oracle.security.crypto.cryptoki.crypto

Class CkiSymmetricCipher

java.lang.Object

BlockCipher

oracle.security.crypto.cryptoki.crypto.CkiSymmetricCipher

public class CkiSymmetricCipher
extends BlockCipher

A class representing symmetric block ciphers on a PKCS #11 token.

Constructor Summary

Constructors

Constructor and Description
CkiSymmetricCipher() Empty constructor.

Method Summary

Modifier and Type	Method and Description
java.lang.String	algName() Returns the name of the algorithm used by this Symmetric Cipher object.
byte[]	decrypt(byte[] bytes)
byte[]	decrypt(byte[] bytes, int offset, int length, boolean unpad) Decrypts a sequence of bytes of specified length and, if specified, removes padding.
void	decrypt(byte[] in, int inOff, int inLen, byte[] out, int outOff) Decrypt an array of bytes.
void	decryptBlock(byte[] in, int inOff, byte[] out, int outOff)
void	decryptOp(byte[] in, int inOff, byte[] out, int outOff) Deprecated.
byte[]	encrypt(byte[] bytes)
byte[]	encrypt(byte[] bytes, int offset, int length, boolean pad) Encrypts a sequence of bytes of specified length and, if specified, performs padding.
void	encrypt(byte[] in, int inOff, int inLen, byte[] out, int outOff) Encrypt an array of bytes.
void	encryptBlock(byte[] in, int inOff, byte[] out, int outOff)
void	encryptOp(byte[] in, int inOff, byte[] out, int outOff) Deprecated.
void	erase() Erases the keys and the sensitive data of this CkiSymmetricCipher object.
protected void	finalize()
AlgorithmIdentifier	getAlgID() Returns the AlgorithmIdentifier used by this object.
static long	getBlockSize(AlgorithmIdentifier algID) Returns the blocksize of a symmetric cipher given the algID
static long	getCkiMechanismID(AlgorithmIdentifier algID) Returns the Cryptoki mechanism type given the algID parameter.
static long	getCkiObjectID(AlgorithmIdentifier algID) Returns the Cryptoki key type given the algID parameter.
int	getEffectiveKeyLength() Returns the effective key length.
void	initialize(AlgorithmIdentifier algID, Key key) This method verifies the AlgorithmIdentifier's Object ID and configures the CkiSymmetricCipher instance appropriately with the params of the AlgorithmIdentifier in addition to the Key.
void	initialize(AlgorithmIdentifier algID, SymmetricKey key, Padding.ID paddingID) This method may be used to initialize the CkiSymmetricCipher instance for use.
void	setAlgID(AlgorithmIdentifier algID) Deprecated.
void	setDecryptionKey(Key key) Deprecated.
void	setEffectiveKeyLength(int len) Sets the effective key length.
void	setEncryptionKey(Key key) Deprecated.
void	setIV(byte[] iv) Deprecated.
void	setKey(SymmetricKey userKey) Deprecated.
void	setSession(CkiMgtSession session) Sets the CkiMgtSession to use.

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CkiSymmetricCipher

public CkiSymmetricCipher()

Empty constructor. If used, the next method to call before any other methods is @see #setAlgID.

Method Detail

initialize

public void initialize(AlgorithmIdentifier algID,
                       Key key)
                throws AlgorithmIdentifierException,
                       InvalidKeyException,
                       CipherException

This method verifies the AlgorithmIdentifier's Object ID and configures the CkiSymmetricCipher instance appropriately with the params of the AlgorithmIdentifier in addition to the Key. Padding is set to Padding.NONE.

Parameters:

algID - is the AlgorithmIdentifier whose params will be used to configure the cipher.

key - is the Key instance that will be cloned and used by the cipher internally. This instance will be erased when the Cipher.erase() is called.

Throws:

AlgorithmIdentifierException - is thrown if the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.

InvalidKeyException - is thrown if there is a problem with the Key instance the Cipher is being initialized with.

CipherException - is thrown if the op argument is null.

initialize

public void initialize(AlgorithmIdentifier algID,
                       SymmetricKey key,
                       Padding.ID paddingID)
                throws AlgorithmIdentifierException,
                       InvalidKeyException,
                       CipherException

This method may be used to initialize the CkiSymmetricCipher instance for use.

Parameters:

algID - is the AlgorithmIdentifier whose params will be used to configure the cipher.

key - is the Key instance that will be cloned and used by the cipher internally. This instance will be erased when the Cipher.erase() is called.

paddingID - is used to indicate the type of padding that the Cipher should use. Options are Padding.NONE or Padding.PKCS5. A Cipher must be re-initialized before being used with the other Padding type.

Throws:

AlgorithmIdentifierException - is thrown if the algID's OID isn't valid for the Cipher instance being initialized or if the params are not valid for the algID's OID.

InvalidKeyException - is thrown if there is a problem with the Key instance the Cipher is being initialized with.

CipherException - is thrown if there is a problem initializing the Cipher.

setSession

public void setSession(CkiMgtSession session)

Sets the CkiMgtSession to use.

setAlgID

public void setAlgID(AlgorithmIdentifier algID)
              throws AlgorithmIdentifierException

Deprecated.

Sets the AlgorithmIdentifier for this SymmetricCipher object.

Throws:

AlgorithmIdentifierException

getAlgID

public AlgorithmIdentifier getAlgID()

Returns the AlgorithmIdentifier used by this object.

algName

public java.lang.String algName()

Returns the name of the algorithm used by this Symmetric Cipher object.

encrypt

public byte[] encrypt(byte[] bytes)
               throws CipherException

Throws:

CipherException

encrypt

public byte[] encrypt(byte[] bytes,
                      int offset,
                      int length,
                      boolean pad)
               throws CipherException

Encrypts a sequence of bytes of specified length and, if specified, performs padding.

Parameters:

bytes - Buffer in which data to be encrypted is stored.

offset - Offset within buffer of the start of the data.

length - The length of the data.

pad - True if padding is to be used, false otherwise.

Returns:

the encrypted bytes

Throws:

CipherException - if cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

encrypt

public void encrypt(byte[] in,
                    int inOff,
                    int inLen,
                    byte[] out,
                    int outOff)
             throws CipherException

Encrypt an array of bytes. Does not use padding.

Parameters:

in - array of bytes to be encrypted

inOff - offset of the start of data

inLen - the length of the data

out - array to place the encrypted bytes

outOff - offset of the start of the encrypted bytes

Throws:

CipherException - thrown if cipher not initialized, block size incorrect, etc.

encryptBlock

public void encryptBlock(byte[] in,
                         int inOff,
                         byte[] out,
                         int outOff)
                  throws CipherException

Throws:

CipherException

encryptOp

public void encryptOp(byte[] in,
                      int inOff,
                      byte[] out,
                      int outOff)
               throws CipherException

Deprecated.

Encrypts a sequence of bytes of length exactly equal to the block size.

Parameters:

in - buffer in which data to be encrypted is stored

inOff - offset within input buffer of the start of data

out - buffer to place the encrypted bytes in

outOff - offset within output buffer where the encrypted bytes will be stored

Throws:

CipherException - if cipher not initialized, length of data is not equal to the block size, etc.

decrypt

public byte[] decrypt(byte[] bytes)
               throws CipherException

Throws:

CipherException

decrypt

public byte[] decrypt(byte[] bytes,
                      int offset,
                      int length,
                      boolean unpad)
               throws CipherException

Decrypts a sequence of bytes of specified length and, if specified, removes padding.

Parameters:

bytes - Buffer in which data to be decrypted is stored.

offset - Offset within buffer of the start of data.

length - The length of the data

unpad - True if padding is to be removed, false otherwise

Returns:

the decrypted bytes

Throws:

CipherException - if cipher not initialized, data is not a multiple of the block size and no padding is specified, etc.

decrypt

public void decrypt(byte[] in,
                    int inOff,
                    int inLen,
                    byte[] out,
                    int outOff)
             throws CipherException

Decrypt an array of bytes. Does not remove padding.

Parameters:

in - array of bytes to be decrypted

inOff - offset of the start of data

inLen - the length of the data

out - array to place the decrypted bytes

outOff - offset of the start of the decrypted bytes

Throws:

CipherException - thrown if cipher not initialized, block size incorrect, etc.

decryptBlock

public void decryptBlock(byte[] in,
                         int inOff,
                         byte[] out,
                         int outOff)
                  throws CipherException

Throws:

CipherException

decryptOp

public void decryptOp(byte[] in,
                      int inOff,
                      byte[] out,
                      int outOff)
               throws CipherException

Deprecated.

Decrypts a sequence of bytes, of length exactly equal to the block size.

Parameters:

in - Buffer in which data to be decrypted is stored.

inOff - Offset within input buffer of the start of data.

out - Buffer to place the decrypted bytes in

outOff - Offset within output buffer where the encrypted bytes will be stored.

Throws:

CipherException - thrown if cipher not initialized, length of data is not equal to the block size, etc.

setIV

public void setIV(byte[] iv)
           throws CipherException

Deprecated.

Sets the IV used for CBC mode.

Parameters:

iv - the IV

Throws:

CipherException

setEffectiveKeyLength

public void setEffectiveKeyLength(int len)
                           throws CipherException

Sets the effective key length. This must be called before calling setKey, otherwise the default value will be used.

Parameters:

len - the effective key length in bits.

Throws:

CipherException

getEffectiveKeyLength

public int getEffectiveKeyLength()

Returns the effective key length.

Returns:

the effective key length in bits.

setKey

public void setKey(SymmetricKey userKey)
            throws InvalidKeyException

Deprecated.

Sets the encryption/decryption key and initializes the cipher.

The algorithm-specified key expansion is performed at this time.

Throws:

InvalidKeyException

setEncryptionKey

public void setEncryptionKey(Key key)
                      throws InvalidKeyException

Deprecated.

Throws:

InvalidKeyException

setDecryptionKey

public void setDecryptionKey(Key key)
                      throws InvalidKeyException

Deprecated.

Throws:

InvalidKeyException

getCkiObjectID

public static long getCkiObjectID(AlgorithmIdentifier algID)

Returns the Cryptoki key type given the algID parameter.

Parameters:

algID - The algorithm identifier of the symmetric key.

getCkiMechanismID

public static long getCkiMechanismID(AlgorithmIdentifier algID)

Returns the Cryptoki mechanism type given the algID parameter.

Parameters:

algID - The algorithm identifier of the symmetric cipher.

getBlockSize

public static long getBlockSize(AlgorithmIdentifier algID)

Returns the blocksize of a symmetric cipher given the algID

erase

public void erase()

Erases the keys and the sensitive data of this CkiSymmetricCipher object.

finalize

protected void finalize()