All Packages  Class Hierarchy  This Package  Previous  Next  Index

Class javax.crypto.CipherSpi

java.lang.Object
   |
   +----javax.crypto.CipherSpi

public abstract class CipherSpi
extends Object
This class defines the Service Provider Interface (SPI) for the Cipher class. All the abstract methods in this class must be implemented by each cryptographic service provider who wishes to supply the implementation of a particular cipher algorithm.

In order to create an instance of Cipher, which encapsulates an instance of this CipherSpi class, an application calls one of the getInstance factory methods of the Cipher engine class and specifies the requested transformation. Optionally, the application may also specify the name of a provider.

A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., DES), and may be followed by a feedback mode and padding scheme.

A transformation is of the form:

(in the latter case, provider-specific default values for the mode and padding scheme are used). For example, the following is a valid transformation:

 Cipher c = Cipher.getInstance("DES/CBC/PKCS5Padding");
 

A provider may supply a separate class for each combination of algorithm/mode/padding, or may decide to provide more generic classes representing sub-transformations corresponding to algorithm or algorithm/mode or algorithm//padding (note the double slashes), in which case the requested mode and/or padding are set automatically by the getInstance methods of Cipher, which invoke the engineSetMode and engineSetPadding methods of the provider's subclass of CipherSpi.

A Cipher property in a provider master class may have one of the following formats:

For example, a provider may supply a subclass of CipherSpi that implements DES/ECB/PKCS5Padding, one that implements DES/CBC/PKCS5Padding, one that implements DES/CFB/PKCS5Padding, and yet another one that implements DES/OFB/PKCS5Padding. That provider would have the following Cipher properties in its master class:

Another provider may implement a class for each of the above modes (i.e., one class for ECB, one for CBC, one for CFB, and one for OFB), one class for PKCS5Padding, and a generic DES class that subclasses from CipherSpi. That provider would have the following Cipher properties in its master class:

The getInstance factory method of the Cipher engine class follows these rules in order to instantiate a provider's implementation of CipherSpi for a transformation of the form "algorithm":

  1. Check if the provider has registered a subclass of CipherSpi for the specified "algorithm".

    If the answer is YES, instantiate this class, for whose mode and padding scheme default values (as supplied by the provider) are used.

    If the answer is NO, throw a NoSuchAlgorithmException exception.

The getInstance factory method of the Cipher engine class follows these rules in order to instantiate a provider's implementation of CipherSpi for a transformation of the form "algorithm/mode/padding":

  1. Check if the provider has registered a subclass of CipherSpi for the specified "algorithm/mode/padding" transformation.

    If the answer is YES, instantiate it.

    If the answer is NO, go to the next step.

  2. Check if the provider has registered a subclass of CipherSpi for the sub-transformation "algorithm/mode".

    If the answer is YES, instantiate it, and call engineSetPadding(padding) on the new instance.

    If the answer is NO, go to the next step.

  3. Check if the provider has registered a subclass of CipherSpi for the sub-transformation "algorithm//padding" (note the double slashes).

    If the answer is YES, instantiate it, and call engineSetMode(mode) on the new instance.

    If the answer is NO, go to the next step.

  4. Check if the provider has registered a subclass of CipherSpi for the sub-transformation "algorithm".

    If the answer is YES, instantiate it, and call engineSetMode(mode) and engineSetPadding(padding) on the new instance.

    If the answer is NO, throw a NoSuchAlgorithmException exception.

    See Also:
    KeyGenerator, SecretKey

    Variable Index

     o ident

    Constructor Index

     o CipherSpi()

    Method Index

     o engineDoFinal(byte[], int, int)
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
     o engineDoFinal(byte[], int, int, byte[], int)
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
     o engineGetBlockSize()
    Returns the block size (in bytes).
     o engineGetIV()
    Returns the initialisation vector (IV) in a new buffer.
     o engineGetOutputSize(int)
    Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).
     o engineGetParameters()
    Returns the parameters used with this cipher.
     o engineInit(int, Key, AlgorithmParameters, SecureRandom)
    Initialises this cipher with a key, a set of algorithm parameters, and a source of randomness.
     o engineInit(int, Key, AlgorithmParameterSpec, SecureRandom)
    Initialises this cipher with a key, a set of algorithm parameters, and a source of randomness.
     o engineInit(int, Key, SecureRandom)
    Initialises this cipher with a key and a source of randomness.
     o engineSetMode(String)
    Sets the mode of this cipher.
     o engineSetPadding(String)
    Sets the padding mechanism of this cipher.
     o engineUpdate(byte[], int, int)
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialised), processing another data part.
     o engineUpdate(byte[], int, int, byte[], int)
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialised), processing another data part.

    Variables

     o ident
     public static final String ident
    

    Constructors

     o CipherSpi
     public CipherSpi()
    

    Methods

     o engineSetMode
     protected abstract void engineSetMode(String mode) throws NoSuchAlgorithmException
    
    Sets the mode of this cipher.

    Parameters:
    mode - the cipher mode
    Throws: NoSuchAlgorithmException
    if the requested cipher mode does not exist
     o engineSetPadding
     protected abstract void engineSetPadding(String padding) throws NoSuchPaddingException
    
    Sets the padding mechanism of this cipher.

    Parameters:
    padding - the padding mechanism
    Throws: NoSuchPaddingException
    if the requested padding mechanism does not exist.
     o engineGetBlockSize
     protected abstract int engineGetBlockSize()
    
    Returns the block size (in bytes).

    Returns:
    the block size (in bytes), or 0 if the underlying algorithm is not a block cipher
     o engineGetOutputSize
     protected abstract int engineGetOutputSize(int inputLen)
    
    Returns the length in bytes that an output buffer would need to be in order to hold the result of the next update or doFinal operation, given the input length inputLen (in bytes).

    This call takes into account any unprocessed (buffered) data from a previous update call, and padding.

    The actual output length of the next update or doFinal call may be smaller than the length returned by this method.

    Parameters:
    inputLen - the input length (in bytes)
    Returns:
    the required output buffer size (in bytes)
     o engineGetIV
     protected abstract byte[] engineGetIV()
    
    Returns the initialisation vector (IV) in a new buffer.

    This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.

    Returns:
    the initialisation vector in a new buffer, or null if the underlying algorithm does not use an IV, or if the IV has not yet been set.
     o engineGetParameters
     protected abstract AlgorithmParameters engineGetParameters()
    
    Returns the parameters used with this cipher.

    The returned parameters may be the same that were used to initialise this cipher, or may contain the default set of parameters or a set of randomly generated parameters used by the underlying cipher implementation (provided that the underlying cipher implementation uses a default set of parameters or creates new parameters if it needs parameters but was not initialised with any).

    Returns:
    the parameters used with this cipher, or null if this cipher does not use any parameters.
     o engineInit
     protected abstract void engineInit(int opmode,
                                        Key key,
                                        SecureRandom random) throws InvalidKeyException
    
    Initialises this cipher with a key and a source of randomness.

    The cipher is initialised for encryption or decryption, depending on the value of opmode.

    If this cipher requires any algorithm parameters that cannot be derived from the given key, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialised for encryption, and raise an InvalidKeyException if it is being initialised for decryption. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

    Note that when a Cipher object is initialised, it loses all previously-acquired state. In other words, initialising a Cipher is equivalent to creating a new instance of that Cipher and initialising it

    Parameters:
    opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
    key - the encryption key
    random - the source of randomness
    Throws: InvalidKeyException
    if the given key is inappropriate for initialising this cipher
     o engineInit
     protected abstract void engineInit(int opmode,
                                        Key key,
                                        AlgorithmParameterSpec params,
                                        SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
    
    Initialises this cipher with a key, a set of algorithm parameters, and a source of randomness.

    The cipher is initialised for encryption or decryption, depending on the value of opmode.

    If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialised for encryption, and raise an InvalidAlgorithmParameterException if it is being initialised for decryption. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

    Note that when a Cipher object is initialised, it loses all previously-acquired state. In other words, initialising a Cipher is equivalent to creating a new instance of that Cipher and initialising it.

    Parameters:
    opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
    key - the encryption key
    params - the algorithm parameters
    random - the source of randomness
    Throws: InvalidKeyException
    if the given key is inappropriate for initialising this cipher
    Throws: InvalidAlgorithmParameterException
    if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialised fro decryption and requires algorithm parameters and params is null
     o engineInit
     protected abstract void engineInit(int opmode,
                                        Key key,
                                        AlgorithmParameters params,
                                        SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException
    
    Initialises this cipher with a key, a set of algorithm parameters, and a source of randomness.

    The cipher is initialised for encryption or decryption, depending on the value of opmode.

    If this cipher requires any algorithm parameters and params is null, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialised for encryption, and raise an InvalidAlgorithmParameterException if it is being initialised for decryption. The generated parameters can be retrieved using engineGetParameters or engineGetIV (if the parameter is an IV).

    If this cipher (including its underlying feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from random.

    Note that when a Cipher object is initialised, it loses all previously-acquired state. In other words, initialising a Cipher is equivalent to creating a new instance of that Cipher and initialising it.

    Parameters:
    opmode - the operation mode of this cipher (this is either ENCRYPT_MODE or DECRYPT_MODE)
    key - the encryption key
    params - the algorithm parameters
    random - the source of randomness
    Throws: InvalidKeyException
    if the given key is inappropriate for initialising this cipher
    Throws: InvalidAlgorithmParameterException
    if the given algorithm parameters are inappropriate for this cipher, or if this cipher is being initialised fro decryption and requires algorithm parameters and params is null
     o engineUpdate
     protected abstract byte[] engineUpdate(byte input[],
                                            int inputOff,
                                            int inputLen)
    
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialised), processing another data part.

    The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in a new buffer.

    Parameters:
    input - the input buffer
    inputOffset - the offset in input where the input starts
    inputLen - the input length
    Returns:
    the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.
     o engineUpdate
     protected abstract int engineUpdate(byte input[],
                                         int inputOff,
                                         int inputLen,
                                         byte output[],
                                         int outputOff) throws ShortBufferException
    
    Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialised), processing another data part.

    The first inputLen bytes in the input buffer, starting at inputOffset, are processed, and the result is stored in the output buffer, starting at outputOffset.

    If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

    Parameters:
    input - the input buffer
    inputOffset - the offset in input where the input starts
    inputLen - the input length
    output - the buffer for the result
    outputOffset - the offset in output where the result is stored
    Returns:
    the number of bytes stored in output
    Throws: ShortBufferException
    if the given output buffer is too small to hold the result
     o engineDoFinal
     protected abstract byte[] engineDoFinal(byte input[],
                                             int inputOffset,
                                             int inputLen) throws IllegalBlockSizeException, BadPaddingException
    
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialised.

    The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in a new buffer.

    The cipher is reset to its initial state (uninitialised) after this call.

    Parameters:
    input - the input buffer
    inputOffset - the offset in input where the input starts
    inputLen - the input length
    Returns:
    the new buffer with the result
    Throws: IllegalBlockSizeException
    if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
    Throws: BadPaddingException
    if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes.
     o engineDoFinal
     protected abstract int engineDoFinal(byte input[],
                                          int inputOff,
                                          int inputLen,
                                          byte output[],
                                          int outputOff) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException
    
    Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialised.

    The first inputLen bytes in the input buffer, starting at inputOffset, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. The result is stored in the output buffer, starting at outputOffset.

    If the output buffer is too small to hold the result, a ShortBufferException is thrown. In this case, repeat this call with a larger output buffer. Use getOutputSize to determine how big the output buffer should be.

    Parameters:
    input - the input buffer
    inputOffset - - the offset in input where the input starts
    inputLen - - the input length
    output - - the buffer for the result
    outputOffset - - the offset in output where the result is stored
    Returns:
    s the number of bytes stored in output
    Throws: IllegalBlockSizeException
    if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size
    Throws: ShortBufferException
    if the given output buffer is too small to hold the result
    Throws: BadPaddingException
    if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

    All Packages  Class Hierarchy  This Package  Previous  Next  Index