the 1190 * configured jurisdiction policy files). 1191 */ 1192 public final void init(int opmode, Key key, SecureRandom random) 1193 throws InvalidKeyException 1194 { 1195 initialized = false; 1196 checkOpmode(opmode); 1197 1198 try { 1199 chooseProvider(InitType.KEY, opmode, key, null, null, random); 1200 } catch (InvalidAlgorithmParameterException e) { 1201 // should never occur 1202 throw new InvalidKeyException(e); 1203 } 1204 1205 initialized = true; 1206 this.opmode = opmode; 1207 } 1208 1209 /** 1210 * Initializes this cipher with a key and a set of algorithm 1211 * parameters. 1212 * 1213 * <p>The cipher is initialized for one of the following four operations: 1214 * encryption, decryption, key wrapping or key unwrapping, depending 1215 * on the value of <code>opmode</code>. 1216 * 1217 * <p>If this cipher requires any algorithm parameters and 1218 * <code>params</code> is null, the underlying cipher implementation is 1219 * supposed to generate the required parameters itself (using 1220 * provider-specific default or random values) if it is being 1221 * initialized for encryption or key wrapping, and raise an 1222 * <code>InvalidAlgorithmParameterException</code> if it is being 1223 * initialized for decryption or key unwrapping. 1224 * The generated parameters can be retrieved using 1225 * {@link #getParameters() getParameters} or 1226 * {@link #getIV() getIV} (if the parameter is an IV). 1227 * 1228 * <p>If this cipher requires algorithm parameters that cannot be 1229 * derived from the input parameters, and there are no reasonable 1230 * provider-specific default values, initialization will 1231 * necessarily fail. 1232 * 1233 * <p>If this cipher (including its underlying feedback or padding scheme) 1234 * requires any random bytes (e.g., for parameter generation), it will get 1235 * them using the {@link SecureRandom <code>SecureRandom</code>} 1236 * implementation of the highest-priority 1237 * installed provider as the source of randomness. 1238 * (If none of the installed providers supply an implementation of 1239 * SecureRandom, a system-provided source of randomness will be used.) 1240 * 1241 * <p>Note that when a Cipher object is initialized, it loses all 1242 * previously-acquired state. In other words, initializing a Cipher is 1243 * equivalent to creating a new instance of that Cipher and initializing 1244 * it. 1245 * 1246 * @param opmode the operation mode of this cipher (this is one of the 1247 * following: 1248 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1249 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1250 * @param key the encryption key 1251 * @param params the algorithm parameters 1252 * 1253 * @exception InvalidKeyException if the given key is inappropriate for 1254 * initializing this cipher, or its keysize exceeds the maximum allowable 1255 * keysize (as determined from the configured jurisdiction policy files). 1256 * @exception InvalidAlgorithmParameterException if the given algorithm 1257 * parameters are inappropriate for this cipher, 1258 * or this cipher requires 1259 * algorithm parameters and <code>params</code> is null, or the given 1260 * algorithm parameters imply a cryptographic strength that would exceed 1261 * the legal limits (as determined from the configured jurisdiction 1262 * policy files). 1263 */ 1264 public final void init(int opmode, Key key, AlgorithmParameterSpec params) 1265 throws InvalidKeyException, InvalidAlgorithmParameterException 1266 { 1267 init(opmode, key, params, JceSecurity.RANDOM); 1268 } 1269 1270 /** 1271 * Initializes this cipher with a key, a set of algorithm 1272 * parameters, and a source of randomness. 1273 * 1274 * <p>The cipher is initialized for one of the following four operations: 1275 * encryption, decryption, key wrapping or key unwrapping, depending 1276 * on the value of <code>opmode</code>. 1277 * 1278 * <p>If this cipher requires any algorithm parameters and 1279 * <code>params</code> is null, the underlying cipher implementation is 1280 * supposed to generate the required parameters itself (using 1281 * provider-specific default or random values) if it is being 1282 * initialized for encryption or key wrapping, and raise an 1283 * <code>InvalidAlgorithmParameterException</code> if it is being 1284 * initialized for decryption or key unwrapping. 1285 * The generated parameters can be retrieved using 1286 * {@link #getParameters() getParameters} or 1287 * {@link #getIV() getIV} (if the parameter is an IV). 1288 * 1289 * <p>If this cipher requires algorithm parameters that cannot be 1290 * derived from the input parameters, and there are no reasonable 1291 * provider-specific default values, initialization will 1292 * necessarily fail. 1293 * 1294 * <p>If this cipher (including its underlying feedback or padding scheme) 1295 * requires any random bytes (e.g., for parameter generation), it will get 1296 * them from <code>random</code>. 1297 * 1298 * <p>Note that when a Cipher object is initialized, it loses all 1299 * previously-acquired state. In other words, initializing a Cipher is 1300 * equivalent to creating a new instance of that Cipher and initializing 1301 * it. 1302 * 1303 * @param opmode the operation mode of this cipher (this is one of the 1304 * following: 1305 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1306 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1307 * @param key the encryption key 1308 * @param params the algorithm parameters 1309 * @param random the source of randomness 1310 * 1311 * @exception InvalidKeyException if the given key is inappropriate for 1312 * initializing this cipher, or its keysize exceeds the maximum allowable 1313 * keysize (as determined from the configured jurisdiction policy files). 1314 * @exception InvalidAlgorithmParameterException if the given algorithm 1315 * parameters are inappropriate for this cipher, 1316 * or this cipher requires 1317 * algorithm parameters and <code>params</code> is null, or the given 1318 * algorithm parameters imply a cryptographic strength that would exceed 1319 * the legal limits (as determined from the configured jurisdiction 1320 * policy files). 1321 */ 1322 public final void init(int opmode, Key key, AlgorithmParameterSpec params, 1323 SecureRandom random) 1324 throws InvalidKeyException, InvalidAlgorithmParameterException 1325 { 1326 initialized = false; 1327 checkOpmode(opmode); 1328 1329 chooseProvider(InitType.ALGORITHM_PARAM_SPEC, opmode, key, params, null, random); 1330 1331 initialized = true; 1332 this.opmode = opmode; 1333 } 1334 1335 /** 1336 * Initializes this cipher with a key and a set of algorithm 1337 * parameters. 1338 * 1339 * <p>The cipher is initialized for one of the following four operations: 1340 * encryption, decryption, key wrapping or key unwrapping, depending 1341 * on the value of <code>opmode</code>. 1342 * 1343 * <p>If this cipher requires any algorithm parameters and 1344 * <code>params</code> is null, the underlying cipher implementation is 1345 * supposed to generate the required parameters itself (using 1346 * provider-specific default or random values) if it is being 1347 * initialized for encryption or key wrapping, and raise an 1348 * <code>InvalidAlgorithmParameterException</code> if it is being 1349 * initialized for decryption or key unwrapping. 1350 * The generated parameters can be retrieved using 1351 * {@link #getParameters() getParameters} or 1352 * {@link #getIV() getIV} (if the parameter is an IV). 1353 * 1354 * <p>If this cipher requires algorithm parameters that cannot be 1355 * derived from the input parameters, and there are no reasonable 1356 * provider-specific default values, initialization will 1357 * necessarily fail. 1358 * 1359 * <p>If this cipher (including its underlying feedback or padding scheme) 1360 * requires any random bytes (e.g., for parameter generation), it will get 1361 * them using the {@link SecureRandom <code>SecureRandom</code>} 1362 * implementation of the highest-priority 1363 * installed provider as the source of randomness. 1364 * (If none of the installed providers supply an implementation of 1365 * SecureRandom, a system-provided source of randomness will be used.) 1366 * 1367 * <p>Note that when a Cipher object is initialized, it loses all 1368 * previously-acquired state. In other words, initializing a Cipher is 1369 * equivalent to creating a new instance of that Cipher and initializing 1370 * it. 1371 * 1372 * @param opmode the operation mode of this cipher (this is one of the 1373 * following: <code>ENCRYPT_MODE</code>, 1374 * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> 1375 * or <code>UNWRAP_MODE</code>) 1376 * @param key the encryption key 1377 * @param params the algorithm parameters 1378 * 1379 * @exception InvalidKeyException if the given key is inappropriate for 1380 * initializing this cipher, or its keysize exceeds the maximum allowable 1381 * keysize (as determined from the configured jurisdiction policy files). 1382 * @exception InvalidAlgorithmParameterException if the given algorithm 1383 * parameters are inappropriate for this cipher, 1384 * or this cipher requires 1385 * algorithm parameters and <code>params</code> is null, or the given 1386 * algorithm parameters imply a cryptographic strength that would exceed 1387 * the legal limits (as determined from the configured jurisdiction 1388 * policy files). 1389 */ 1390 public final void init(int opmode, Key key, AlgorithmParameters params) 1391 throws InvalidKeyException, InvalidAlgorithmParameterException 1392 { 1393 init(opmode, key, params, JceSecurity.RANDOM); 1394 } 1395 1396 /** 1397 * Initializes this cipher with a key, a set of algorithm 1398 * parameters, and a source of randomness. 1399 * 1400 * <p>The cipher is initialized for one of the following four operations: 1401 * encryption, decryption, key wrapping or key unwrapping, depending 1402 * on the value of <code>opmode</code>. 1403 * 1404 * <p>If this cipher requires any algorithm parameters and 1405 * <code>params</code> is null, the underlying cipher implementation is 1406 * supposed to generate the required parameters itself (using 1407 * provider-specific default or random values) if it is being 1408 * initialized for encryption or key wrapping, and raise an 1409 * <code>InvalidAlgorithmParameterException</code> if it is being 1410 * initialized for decryption or key unwrapping. 1411 * The generated parameters can be retrieved using 1412 * {@link #getParameters() getParameters} or 1413 * {@link #getIV() getIV} (if the parameter is an IV). 1414 * 1415 * <p>If this cipher requires algorithm parameters that cannot be 1416 * derived from the input parameters, and there are no reasonable 1417 * provider-specific default values, initialization will 1418 * necessarily fail. 1419 * 1420 * <p>If this cipher (including its underlying feedback or padding scheme) 1421 * requires any random bytes (e.g., for parameter generation), it will get 1422 * them from <code>random</code>. 1423 * 1424 * <p>Note that when a Cipher object is initialized, it loses all 1425 * previously-acquired state. In other words, initializing a Cipher is 1426 * equivalent to creating a new instance of that Cipher and initializing 1427 * it. 1428 * 1429 * @param opmode the operation mode of this cipher (this is one of the 1430 * following: <code>ENCRYPT_MODE</code>, 1431 * <code>DECRYPT_MODE</code>, <code>WRAP_MODE</code> 1432 * or <code>UNWRAP_MODE</code>) 1433 * @param key the encryption key 1434 * @param params the algorithm parameters 1435 * @param random the source of randomness 1436 * 1437 * @exception InvalidKeyException if the given key is inappropriate for 1438 * initializing this cipher, or its keysize exceeds the maximum allowable 1439 * keysize (as determined from the configured jurisdiction policy files). 1440 * @exception InvalidAlgorithmParameterException if the given algorithm 1441 * parameters are inappropriate for this cipher, 1442 * or this cipher requires 1443 * algorithm parameters and <code>params</code> is null, or the given 1444 * algorithm parameters imply a cryptographic strength that would exceed 1445 * the legal limits (as determined from the configured jurisdiction 1446 * policy files). 1447 */ 1448 public final void init(int opmode, Key key, AlgorithmParameters params, 1449 SecureRandom random) 1450 throws InvalidKeyException, InvalidAlgorithmParameterException 1451 { 1452 initialized = false; 1453 checkOpmode(opmode); 1454 1455 chooseProvider(InitType.ALGORITHM_PARAMS, opmode, key, null, params, random); 1456 1457 initialized = true; 1458 this.opmode = opmode; 1459 } 1460 1461 /** 1462 * Initializes this cipher with the public key from the given certificate. 1463 * <p> The cipher is initialized for one of the following four operations: 1464 * encryption, decryption, key wrapping or key unwrapping, depending 1465 * on the value of <code>opmode</code>. 1466 * 1467 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1468 * extension field marked as critical, and the value of the <i>key usage</i> 1469 * extension field implies that the public key in 1470 * the certificate and its corresponding private key are not 1471 * supposed to be used for the operation represented by the value 1472 * of <code>opmode</code>, 1473 * an <code>InvalidKeyException</code> 1474 * is thrown. 1475 * 1476 * <p> If this cipher requires any algorithm parameters that cannot be 1477 * derived from the public key in the given certificate, the underlying 1478 * cipher 1479 * implementation is supposed to generate the required parameters itself 1480 * (using provider-specific default or random values) if it is being 1481 * initialized for encryption or key wrapping, and raise an <code> 1482 * InvalidKeyException</code> if it is being initialized for decryption or 1483 * key unwrapping. 1484 * The generated parameters can be retrieved using 1485 * {@link #getParameters() getParameters} or 1486 * {@link #getIV() getIV} (if the parameter is an IV). 1487 * 1488 * <p>If this cipher requires algorithm parameters that cannot be 1489 * derived from the input parameters, and there are no reasonable 1490 * provider-specific default values, initialization will 1491 * necessarily fail. 1492 * 1493 * <p>If this cipher (including its underlying feedback or padding scheme) 1494 * requires any random bytes (e.g., for parameter generation), it will get 1495 * them using the 1496 * <code>SecureRandom</code> 1497 * implementation of the highest-priority 1498 * installed provider as the source of randomness. 1499 * (If none of the installed providers supply an implementation of 1500 * SecureRandom, a system-provided source of randomness will be used.) 1501 * 1502 * <p>Note that when a Cipher object is initialized, it loses all 1503 * previously-acquired state. In other words, initializing a Cipher is 1504 * equivalent to creating a new instance of that Cipher and initializing 1505 * it. 1506 * 1507 * @param opmode the operation mode of this cipher (this is one of the 1508 * following: 1509 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1510 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1511 * @param certificate the certificate 1512 * 1513 * @exception InvalidKeyException if the public key in the given 1514 * certificate is inappropriate for initializing this cipher, or this 1515 * cipher requires algorithm parameters that cannot be determined from the 1516 * public key in the given certificate, or the keysize of the public key 1517 * in the given certificate has a keysize that exceeds the maximum 1518 * allowable keysize (as determined by the configured jurisdiction policy 1519 * files). 1520 */ 1521 public final void init(int opmode, Certificate certificate) 1522 throws InvalidKeyException 1523 { 1524 init(opmode, certificate, JceSecurity.RANDOM); 1525 } 1526 1527 /** 1528 * Initializes this cipher with the public key from the given certificate 1529 * and 1530 * a source of randomness. 1531 * 1532 * <p>The cipher is initialized for one of the following four operations: 1533 * encryption, decryption, key wrapping 1534 * or key unwrapping, depending on 1535 * the value of <code>opmode</code>. 1536 * 1537 * <p>If the certificate is of type X.509 and has a <i>key usage</i> 1538 * extension field marked as critical, and the value of the <i>key usage</i> 1539 * extension field implies that the public key in 1540 * the certificate and its corresponding private key are not 1541 * supposed to be used for the operation represented by the value of 1542 * <code>opmode</code>, 1543 * an <code>InvalidKeyException</code> 1544 * is thrown. 1545 * 1546 * <p>If this cipher requires any algorithm parameters that cannot be 1547 * derived from the public key in the given <code>certificate</code>, 1548 * the underlying cipher 1549 * implementation is supposed to generate the required parameters itself 1550 * (using provider-specific default or random values) if it is being 1551 * initialized for encryption or key wrapping, and raise an 1552 * <code>InvalidKeyException</code> if it is being 1553 * initialized for decryption or key unwrapping. 1554 * The generated parameters can be retrieved using 1555 * {@link #getParameters() getParameters} or 1556 * {@link #getIV() getIV} (if the parameter is an IV). 1557 * 1558 * <p>If this cipher requires algorithm parameters that cannot be 1559 * derived from the input parameters, and there are no reasonable 1560 * provider-specific default values, initialization will 1561 * necessarily fail. 1562 * 1563 * <p>If this cipher (including its underlying feedback or padding scheme) 1564 * requires any random bytes (e.g., for parameter generation), it will get 1565 * them from <code>random</code>. 1566 * 1567 * <p>Note that when a Cipher object is initialized, it loses all 1568 * previously-acquired state. In other words, initializing a Cipher is 1569 * equivalent to creating a new instance of that Cipher and initializing 1570 * it. 1571 * 1572 * @param opmode the operation mode of this cipher (this is one of the 1573 * following: 1574 * <code>ENCRYPT_MODE</code>, <code>DECRYPT_MODE</code>, 1575 * <code>WRAP_MODE</code> or <code>UNWRAP_MODE</code>) 1576 * @param certificate the certificate 1577 * @param random the source of randomness 1578 * 1579 * @exception InvalidKeyException if the public key in the given 1580 * certificate is inappropriate for initializing this cipher, or this 1581 * cipher 1582 * requires algorithm parameters that cannot be determined from the 1583 * public key in the given certificate, or the keysize of the public key 1584 * in the given certificate has a keysize that exceeds the maximum 1585 * allowable keysize (as determined by the configured jurisdiction policy 1586 * files). 1587 */ 1588 public final void init(int opmode, Certificate certificate, 1589 SecureRandom random) 1590 throws InvalidKeyException { 1591 initialized = false; 1592 checkOpmode(opmode); 1593 1594 // Check key usage if the certificate is of 1595 // type X.509. 1596 if (certificate instanceof java.security.cert.X509Certificate) { 1597 // Check whether the cert has a key usage extension 1598 // marked as a critical extension. 1599 X509Certificate cert = (X509Certificate) certificate; 1600 Set critSet = cert.getCriticalExtensionOIDs(); 1601 1602 if (critSet != null && !critSet.isEmpty() 1603 && critSet.contains(KEY_USAGE_EXTENSION_OID)) { 1604 boolean[] keyUsageInfo = cert.getKeyUsage(); 1605 // keyUsageInfo[2] is for keyEncipherment; 1606 // keyUsageInfo[3] is for dataEncipherment. 1607 if ((keyUsageInfo != null) && 1608 (((opmode == Cipher.ENCRYPT_MODE) && 1609 (keyUsageInfo.length > 3) && 1610 (keyUsageInfo[3] == false)) || 1611 ((opmode == Cipher.WRAP_MODE) && 1612 (keyUsageInfo.length > 2) && 1613 (keyUsageInfo[2] == false)))) { 1614 throw new InvalidKeyException("Wrong key usage"); 1615 } 1616 } 1617 } 1618 1619 PublicKey publicKey = 1620 (certificate == null ? null : certificate.getPublicKey()); 1621 1622 try { 1623 chooseProvider(InitType.KEY, opmode, (Key) publicKey, null, null, random); 1624 } catch (InvalidAlgorithmParameterException e) { 1625 // should never occur 1626 throw new InvalidKeyException(e); 1627 } 1628 1629 initialized = true; 1630 this.opmode = opmode; 1631 } 1632 1633 /** 1634 * Ensures that Cipher is in a valid state for update() and doFinal() 1635 * calls - should be initialized and in ENCRYPT_MODE or DECRYPT_MODE. 1636 * @throws IllegalStateException if Cipher object is not in valid state. 1637 */ 1638 private void checkCipherState() { 1639 if (!(this instanceof NullCipher)) { 1640 if (!initialized) { 1641 throw new IllegalStateException("Cipher not initialized"); 1642 } 1643 if ((opmode != Cipher.ENCRYPT_MODE) && 1644 (opmode != Cipher.DECRYPT_MODE)) { 1645 throw new IllegalStateException("Cipher not initialized " + 1646 "for encryption/decryption"); 1647 } 1648 } 1649 } 1650 1651 /** 1652 * Continues a multiple-part encryption or decryption operation 1653 * (depending on how this cipher was initialized), processing another data 1654 * part. 1655 * 1656 * <p>The bytes in the <code>input</code> buffer are processed, and the 1657 * result is stored in a new buffer. 1658 * 1659 * <p>If <code>input</code> has a length of zero, this method returns 1660 * <code>null</code>. 1661 * 1662 * @param input the input buffer 1663 * 1664 * @return the new buffer with the result, or null if the underlying 1665 * cipher is a block cipher and the input data is too short to result in a 1666 * new block. 1667 * 1668 * @exception IllegalStateException if this cipher is in a wrong state 1669 * (e.g., has not been initialized) 1670 */ 1671 public final byte[] update(byte[] input) { 1672 checkCipherState(); 1673 1674 // Input sanity check 1675 if (input == null) { 1676 throw new IllegalArgumentException("Null input buffer"); 1677 } 1678 1679 updateProviderIfNeeded(); 1680 if (input.length == 0) { 1681 return null; 1682 } 1683 return spi.engineUpdate(input, 0, input.length); 1684 } 1685 1686 /** 1687 * Continues a multiple-part encryption or decryption operation 1688 * (depending on how this cipher was initialized), processing another data 1689 * part. 1690 * 1691 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1692 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1693 * and the result is stored in a new buffer. 1694 * 1695 * <p>If <code>inputLen</code> is zero, this method returns 1696 * <code>null</code>. 1697 * 1698 * @param input the input buffer 1699 * @param inputOffset the offset in <code>input</code> where the input 1700 * starts 1701 * @param inputLen the input length 1702 * 1703 * @return the new buffer with the result, or null if the underlying 1704 * cipher is a block cipher and the input data is too short to result in a 1705 * new block. 1706 * 1707 * @exception IllegalStateException if this cipher is in a wrong state 1708 * (e.g., has not been initialized) 1709 */ 1710 public final byte[] update(byte[] input, int inputOffset, int inputLen) { 1711 checkCipherState(); 1712 1713 // Input sanity check 1714 if (input == null || inputOffset < 0 1715 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1716 throw new IllegalArgumentException("Bad arguments"); 1717 } 1718 1719 updateProviderIfNeeded(); 1720 if (inputLen == 0) { 1721 return null; 1722 } 1723 return spi.engineUpdate(input, inputOffset, inputLen); 1724 } 1725 1726 /** 1727 * Continues a multiple-part encryption or decryption operation 1728 * (depending on how this cipher was initialized), processing another data 1729 * part. 1730 * 1731 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1732 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1733 * and the result is stored in the <code>output</code> buffer. 1734 * 1735 * <p>If the <code>output</code> buffer is too small to hold the result, 1736 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 1737 * call with a larger output buffer. Use 1738 * {@link #getOutputSize(int) getOutputSize} to determine how big 1739 * the output buffer should be. 1740 * 1741 * <p>If <code>inputLen</code> is zero, this method returns 1742 * a length of zero. 1743 * 1744 * <p>Note: this method should be copy-safe, which means the 1745 * <code>input</code> and <code>output</code> buffers can reference 1746 * the same byte array and no unprocessed input data is overwritten 1747 * when the result is copied into the output buffer. 1748 * 1749 * @param input the input buffer 1750 * @param inputOffset the offset in <code>input</code> where the input 1751 * starts 1752 * @param inputLen the input length 1753 * @param output the buffer for the result 1754 * 1755 * @return the number of bytes stored in <code>output</code> 1756 * 1757 * @exception IllegalStateException if this cipher is in a wrong state 1758 * (e.g., has not been initialized) 1759 * @exception ShortBufferException if the given output buffer is too small 1760 * to hold the result 1761 */ 1762 public final int update(byte[] input, int inputOffset, int inputLen, 1763 byte[] output) 1764 throws ShortBufferException { 1765 checkCipherState(); 1766 1767 // Input sanity check 1768 if (input == null || inputOffset < 0 1769 || inputLen > (input.length - inputOffset) || inputLen < 0) { 1770 throw new IllegalArgumentException("Bad arguments"); 1771 } 1772 1773 updateProviderIfNeeded(); 1774 if (inputLen == 0) { 1775 return 0; 1776 } 1777 return spi.engineUpdate(input, inputOffset, inputLen, 1778 output, 0); 1779 } 1780 1781 /** 1782 * Continues a multiple-part encryption or decryption operation 1783 * (depending on how this cipher was initialized), processing another data 1784 * part. 1785 * 1786 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 1787 * buffer, starting at <code>inputOffset</code> inclusive, are processed, 1788 * and the result is stored in the <code>output</code> buffer, starting at 1789 * <code>outputOffset</code> inclusive. 1790 * 1791 * <p>If the <code>output</code> buffer is too small to hold the result, 1792 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 1793 * call with a larger output buffer. Use 1794 * {@link #getOutputSize(int) getOutputSize} to determine how big 1795 * the output buffer should be. 1796 * 1797 * <p>If <code>inputLen</code> is zero, this method returns 1798 * a length of zero. 1799 * 1800 * <p>Note: this method should be copy-safe, which means the 1801 * <code>input</code> and <code>output</code> buffers can reference 1802 * the same byte array and no unprocessed input data is overwritten 1803 * when the result is copied into the output buffer. 1804 * 1805 * @param input the input buffer 1806 * @param inputOffset the offset in <code>input</code> where the input 1807 * starts 1808 * @param inputLen the input length 1809 * @param output the buffer for the result 1810 * @param outputOffset the offset in <code>output</code> where the result 1811 * is stored 1812 * 1813 * @return the number of bytes stored in <code>output</code> 1814 * 1815 * @exception IllegalStateException if this cipher is in a wrong state 1816 * (e.g., has not been initialized) 1817 * @exception ShortBufferException if the given output buffer is too small 1818 * to hold the result 1819 */ 1820 public final int update(byte[] input, int inputOffset, int inputLen, 1821 byte[] output, int outputOffset) 1822 throws ShortBufferException { 1823 checkCipherState(); 1824 1825 // Input sanity check 1826 if (input == null || inputOffset < 0 1827 || inputLen > (input.length - inputOffset) || inputLen < 0 1828 || outputOffset < 0) { 1829 throw new IllegalArgumentException("Bad arguments"); 1830 } 1831 1832 updateProviderIfNeeded(); 1833 if (inputLen == 0) { 1834 return 0; 1835 } 1836 return spi.engineUpdate(input, inputOffset, inputLen, 1837 output, outputOffset); 1838 } 1839 1840 /** 1841 * Continues a multiple-part encryption or decryption operation 1842 * (depending on how this cipher was initialized), processing another data 1843 * part. 1844 * 1845 * <p>All <code>input.remaining()</code> bytes starting at 1846 * <code>input.position()</code> are processed. The result is stored 1847 * in the output buffer. 1848 * Upon return, the input buffer's position will be equal 1849 * to its limit; its limit will not have changed. The output buffer's 1850 * position will have advanced by n, where n is the value returned 1851 * by this method; the output buffer's limit will not have changed. 1852 * 1853 * <p>If <code>output.remaining()</code> bytes are insufficient to 1854 * hold the result, a <code>ShortBufferException</code> is thrown. 1855 * In this case, repeat this call with a larger output buffer. Use 1856 * {@link #getOutputSize(int) getOutputSize} to determine how big 1857 * the output buffer should be. 1858 * 1859 * <p>Note: this method should be copy-safe, which means the 1860 * <code>input</code> and <code>output</code> buffers can reference 1861 * the same block of memory and no unprocessed input data is overwritten 1862 * when the result is copied into the output buffer. 1863 * 1864 * @param input the input ByteBuffer 1865 * @param output the output ByteByffer 1866 * 1867 * @return the number of bytes stored in <code>output</code> 1868 * 1869 * @exception IllegalStateException if this cipher is in a wrong state 1870 * (e.g., has not been initialized) 1871 * @exception IllegalArgumentException if input and output are the 1872 * same object 1873 * @exception ReadOnlyBufferException if the output buffer is read-only 1874 * @exception ShortBufferException if there is insufficient space in the 1875 * output buffer 1876 * @since 1.5 1877 */ 1878 public final int update(ByteBuffer input, ByteBuffer output) 1879 throws ShortBufferException { 1880 checkCipherState(); 1881 1882 if ((input == null) || (output == null)) { 1883 throw new IllegalArgumentException("Buffers must not be null"); 1884 } 1885 if (input == output) { 1886 throw new IllegalArgumentException("Input and output buffers must " 1887 + "not be the same object, consider using buffer.duplicate()"); 1888 } 1889 if (output.isReadOnly()) { 1890 throw new ReadOnlyBufferException(); 1891 } 1892 1893 updateProviderIfNeeded(); 1894 return spi.engineUpdate(input, output); 1895 } 1896 1897 /** 1898 * Finishes a multiple-part encryption or decryption operation, depending 1899 * on how this cipher was initialized. 1900 * 1901 * <p>Input data that may have been buffered during a previous 1902 * <code>update</code> operation is processed, with padding (if requested) 1903 * being applied. 1904 * If an AEAD mode such as GCM/CCM is being used, the authentication 1905 * tag is appended in the case of encryption, or verified in the 1906 * case of decryption. 1907 * The result is stored in a new buffer. 1908 * 1909 * <p>Upon finishing, this method resets this cipher object to the state 1910 * it was in when previously initialized via a call to <code>init</code>. 1911 * That is, the object is reset and available to encrypt or decrypt 1912 * (depending on the operation mode that was specified in the call to 1913 * <code>init</code>) more data. 1914 * 1915 * <p>Note: if any exception is thrown, this cipher object may need to 1916 * be reset before it can be used again. 1917 * 1918 * @return the new buffer with the result 1919 * 1920 * @exception IllegalStateException if this cipher is in a wrong state 1921 * (e.g., has not been initialized) 1922 * @exception IllegalBlockSizeException if this cipher is a block cipher, 1923 * no padding has been requested (only in encryption mode), and the total 1924 * input length of the data processed by this cipher is not a multiple of 1925 * block size; or if this encryption algorithm is unable to 1926 * process the input data provided. 1927 * @exception BadPaddingException if this cipher is in decryption mode, 1928 * and (un)padding has been requested, but the decrypted data is not 1929 * bounded by the appropriate padding bytes 1930 * @exception AEADBadTagException if this cipher is decrypting in an 1931 * AEAD mode (such as GCM/CCM), and the received authentication tag 1932 * does not match the calculated value 1933 */ 1934 public final byte[] doFinal() 1935 throws IllegalBlockSizeException, BadPaddingException { 1936 checkCipherState(); 1937 1938 updateProviderIfNeeded(); 1939 return spi.engineDoFinal(null, 0, 0); 1940 } 1941 1942 /** 1943 * Finishes a multiple-part encryption or decryption operation, depending 1944 * on how this cipher was initialized. 1945 * 1946 * <p>Input data that may have been buffered during a previous 1947 * <code>update</code> operation is processed, with padding (if requested) 1948 * being applied. 1949 * If an AEAD mode such as GCM/CCM is being used, the authentication 1950 * tag is appended in the case of encryption, or verified in the 1951 * case of decryption. 1952 * The result is stored in the <code>output</code> buffer, starting at 1953 * <code>outputOffset</code> inclusive. 1954 * 1955 * <p>If the <code>output</code> buffer is too small to hold the result, 1956 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 1957 * call with a larger output buffer. Use 1958 * {@link #getOutputSize(int) getOutputSize} to determine how big 1959 * the output buffer should be. 1960 * 1961 * <p>Upon finishing, this method resets this cipher object to the state 1962 * it was in when previously initialized via a call to <code>init</code>. 1963 * That is, the object is reset and available to encrypt or decrypt 1964 * (depending on the operation mode that was specified in the call to 1965 * <code>init</code>) more data. 1966 * 1967 * <p>Note: if any exception is thrown, this cipher object may need to 1968 * be reset before it can be used again. 1969 * 1970 * @param output the buffer for the result 1971 * @param outputOffset the offset in <code>output</code> where the result 1972 * is stored 1973 * 1974 * @return the number of bytes stored in <code>output</code> 1975 * 1976 * @exception IllegalStateException if this cipher is in a wrong state 1977 * (e.g., has not been initialized) 1978 * @exception IllegalBlockSizeException if this cipher is a block cipher, 1979 * no padding has been requested (only in encryption mode), and the total 1980 * input length of the data processed by this cipher is not a multiple of 1981 * block size; or if this encryption algorithm is unable to 1982 * process the input data provided. 1983 * @exception ShortBufferException if the given output buffer is too small 1984 * to hold the result 1985 * @exception BadPaddingException if this cipher is in decryption mode, 1986 * and (un)padding has been requested, but the decrypted data is not 1987 * bounded by the appropriate padding bytes 1988 * @exception AEADBadTagException if this cipher is decrypting in an 1989 * AEAD mode (such as GCM/CCM), and the received authentication tag 1990 * does not match the calculated value 1991 */ 1992 public final int doFinal(byte[] output, int outputOffset) 1993 throws IllegalBlockSizeException, ShortBufferException, 1994 BadPaddingException { 1995 checkCipherState(); 1996 1997 // Input sanity check 1998 if ((output == null) || (outputOffset < 0)) { 1999 throw new IllegalArgumentException("Bad arguments"); 2000 } 2001 2002 updateProviderIfNeeded(); 2003 return spi.engineDoFinal(null, 0, 0, output, outputOffset); 2004 } 2005 2006 /** 2007 * Encrypts or decrypts data in a single-part operation, or finishes a 2008 * multiple-part operation. The data is encrypted or decrypted, 2009 * depending on how this cipher was initialized. 2010 * 2011 * <p>The bytes in the <code>input</code> buffer, and any input bytes that 2012 * may have been buffered during a previous <code>update</code> operation, 2013 * are processed, with padding (if requested) being applied. 2014 * If an AEAD mode such as GCM/CCM is being used, the authentication 2015 * tag is appended in the case of encryption, or verified in the 2016 * case of decryption. 2017 * The result is stored in a new buffer. 2018 * 2019 * <p>Upon finishing, this method resets this cipher object to the state 2020 * it was in when previously initialized via a call to <code>init</code>. 2021 * That is, the object is reset and available to encrypt or decrypt 2022 * (depending on the operation mode that was specified in the call to 2023 * <code>init</code>) more data. 2024 * 2025 * <p>Note: if any exception is thrown, this cipher object may need to 2026 * be reset before it can be used again. 2027 * 2028 * @param input the input buffer 2029 * 2030 * @return the new buffer with the result 2031 * 2032 * @exception IllegalStateException if this cipher is in a wrong state 2033 * (e.g., has not been initialized) 2034 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2035 * no padding has been requested (only in encryption mode), and the total 2036 * input length of the data processed by this cipher is not a multiple of 2037 * block size; or if this encryption algorithm is unable to 2038 * process the input data provided. 2039 * @exception BadPaddingException if this cipher is in decryption mode, 2040 * and (un)padding has been requested, but the decrypted data is not 2041 * bounded by the appropriate padding bytes 2042 * @exception AEADBadTagException if this cipher is decrypting in an 2043 * AEAD mode (such as GCM/CCM), and the received authentication tag 2044 * does not match the calculated value 2045 */ 2046 public final byte[] doFinal(byte[] input) 2047 throws IllegalBlockSizeException, BadPaddingException { 2048 checkCipherState(); 2049 2050 // Input sanity check 2051 if (input == null) { 2052 throw new IllegalArgumentException("Null input buffer"); 2053 } 2054 2055 updateProviderIfNeeded(); 2056 return spi.engineDoFinal(input, 0, input.length); 2057 } 2058 2059 /** 2060 * Encrypts or decrypts data in a single-part operation, or finishes a 2061 * multiple-part operation. The data is encrypted or decrypted, 2062 * depending on how this cipher was initialized. 2063 * 2064 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2065 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2066 * bytes that may have been buffered during a previous <code>update</code> 2067 * operation, are processed, with padding (if requested) being applied. 2068 * If an AEAD mode such as GCM/CCM is being used, the authentication 2069 * tag is appended in the case of encryption, or verified in the 2070 * case of decryption. 2071 * The result is stored in a new buffer. 2072 * 2073 * <p>Upon finishing, this method resets this cipher object to the state 2074 * it was in when previously initialized via a call to <code>init</code>. 2075 * That is, the object is reset and available to encrypt or decrypt 2076 * (depending on the operation mode that was specified in the call to 2077 * <code>init</code>) more data. 2078 * 2079 * <p>Note: if any exception is thrown, this cipher object may need to 2080 * be reset before it can be used again. 2081 * 2082 * @param input the input buffer 2083 * @param inputOffset the offset in <code>input</code> where the input 2084 * starts 2085 * @param inputLen the input length 2086 * 2087 * @return the new buffer with the result 2088 * 2089 * @exception IllegalStateException if this cipher is in a wrong state 2090 * (e.g., has not been initialized) 2091 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2092 * no padding has been requested (only in encryption mode), and the total 2093 * input length of the data processed by this cipher is not a multiple of 2094 * block size; or if this encryption algorithm is unable to 2095 * process the input data provided. 2096 * @exception BadPaddingException if this cipher is in decryption mode, 2097 * and (un)padding has been requested, but the decrypted data is not 2098 * bounded by the appropriate padding bytes 2099 * @exception AEADBadTagException if this cipher is decrypting in an 2100 * AEAD mode (such as GCM/CCM), and the received authentication tag 2101 * does not match the calculated value 2102 */ 2103 public final byte[] doFinal(byte[] input, int inputOffset, int inputLen) 2104 throws IllegalBlockSizeException, BadPaddingException { 2105 checkCipherState(); 2106 2107 // Input sanity check 2108 if (input == null || inputOffset < 0 2109 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2110 throw new IllegalArgumentException("Bad arguments"); 2111 } 2112 2113 updateProviderIfNeeded(); 2114 return spi.engineDoFinal(input, inputOffset, inputLen); 2115 } 2116 2117 /** 2118 * Encrypts or decrypts data in a single-part operation, or finishes a 2119 * multiple-part operation. The data is encrypted or decrypted, 2120 * depending on how this cipher was initialized. 2121 * 2122 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2123 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2124 * bytes that may have been buffered during a previous <code>update</code> 2125 * operation, are processed, with padding (if requested) being applied. 2126 * If an AEAD mode such as GCM/CCM is being used, the authentication 2127 * tag is appended in the case of encryption, or verified in the 2128 * case of decryption. 2129 * The result is stored in the <code>output</code> buffer. 2130 * 2131 * <p>If the <code>output</code> buffer is too small to hold the result, 2132 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 2133 * call with a larger output buffer. Use 2134 * {@link #getOutputSize(int) getOutputSize} to determine how big 2135 * the output buffer should be. 2136 * 2137 * <p>Upon finishing, this method resets this cipher object to the state 2138 * it was in when previously initialized via a call to <code>init</code>. 2139 * That is, the object is reset and available to encrypt or decrypt 2140 * (depending on the operation mode that was specified in the call to 2141 * <code>init</code>) more data. 2142 * 2143 * <p>Note: if any exception is thrown, this cipher object may need to 2144 * be reset before it can be used again. 2145 * 2146 * <p>Note: this method should be copy-safe, which means the 2147 * <code>input</code> and <code>output</code> buffers can reference 2148 * the same byte array and no unprocessed input data is overwritten 2149 * when the result is copied into the output buffer. 2150 * 2151 * @param input the input buffer 2152 * @param inputOffset the offset in <code>input</code> where the input 2153 * starts 2154 * @param inputLen the input length 2155 * @param output the buffer for the result 2156 * 2157 * @return the number of bytes stored in <code>output</code> 2158 * 2159 * @exception IllegalStateException if this cipher is in a wrong state 2160 * (e.g., has not been initialized) 2161 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2162 * no padding has been requested (only in encryption mode), and the total 2163 * input length of the data processed by this cipher is not a multiple of 2164 * block size; or if this encryption algorithm is unable to 2165 * process the input data provided. 2166 * @exception ShortBufferException if the given output buffer is too small 2167 * to hold the result 2168 * @exception BadPaddingException if this cipher is in decryption mode, 2169 * and (un)padding has been requested, but the decrypted data is not 2170 * bounded by the appropriate padding bytes 2171 * @exception AEADBadTagException if this cipher is decrypting in an 2172 * AEAD mode (such as GCM/CCM), and the received authentication tag 2173 * does not match the calculated value 2174 */ 2175 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2176 byte[] output) 2177 throws ShortBufferException, IllegalBlockSizeException, 2178 BadPaddingException { 2179 checkCipherState(); 2180 2181 // Input sanity check 2182 if (input == null || inputOffset < 0 2183 || inputLen > (input.length - inputOffset) || inputLen < 0) { 2184 throw new IllegalArgumentException("Bad arguments"); 2185 } 2186 2187 updateProviderIfNeeded(); 2188 return spi.engineDoFinal(input, inputOffset, inputLen, 2189 output, 0); 2190 } 2191 2192 /** 2193 * Encrypts or decrypts data in a single-part operation, or finishes a 2194 * multiple-part operation. The data is encrypted or decrypted, 2195 * depending on how this cipher was initialized. 2196 * 2197 * <p>The first <code>inputLen</code> bytes in the <code>input</code> 2198 * buffer, starting at <code>inputOffset</code> inclusive, and any input 2199 * bytes that may have been buffered during a previous 2200 * <code>update</code> operation, are processed, with padding 2201 * (if requested) being applied. 2202 * If an AEAD mode such as GCM/CCM is being used, the authentication 2203 * tag is appended in the case of encryption, or verified in the 2204 * case of decryption. 2205 * The result is stored in the <code>output</code> buffer, starting at 2206 * <code>outputOffset</code> inclusive. 2207 * 2208 * <p>If the <code>output</code> buffer is too small to hold the result, 2209 * a <code>ShortBufferException</code> is thrown. In this case, repeat this 2210 * call with a larger output buffer. Use 2211 * {@link #getOutputSize(int) getOutputSize} to determine how big 2212 * the output buffer should be. 2213 * 2214 * <p>Upon finishing, this method resets this cipher object to the state 2215 * it was in when previously initialized via a call to <code>init</code>. 2216 * That is, the object is reset and available to encrypt or decrypt 2217 * (depending on the operation mode that was specified in the call to 2218 * <code>init</code>) more data. 2219 * 2220 * <p>Note: if any exception is thrown, this cipher object may need to 2221 * be reset before it can be used again. 2222 * 2223 * <p>Note: this method should be copy-safe, which means the 2224 * <code>input</code> and <code>output</code> buffers can reference 2225 * the same byte array and no unprocessed input data is overwritten 2226 * when the result is copied into the output buffer. 2227 * 2228 * @param input the input buffer 2229 * @param inputOffset the offset in <code>input</code> where the input 2230 * starts 2231 * @param inputLen the input length 2232 * @param output the buffer for the result 2233 * @param outputOffset the offset in <code>output</code> where the result 2234 * is stored 2235 * 2236 * @return the number of bytes stored in <code>output</code> 2237 * 2238 * @exception IllegalStateException if this cipher is in a wrong state 2239 * (e.g., has not been initialized) 2240 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2241 * no padding has been requested (only in encryption mode), and the total 2242 * input length of the data processed by this cipher is not a multiple of 2243 * block size; or if this encryption algorithm is unable to 2244 * process the input data provided. 2245 * @exception ShortBufferException if the given output buffer is too small 2246 * to hold the result 2247 * @exception BadPaddingException if this cipher is in decryption mode, 2248 * and (un)padding has been requested, but the decrypted data is not 2249 * bounded by the appropriate padding bytes 2250 * @exception AEADBadTagException if this cipher is decrypting in an 2251 * AEAD mode (such as GCM/CCM), and the received authentication tag 2252 * does not match the calculated value 2253 */ 2254 public final int doFinal(byte[] input, int inputOffset, int inputLen, 2255 byte[] output, int outputOffset) 2256 throws ShortBufferException, IllegalBlockSizeException, 2257 BadPaddingException { 2258 checkCipherState(); 2259 2260 // Input sanity check 2261 if (input == null || inputOffset < 0 2262 || inputLen > (input.length - inputOffset) || inputLen < 0 2263 || outputOffset < 0) { 2264 throw new IllegalArgumentException("Bad arguments"); 2265 } 2266 2267 updateProviderIfNeeded(); 2268 return spi.engineDoFinal(input, inputOffset, inputLen, 2269 output, outputOffset); 2270 } 2271 2272 /** 2273 * Encrypts or decrypts data in a single-part operation, or finishes a 2274 * multiple-part operation. The data is encrypted or decrypted, 2275 * depending on how this cipher was initialized. 2276 * 2277 * <p>All <code>input.remaining()</code> bytes starting at 2278 * <code>input.position()</code> are processed. 2279 * If an AEAD mode such as GCM/CCM is being used, the authentication 2280 * tag is appended in the case of encryption, or verified in the 2281 * case of decryption. 2282 * The result is stored in the output buffer. 2283 * Upon return, the input buffer's position will be equal 2284 * to its limit; its limit will not have changed. The output buffer's 2285 * position will have advanced by n, where n is the value returned 2286 * by this method; the output buffer's limit will not have changed. 2287 * 2288 * <p>If <code>output.remaining()</code> bytes are insufficient to 2289 * hold the result, a <code>ShortBufferException</code> is thrown. 2290 * In this case, repeat this call with a larger output buffer. Use 2291 * {@link #getOutputSize(int) getOutputSize} to determine how big 2292 * the output buffer should be. 2293 * 2294 * <p>Upon finishing, this method resets this cipher object to the state 2295 * it was in when previously initialized via a call to <code>init</code>. 2296 * That is, the object is reset and available to encrypt or decrypt 2297 * (depending on the operation mode that was specified in the call to 2298 * <code>init</code>) more data. 2299 * 2300 * <p>Note: if any exception is thrown, this cipher object may need to 2301 * be reset before it can be used again. 2302 * 2303 * <p>Note: this method should be copy-safe, which means the 2304 * <code>input</code> and <code>output</code> buffers can reference 2305 * the same byte array and no unprocessed input data is overwritten 2306 * when the result is copied into the output buffer. 2307 * 2308 * @param input the input ByteBuffer 2309 * @param output the output ByteBuffer 2310 * 2311 * @return the number of bytes stored in <code>output</code> 2312 * 2313 * @exception IllegalStateException if this cipher is in a wrong state 2314 * (e.g., has not been initialized) 2315 * @exception IllegalArgumentException if input and output are the 2316 * same object 2317 * @exception ReadOnlyBufferException if the output buffer is read-only 2318 * @exception IllegalBlockSizeException if this cipher is a block cipher, 2319 * no padding has been requested (only in encryption mode), and the total 2320 * input length of the data processed by this cipher is not a multiple of 2321 * block size; or if this encryption algorithm is unable to 2322 * process the input data provided. 2323 * @exception ShortBufferException if there is insufficient space in the 2324 * output buffer 2325 * @exception BadPaddingException if this cipher is in decryption mode, 2326 * and (un)padding has been requested, but the decrypted data is not 2327 * bounded by the appropriate padding bytes 2328 * @exception AEADBadTagException if this cipher is decrypting in an 2329 * AEAD mode (such as GCM/CCM), and the received authentication tag 2330 * does not match the calculated value 2331 * 2332 * @since 1.5 2333 */ 2334 public final int doFinal(ByteBuffer input, ByteBuffer output) 2335 throws ShortBufferException, IllegalBlockSizeException, 2336 BadPaddingException { 2337 checkCipherState(); 2338 2339 if ((input == null) || (output == null)) { 2340 throw new IllegalArgumentException("Buffers must not be null"); 2341 } 2342 if (input == output) { 2343 throw new IllegalArgumentException("Input and output buffers must " 2344 + "not be the same object, consider using buffer.duplicate()"); 2345 } 2346 if (output.isReadOnly()) { 2347 throw new ReadOnlyBufferException(); 2348 } 2349 2350 updateProviderIfNeeded(); 2351 return spi.engineDoFinal(input, output); 2352 } 2353 2354 /** 2355 * Wrap a key. 2356 * 2357 * @param key the key to be wrapped. 2358 * 2359 * @return the wrapped key. 2360 * 2361 * @exception IllegalStateException if this cipher is in a wrong 2362 * state (e.g., has not been initialized). 2363 * 2364 * @exception IllegalBlockSizeException if this cipher is a block 2365 * cipher, no padding has been requested, and the length of the 2366 * encoding of the key to be wrapped is not a 2367 * multiple of the block size. 2368 * 2369 * @exception InvalidKeyException if it is impossible or unsafe to 2370 * wrap the key with this cipher (e.g., a hardware protected key is 2371 * being passed to a software-only cipher). 2372 */ 2373 public final byte[] wrap(Key key) 2374 throws IllegalBlockSizeException, InvalidKeyException { 2375 if (!(this instanceof NullCipher)) { 2376 if (!initialized) { 2377 throw new IllegalStateException("Cipher not initialized"); 2378 } 2379 if (opmode != Cipher.WRAP_MODE) { 2380 throw new IllegalStateException("Cipher not initialized " + 2381 "for wrapping keys"); 2382 } 2383 } 2384 2385 updateProviderIfNeeded(); 2386 return spi.engineWrap(key); 2387 } 2388 2389 /** 2390 * Unwrap a previously wrapped key. 2391 * 2392 * @param wrappedKey the key to be unwrapped. 2393 * 2394 * @param wrappedKeyAlgorithm the algorithm associated with the wrapped 2395 * key. 2396 * 2397 * @param wrappedKeyType the type of the wrapped key. This must be one of 2398 * <code>SECRET_KEY</code>, <code>PRIVATE_KEY</code>, or 2399 * <code>PUBLIC_KEY</code>. 2400 * 2401 * @return the unwrapped key. 2402 * 2403 * @exception IllegalStateException if this cipher is in a wrong state 2404 * (e.g., has not been initialized). 2405 * 2406 * @exception NoSuchAlgorithmException if no installed providers 2407 * can create keys of type <code>wrappedKeyType</code> for the 2408 * <code>wrappedKeyAlgorithm</code>. 2409 * 2410 * @exception InvalidKeyException if <code>wrappedKey</code> does not 2411 * represent a wrapped key of type <code>wrappedKeyType</code> for 2412 * the <code>wrappedKeyAlgorithm</code>. 2413 */ 2414 public final Key unwrap(byte[] wrappedKey, 2415 String wrappedKeyAlgorithm, 2416 int wrappedKeyType) 2417 throws InvalidKeyException, NoSuchAlgorithmException { 2418 2419 if (!(this instanceof NullCipher)) { 2420 if (!initialized) { 2421 throw new IllegalStateException("Cipher not initialized"); 2422 } 2423 if (opmode != Cipher.UNWRAP_MODE) { 2424 throw new IllegalStateException("Cipher not initialized " + 2425 "for unwrapping keys"); 2426 } 2427 } 2428 if ((wrappedKeyType != SECRET_KEY) && 2429 (wrappedKeyType != PRIVATE_KEY) && 2430 (wrappedKeyType != PUBLIC_KEY)) { 2431 throw new InvalidParameterException("Invalid key type"); 2432 } 2433 2434 updateProviderIfNeeded(); 2435 return spi.engineUnwrap(wrappedKey, 2436 wrappedKeyAlgorithm, 2437 wrappedKeyType); 2438 } 2439 2440 private AlgorithmParameterSpec getAlgorithmParameterSpec( 2441 AlgorithmParameters params) 2442 throws InvalidParameterSpecException { 2443 if (params == null) { 2444 return null; 2445 } 2446 2447 String alg = params.getAlgorithm().toUpperCase(Locale.ENGLISH); 2448 2449 if (alg.equalsIgnoreCase("RC2")) { 2450 return params.getParameterSpec(RC2ParameterSpec.class); 2451 } 2452 2453 if (alg.equalsIgnoreCase("RC5")) { 2454 return params.getParameterSpec(RC5ParameterSpec.class); 2455 } 2456 2457 if (alg.startsWith("PBE")) { 2458 return params.getParameterSpec(PBEParameterSpec.class); 2459 } 2460 2461 if (alg.startsWith("DES")) { 2462 return params.getParameterSpec(IvParameterSpec.class); 2463 } 2464 return null; 2465 } 2466 2467 /** 2468 * Returns the maximum key length for the specified transformation 2469 * according to the installed JCE jurisdiction policy files. If 2470 * JCE unlimited strength jurisdiction policy files are installed, 2471 * Integer.MAX_VALUE will be returned. 2472 * For more information on default key size in JCE jurisdiction 2473 * policy files, please see Appendix E in the 2474 * <a href= 2475 * "{@docRoot}openjdk-redirect.html?v=8&path=/technotes/guides/security/crypto/CryptoSpec.html#AppC"> 2476 * Java Cryptography Architecture Reference Guide</a>. 2477 * 2478 * @param transformation the cipher transformation. 2479 * @return the maximum key length in bits or Integer.MAX_VALUE. 2480 * @exception NullPointerException if <code>transformation</code> is null. 2481 * @exception NoSuchAlgorithmException if <code>transformation</code> 2482 * is not a valid transformation, i.e. in the form of "algorithm" or 2483 * "algorithm/mode/padding". 2484 * @since 1.5 2485 */ 2486 public static final int getMaxAllowedKeyLength(String transformation) 2487 throws NoSuchAlgorithmException { 2488 // Android-changed: Remove references to CryptoPermission and throw early 2489 // if transformation == null or isn't valid. 2490 // 2491 // CryptoPermission cp = getConfiguredPermission(transformation); 2492 // return cp.getMaxAllowedKeyLength(); 2493 if (transformation == null) { 2494 throw new NullPointerException("transformation == null"); 2495 } 2496 // Throws NoSuchAlgorithmException if necessary. 2497 tokenizeTransformation(transformation); 2498 return Integer.MAX_VALUE; 2499 } 2500 2501 /** 2502 * Returns an AlgorithmParameterSpec object which contains 2503 * the maximum cipher parameter value according to the 2504 * jurisdiction policy file. If JCE unlimited strength jurisdiction 2505 * policy files are installed or there is no maximum limit on the 2506 * parameters for the specified transformation in the policy file, 2507 * null will be returned. 2508 * 2509 * @param transformation the cipher transformation. 2510 * @return an AlgorithmParameterSpec which holds the maximum 2511 * value or null. 2512 * @exception NullPointerException if <code>transformation</code> 2513 * is null. 2514 * @exception NoSuchAlgorithmException if <code>transformation</code> 2515 * is not a valid transformation, i.e. in the form of "algorithm" or 2516 * "algorithm/mode/padding". 2517 * @since 1.5 2518 */ 2519 public static final AlgorithmParameterSpec getMaxAllowedParameterSpec( 2520 String transformation) throws NoSuchAlgorithmException { 2521 // Android-changed: Remove references to CryptoPermission and throw early 2522 // if transformation == null or isn't valid. 2523 // 2524 // CryptoPermission cp = getConfiguredPermission(transformation); 2525 // return cp.getAlgorithmParameterSpec(); 2526 if (transformation == null) { 2527 throw new NullPointerException("transformation == null"); 2528 } 2529 // Throws NoSuchAlgorithmException if necessary. 2530 tokenizeTransformation(transformation); 2531 return null; 2532 } 2533 2534 /** 2535 * Continues a multi-part update of the Additional Authentication 2536 * Data (AAD). 2537 * <p> 2538 * Calls to this method provide AAD to the cipher when operating in 2539 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2540 * either GCM or CCM mode, all AAD must be supplied before beginning 2541 * operations on the ciphertext (via the {@code update} and {@code 2542 * doFinal} methods). 2543 * 2544 * @param src the buffer containing the Additional Authentication Data 2545 * 2546 * @throws IllegalArgumentException if the {@code src} 2547 * byte array is null 2548 * @throws IllegalStateException if this cipher is in a wrong state 2549 * (e.g., has not been initialized), does not accept AAD, or if 2550 * operating in either GCM or CCM mode and one of the {@code update} 2551 * methods has already been called for the active 2552 * encryption/decryption operation 2553 * @throws UnsupportedOperationException if the corresponding method 2554 * in the {@code CipherSpi} has not been overridden by an 2555 * implementation 2556 * 2557 * @since 1.7 2558 */ 2559 public final void updateAAD(byte[] src) { 2560 if (src == null) { 2561 throw new IllegalArgumentException("src buffer is null"); 2562 } 2563 2564 updateAAD(src, 0, src.length); 2565 } 2566 2567 /** 2568 * Continues a multi-part update of the Additional Authentication 2569 * Data (AAD), using a subset of the provided buffer. 2570 * <p> 2571 * Calls to this method provide AAD to the cipher when operating in 2572 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2573 * either GCM or CCM mode, all AAD must be supplied before beginning 2574 * operations on the ciphertext (via the {@code update} and {@code 2575 * doFinal} methods). 2576 * 2577 * @param src the buffer containing the AAD 2578 * @param offset the offset in {@code src} where the AAD input starts 2579 * @param len the number of AAD bytes 2580 * 2581 * @throws IllegalArgumentException if the {@code src} 2582 * byte array is null, or the {@code offset} or {@code length} 2583 * is less than 0, or the sum of the {@code offset} and 2584 * {@code len} is greater than the length of the 2585 * {@code src} byte array 2586 * @throws IllegalStateException if this cipher is in a wrong state 2587 * (e.g., has not been initialized), does not accept AAD, or if 2588 * operating in either GCM or CCM mode and one of the {@code update} 2589 * methods has already been called for the active 2590 * encryption/decryption operation 2591 * @throws UnsupportedOperationException if the corresponding method 2592 * in the {@code CipherSpi} has not been overridden by an 2593 * implementation 2594 * 2595 * @since 1.7 2596 */ 2597 public final void updateAAD(byte[] src, int offset, int len) { 2598 checkCipherState(); 2599 2600 // Input sanity check 2601 if ((src == null) || (offset < 0) || (len < 0) 2602 || ((len + offset) > src.length)) { 2603 throw new IllegalArgumentException("Bad arguments"); 2604 } 2605 2606 updateProviderIfNeeded(); 2607 if (len == 0) { 2608 return; 2609 } 2610 spi.engineUpdateAAD(src, offset, len); 2611 } 2612 2613 /** 2614 * Continues a multi-part update of the Additional Authentication 2615 * Data (AAD). 2616 * <p> 2617 * Calls to this method provide AAD to the cipher when operating in 2618 * modes such as AEAD (GCM/CCM). If this cipher is operating in 2619 * either GCM or CCM mode, all AAD must be supplied before beginning 2620 * operations on the ciphertext (via the {@code update} and {@code 2621 * doFinal} methods). 2622 * <p> 2623 * All {@code src.remaining()} bytes starting at 2624 * {@code src.position()} are processed. 2625 * Upon return, the input buffer's position will be equal 2626 * to its limit; its limit will not have changed. 2627 * 2628 * @param src the buffer containing the AAD 2629 * 2630 * @throws IllegalArgumentException if the {@code src ByteBuffer} 2631 * is null 2632 * @throws IllegalStateException if this cipher is in a wrong state 2633 * (e.g., has not been initialized), does not accept AAD, or if 2634 * operating in either GCM or CCM mode and one of the {@code update} 2635 * methods has already been called for the active 2636 * encryption/decryption operation 2637 * @throws UnsupportedOperationException if the corresponding method 2638 * in the {@code CipherSpi} has not been overridden by an 2639 * implementation 2640 * 2641 * @since 1.7 2642 */ 2643 public final void updateAAD(ByteBuffer src) { 2644 checkCipherState(); 2645 2646 // Input sanity check 2647 if (src == null) { 2648 throw new IllegalArgumentException("src ByteBuffer is null"); 2649 } 2650 2651 updateProviderIfNeeded(); 2652 if (src.remaining() == 0) { 2653 return; 2654 } 2655 spi.engineUpdateAAD(src); 2656 } 2657 2658 /** 2659 * Returns the {@code CipherSpi} backing this {@code Cipher} or {@code null} if no 2660 * {@code CipherSpi} is backing this {@code Cipher}. 2661 * 2662 * @hide 2663 */ 2664 public CipherSpi getCurrentSpi() { 2665 return spi; 2666 } 2667 2668 /** The attribute used for supported paddings. */ 2669 private static final String ATTRIBUTE_PADDINGS = "SupportedPaddings"; 2670 2671 /** The attribute used for supported modes. */ 2672 private static final String ATTRIBUTE_MODES = "SupportedModes"; 2673 2674 /** 2675 * If the attribute listed exists, check that it matches the regular 2676 * expression. 2677 */ 2678 static boolean matchAttribute(Provider.Service service, String attr, String value) { 2679 if (value == null) { 2680 return true; 2681 } 2682 final String pattern = service.getAttribute(attr); 2683 if (pattern == null) { 2684 return true; 2685 } 2686 final String valueUc = value.toUpperCase(Locale.US); 2687 return valueUc.matches(pattern.toUpperCase(Locale.US)); 2688 } 2689 2690 /** Items that need to be set on the Cipher instance. */ 2691 enum NeedToSet { 2692 NONE, MODE, PADDING, BOTH, 2693 } 2694 2695 /** 2696 * Expresses the various types of transforms that may be used during 2697 * initialization. 2698 */ 2699 static class Transform { 2700 private final String name; 2701 private final NeedToSet needToSet; 2702 2703 public Transform(String name, NeedToSet needToSet) { 2704 this.name = name; 2705 this.needToSet = needToSet; 2706 } 2707 } 2708 2709 /** 2710 * Keeps track of the possible arguments to {@code Cipher#init(...)}. 2711 */ 2712 static class InitParams { 2713 final InitType initType; 2714 final int opmode; 2715 final Key key; 2716 final SecureRandom random; 2717 final AlgorithmParameterSpec spec; 2718 final AlgorithmParameters params; 2719 2720 InitParams(InitType initType, int opmode, Key key, SecureRandom random, 2721 AlgorithmParameterSpec spec, AlgorithmParameters params) { 2722 this.initType = initType; 2723 this.opmode = opmode; 2724 this.key = key; 2725 this.random = random; 2726 this.spec = spec; 2727 this.params = params; 2728 } 2729 } 2730 2731 /** 2732 * Used to keep track of which underlying {@code CipherSpi#engineInit(...)} 2733 * variant to call when testing suitability. 2734 */ 2735 static enum InitType { 2736 KEY, ALGORITHM_PARAMS, ALGORITHM_PARAM_SPEC, 2737 } 2738 2739 class SpiAndProviderUpdater { 2740 /** 2741 * Lock held while the SPI is initializing. 2742 */ 2743 private final Object initSpiLock = new Object(); 2744 2745 /** 2746 * The provider specified when instance created. 2747 */ 2748 private final Provider specifiedProvider; 2749 2750 /** 2751 * The SPI implementation. 2752 */ 2753 private final CipherSpi specifiedSpi; 2754 2755 SpiAndProviderUpdater(Provider specifiedProvider, CipherSpi specifiedSpi) { 2756 this.specifiedProvider = specifiedProvider; 2757 this.specifiedSpi = specifiedSpi; 2758 } 2759 2760 void setCipherSpiImplAndProvider(CipherSpi cipherSpi, Provider provider) { 2761 Cipher.this.spi = cipherSpi; 2762 Cipher.this.provider = provider; 2763 } 2764 2765 /** 2766 * Makes sure a CipherSpi that matches this type is selected. If 2767 * {@code key != null} then it assumes that a suitable provider exists for 2768 * this instance (used by {@link Cipher#init}. If the {@code initParams} is passed 2769 * in, then the {@code CipherSpi} returned will be initialized. 2770 * 2771 * @throws InvalidKeyException if the specified key cannot be used to 2772 * initialize this cipher. 2773 */ 2774 CipherSpiAndProvider updateAndGetSpiAndProvider( 2775 InitParams initParams, 2776 CipherSpi spiImpl, 2777 Provider provider) 2778 throws InvalidKeyException, InvalidAlgorithmParameterException { 2779 if (specifiedSpi != null) { 2780 return new CipherSpiAndProvider(specifiedSpi, provider); 2781 } 2782 synchronized (initSpiLock) { 2783 // This is not only a matter of performance. Many methods like update, doFinal, etc. 2784 // call {@code #getSpi()} (ie, {@code #getSpi(null /* params */)}) and without this 2785 // shortcut they would override an spi that was chosen using the key. 2786 if (spiImpl != null && initParams == null) { 2787 return new CipherSpiAndProvider(spiImpl, provider); 2788 } 2789 final CipherSpiAndProvider sap = tryCombinations( 2790 initParams, specifiedProvider, tokenizedTransformation); 2791 if (sap == null) { 2792 throw new ProviderException("No provider found for " 2793 + Arrays.toString(tokenizedTransformation)); 2794 } 2795 setCipherSpiImplAndProvider(sap.cipherSpi, sap.provider); 2796 return new CipherSpiAndProvider(sap.cipherSpi, sap.provider); 2797 } 2798 } 2799 2800 /** 2801 * Convenience call when the Key is not available. 2802 */ 2803 CipherSpiAndProvider updateAndGetSpiAndProvider(CipherSpi spiImpl, Provider provider) { 2804 try { 2805 return updateAndGetSpiAndProvider(null, spiImpl, provider); 2806 } catch (InvalidKeyException | InvalidAlgorithmParameterException e) { 2807 throw new ProviderException("Exception thrown when params == null", e); 2808 } 2809 } 2810 2811 CipherSpi getCurrentSpi(CipherSpi spiImpl) { 2812 if (specifiedSpi != null) { 2813 return specifiedSpi; 2814 } 2815 2816 synchronized (initSpiLock) { 2817 return spiImpl; 2818 } 2819 } 2820 } 2821 2822 /** 2823 * Tries to find the correct {@code Cipher} transform to use. Returns a 2824 * {@link org.apache.harmony.security.fortress.Engine.SpiAndProvider}, throws the first exception that was 2825 * encountered during attempted initialization, or {@code null} if there are 2826 * no providers that support the {@code initParams}. 2827 * <p> 2828 * {@code tokenizedTransformation} must be in the format returned by 2829 * {@link Cipher#checkTransformation(String)}. The combinations of mode strings 2830 * tried are as follows: 2831 * <ul> 2832 * <li><code>[cipher]/[mode]/[padding]</code> 2833 * <li><code>[cipher]/[mode]</code> 2834 * <li><code>[cipher]//[padding]</code> 2835 * <li><code>[cipher]</code> 2836 * </ul> 2837 * {@code services} is a list of cipher services. Needs to be non-null only if 2838 * {@code provider != null} 2839 */ 2840 static CipherSpiAndProvider tryCombinations(InitParams initParams, Provider provider, 2841 String[] tokenizedTransformation) 2842 throws InvalidKeyException, 2843 InvalidAlgorithmParameterException { 2844 // Enumerate all the transforms we need to try 2845 ArrayList<Transform> transforms = new ArrayList<Transform>(); 2846 if (tokenizedTransformation[1] != null && tokenizedTransformation[2] != null) { 2847 transforms.add(new Transform(tokenizedTransformation[0] + "/" + tokenizedTransformation[1] + "/" 2848 + tokenizedTransformation[2], NeedToSet.NONE)); 2849 } 2850 if (tokenizedTransformation[1] != null) { 2851 transforms.add(new Transform(tokenizedTransformation[0] + "/" + tokenizedTransformation[1], 2852 NeedToSet.PADDING)); 2853 } 2854 if (tokenizedTransformation[2] != null) { 2855 transforms.add(new Transform(tokenizedTransformation[0] + "//" + tokenizedTransformation[2], 2856 NeedToSet.MODE)); 2857 } 2858 transforms.add(new Transform(tokenizedTransformation[0], NeedToSet.BOTH)); 2859 2860 // Try each of the transforms and keep track of the first exception 2861 // encountered. 2862 Exception cause = null; 2863 2864 if (provider != null) { 2865 for (Transform transform : transforms) { 2866 Provider.Service service = provider.getService("Cipher", transform.name); 2867 if (service == null) { 2868 continue; 2869 } 2870 return tryTransformWithProvider(initParams, tokenizedTransformation, transform.needToSet, 2871 service); 2872 } 2873 } else { 2874 for (Provider prov : Security.getProviders()) { 2875 for (Transform transform : transforms) { 2876 Provider.Service service = prov.getService("Cipher", transform.name); 2877 if (service == null) { 2878 continue; 2879 } 2880 2881 if (initParams == null || initParams.key == null 2882 || service.supportsParameter(initParams.key)) { 2883 try { 2884 CipherSpiAndProvider sap = tryTransformWithProvider(initParams, 2885 tokenizedTransformation, transform.needToSet, service); 2886 if (sap != null) { 2887 return sap; 2888 } 2889 } catch (Exception e) { 2890 if (cause == null) { 2891 cause = e; 2892 } 2893 } 2894 } 2895 } 2896 } 2897 } 2898 if (cause instanceof InvalidKeyException) { 2899 throw (InvalidKeyException) cause; 2900 } else if (cause instanceof InvalidAlgorithmParameterException) { 2901 throw (InvalidAlgorithmParameterException) cause; 2902 } else if (cause instanceof RuntimeException) { 2903 throw (RuntimeException) cause; 2904 } else if (cause != null) { 2905 throw new InvalidKeyException("No provider can be initialized with given key", cause); 2906 } else if (initParams == null || initParams.key == null) { 2907 return null; 2908 } else { 2909 // Since the key is not null, a suitable provider exists, 2910 // and it is an InvalidKeyException. 2911 throw new InvalidKeyException( 2912 "No provider offers " + Arrays.toString(tokenizedTransformation) + " for " 2913 + initParams.key.getAlgorithm() + " key of class " 2914 + initParams.key.getClass().getName() + " and export format " 2915 + initParams.key.getFormat()); 2916 } 2917 } 2918 2919 static class CipherSpiAndProvider { 2920 CipherSpi cipherSpi; 2921 Provider provider; 2922 2923 CipherSpiAndProvider(CipherSpi cipherSpi, Provider provider) { 2924 this.cipherSpi = cipherSpi; 2925 this.provider = provider; 2926 } 2927 } 2928 2929 /** 2930 * Tries to initialize the {@code Cipher} from a given {@code service}. If 2931 * initialization is successful, the initialized {@code spi} is returned. If 2932 * the {@code service} cannot be initialized with the specified 2933 * {@code initParams}, then it's expected to throw 2934 * {@code InvalidKeyException} or {@code InvalidAlgorithmParameterException} 2935 * as a hint to the caller that it should continue searching for a 2936 * {@code Service} that will work. 2937 */ 2938 static CipherSpiAndProvider tryTransformWithProvider(InitParams initParams, 2939 String[] tokenizedTransformation, NeedToSet type, Provider.Service service) 2940 throws InvalidKeyException, InvalidAlgorithmParameterException { 2941 try { 2942 /* 2943 * Check to see if the Cipher even supports the attributes before 2944 * trying to instantiate it. 2945 */ 2946 if (!matchAttribute(service, ATTRIBUTE_MODES, tokenizedTransformation[1]) 2947 || !matchAttribute(service, ATTRIBUTE_PADDINGS, tokenizedTransformation[2])) { 2948 return null; 2949 } 2950 2951 CipherSpiAndProvider sap = new CipherSpiAndProvider( 2952 (CipherSpi) service.newInstance(null), service.getProvider()); 2953 if (sap.cipherSpi == null || sap.provider == null) { 2954 return null; 2955 } 2956 CipherSpi spi = sap.cipherSpi; 2957 if (((type == NeedToSet.MODE) || (type == NeedToSet.BOTH)) 2958 && (tokenizedTransformation[1] != null)) { 2959 spi.engineSetMode(tokenizedTransformation[1]); 2960 } 2961 if (((type == NeedToSet.PADDING) || (type == NeedToSet.BOTH)) 2962 && (tokenizedTransformation[2] != null)) { 2963 spi.engineSetPadding(tokenizedTransformation[2]); 2964 } 2965 2966 if (initParams != null) { 2967 switch (initParams.initType) { 2968 case ALGORITHM_PARAMS: 2969 spi.engineInit(initParams.opmode, initParams.key, initParams.params, 2970 initParams.random); 2971 break; 2972 case ALGORITHM_PARAM_SPEC: 2973 spi.engineInit(initParams.opmode, initParams.key, initParams.spec, 2974 initParams.random); 2975 break; 2976 case KEY: 2977 spi.engineInit(initParams.opmode, initParams.key, initParams.random); 2978 break; 2979 default: 2980 throw new AssertionError("This should never be reached"); 2981 } 2982 } 2983 return new CipherSpiAndProvider(spi, sap.provider); 2984 } catch (NoSuchAlgorithmException ignored) { 2985 } catch (NoSuchPaddingException ignored) { 2986 } 2987 return null; 2988 } 2989 } 2990
