iaik.pkcs.pkcs11.provider.ciphers

Class BlockCipher

java.lang.Object

javax.crypto.CipherSpi

iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

iaik.pkcs.pkcs11.provider.ciphers.BlockCipher

All Implemented Interfaces:

PKCS11EngineClass

Direct Known Subclasses:

AesCipher, Cast128Cipher, Cast3Cipher, CastCipher, DesCipher, DesEdeCipher, IdeaCipher, Rc2Cipher, Rc5Cipher

public abstract class BlockCipher
extends PKCS11Cipher

This is an implementation of a DES Cipher class that uses the IAIK PKCS#11 wrapper to access the token. It only works with IAIKPKCS11SecretKey.

Author:

Karl Scheibelhofer

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	DEFAULT_MODE The defualt mode of operation for this cipher.
protected static java.lang.String	DEFAULT_PADDING The defualt padding scheme for this cipher.
protected iaik.pkcs.pkcs11.provider.ciphers.Padding	externalPadding_ The implementation of the current external padding.
protected static java.util.Vector	externalPaddings_ The supported software padding schemes of this cipher.
protected java.security.spec.AlgorithmParameterSpec	ivParameterSpec_ The current initialization vector parameter.
protected boolean	ivParameterSpecChanged_ Indicates that the ivParameterSpec_ has been changed.
protected java.util.Hashtable	modePaddingMechanisms_ The mapping from mode + "/" + padding to the cryptoki mechanism.
protected static java.util.Vector	supportedModes_ The supported modes of operation of this cipher.
protected static java.util.Vector	supportedPaddings_ The supported padding schemes of this cipher.

Fields inherited from class iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

currentKeyIsSoftwareKey_, DUMMY_DATA, initialized_, key_, keyObject_, mechanism_, mode_, modeChanged_, operationMode_, padding_, paddingChanged_, parameters_, parameterSpecs_, pkcs11OperationInitialized_, session_, softwareDelegate_, tokenManager_, unwrapTemplate_, updateUsed_, usedMechanismInfos_, usedMechanisms_

Constructor Summary

Constructors

Constructor and Description
BlockCipher() Default constructor.

Method Summary

Modifier and Type	Method and Description
protected void	checkKeyObject(iaik.pkcs.pkcs11.objects.Key keyObject) Check the given key object, if it is acceptable for this cipher.
protected abstract iaik.pkcs.pkcs11.Mechanism	getDefaultMechanism() Get the default mechanism of this cipher.
protected java.lang.String	getDefaultMode() Get the default mode of operation of this cipher.
protected java.lang.String	getDefaultPadding() Get the default padding scheme of this cipher.
protected iaik.pkcs.pkcs11.Mechanism	getMechanism() Get the current mechanism of this cipher object.
protected iaik.pkcs.pkcs11.Mechanism	getMechanismForModeAndPadding() This method returns a mechanism object that corresponds to the currently set mode and padding.
protected abstract java.util.Hashtable	getModePaddingMechanisms() Get the hashtable that maps from mode + "/" + padding to the cryptoki mechanism.
protected iaik.pkcs.pkcs11.MechanismInfo[][]	getUsedMechanismFeatures() Returns a two-dimensional array of MechanismInfos that this engine class uses.
protected static boolean	isExternalPaddingSupported(java.lang.String padding) Check, if an external software implementation is available for the given padding scheme.
protected boolean	isModeSupported(java.lang.String mode) Check, if the given mode of operation is supported by this cipher.
protected boolean	isPaddingSupported(java.lang.String padding) Check, if the given padding scheme is supported by this cipher.
protected byte[]	pkcs11DoFinal(byte[] input, int inputOffset, int inputLength) Update the currently running cipher operation with the given data and finish the current operation.
protected abstract int	pkcs11GetBlockSize() Get the block size of this cipher algorithm.
protected byte[]	pkcs11GetIV() Get the currently set initialization vector.
protected abstract int	pkcs11GetKeySize(java.security.Key key) Determines the key size in bits.
protected java.security.AlgorithmParameters	pkcs11GetParameters() Returns the parameters used with this cipher.
protected void	pkcs11Init(int operationMode, java.security.Key key, java.security.spec.AlgorithmParameterSpec parameterSpecs, java.security.SecureRandom randomSource) Initialize this cipher for an operation.
protected void	pkcs11Init(int operationMode, java.security.Key key, java.security.AlgorithmParameters parameters, java.security.SecureRandom random) Initialize this cipher for an operation.
protected byte[]	pkcs11Update(byte[] data, int offset, int length) Update the currently running cipher operation with the given data.

Methods inherited from class iaik.pkcs.pkcs11.provider.ciphers.PKCS11Cipher

engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineUpdateAAD, engineWrap, finalize, finalizePkcs11Operation, getAlgorithmName, getFullAlgorithmName, getUsedMechanisms, initialize, initializePkcs11Operation, initializeSession, initializeSoftwareDelegate, isSupportedBy, pkcs11DoFinal, pkcs11GetOutputSize, pkcs11Init, pkcs11Unwrap, pkcs11Update, pkcs11Wrap, updateAAD, updateAAD, updateAAD

Methods inherited from class javax.crypto.CipherSpi

engineDoFinal, engineUpdate, engineUpdateAAD

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_MODE

protected static final java.lang.String DEFAULT_MODE

The defualt mode of operation for this cipher.

See Also:

Constant Field Values

DEFAULT_PADDING

protected static final java.lang.String DEFAULT_PADDING

The defualt padding scheme for this cipher.

See Also:

Constant Field Values

supportedModes_

protected static java.util.Vector supportedModes_

The supported modes of operation of this cipher.

supportedPaddings_

protected static java.util.Vector supportedPaddings_

The supported padding schemes of this cipher.

externalPaddings_

protected static java.util.Vector externalPaddings_

The supported software padding schemes of this cipher.

modePaddingMechanisms_

protected java.util.Hashtable modePaddingMechanisms_

The mapping from mode + "/" + padding to the cryptoki mechanism.

ivParameterSpec_

protected java.security.spec.AlgorithmParameterSpec ivParameterSpec_

The current initialization vector parameter.

ivParameterSpecChanged_

protected boolean ivParameterSpecChanged_

Indicates that the ivParameterSpec_ has been changed. The mechanism needs to be updated.

externalPadding_

protected iaik.pkcs.pkcs11.provider.ciphers.Padding externalPadding_

The implementation of the current external padding.

Constructor Detail

BlockCipher

public BlockCipher()

Default constructor.

Method Detail

getUsedMechanismFeatures

protected iaik.pkcs.pkcs11.MechanismInfo[][] getUsedMechanismFeatures()

Returns a two-dimensional array of MechanismInfos that this engine class uses. For each mechanism used by this engine, the engine must provide at least one MechanismInfo. The first dimension (index) of the returned array corresponds to the used mechanism as returned by getUsedMechanisms(). The array at this index is the list of used feature combinations used by this engine. The current token must at least support one mechanism and one of the feature combinations (expressed as a MechanismInfo) of the same mechanism.

Overrides:

getUsedMechanismFeatures in class PKCS11Cipher

Returns:

A two-dimensional array that includes MechanismInfo objects. The first dimension is equal to the array dimension of getUsedMechanisms(). The token must at least support one of these features.

Postconditions:

(result <> null) and (result.length > 0) and (result.length == getUsedMechanisms().length)

checkKeyObject

protected void checkKeyObject(iaik.pkcs.pkcs11.objects.Key keyObject)
                       throws java.security.InvalidKeyException

Check the given key object, if it is acceptable for this cipher. Throw an exception, if not.

Specified by:

checkKeyObject in class PKCS11Cipher

Parameters:

keyObject - The key object to check.

Throws:

java.security.InvalidKeyException - If this cipher cannot work with this type of key object.

Preconditions:

(key <> null)

pkcs11Init

protected void pkcs11Init(int operationMode,
                          java.security.Key key,
                          java.security.AlgorithmParameters parameters,
                          java.security.SecureRandom random)
                   throws java.security.InvalidAlgorithmParameterException,
                          java.security.InvalidKeyException

Initialize this cipher for an operation. This implementation delegates this call to the software provider, if the key is a software key. If the key is a key of this provider, it delegates the call to the corresponding pkcs11 method with prefix pkcs11 instead of engine.

Overrides:

pkcs11Init in class PKCS11Cipher

Parameters:

operationMode - The operation to initialize; Cipher.ENCRYPT_MODE, Cipher.DECRYPT_MODE, Cipher.UNWRAP_MODE or Cipher.WRAP_MODE.

key - The key to use for the operation.

parameters - The parameters to use. Some cipher do not support parameters, they require null. Despite null, this implementation only supports IV parameters.

random - Optional random source to use.

Throws:

java.security.InvalidAlgorithmParameterException - If the parameters are invalid.

java.security.InvalidKeyException - If the key is invalid for this operation.

Preconditions:

((operationMode == Cipher.ENCRYPT_MODE) or (operationMode == Cipher.DECRYPT_MODE) or (operationMode == Cipher.UNWRAP_MODE) or (operationMode == Cipher.WRAP_MODE)) and (key <> null) and (key instanceof IAIKPKCS11Key) and ((parameter == null) or (parameters.getParameterSpec(IvParameterSpec.class) != null))

pkcs11Init

protected void pkcs11Init(int operationMode,
                          java.security.Key key,
                          java.security.spec.AlgorithmParameterSpec parameterSpecs,
                          java.security.SecureRandom randomSource)
                   throws java.security.InvalidAlgorithmParameterException,
                          java.security.InvalidKeyException

Initialize this cipher for an operation.

Overrides:

pkcs11Init in class PKCS11Cipher

Parameters:

operationMode - The operation to initialize; Cipher.ENCRYPT_MODE, Cipher.DECRYPT_MODE, Cipher.UNWRAP_MODE or Cipher.WRAP_MODE.

key - The key to use for the operation.

parameterSpecs - The parameter specs to use. Some cipher do not support parameter specs, they require null.

randomSource - Optional random source to use.

Throws:

java.security.InvalidAlgorithmParameterException - If the parameter specs are invalid.

java.security.InvalidKeyException - If the key is invalid for this operation.

Preconditions:

((operationMode == Cipher.ENCRYPT_MODE) or (operationMode == Cipher.DECRYPT_MODE) or (operationMode == Cipher.UNWRAP_MODE) or (operationMode == Cipher.WRAP_MODE)) and (key <> null) and (key instanceof IAIKPKCS11Key)

pkcs11GetParameters

protected java.security.AlgorithmParameters pkcs11GetParameters()

Returns the parameters used with this cipher. The returned parameters may be the same that were used to initialize this cipher, or may contain a combination of default and random parameter values used by the underlying cipher implementation if this cipher requires algorithm parameters but was not initialized with any.

Overrides:

pkcs11GetParameters in class PKCS11Cipher

Returns:

The parameters used with this cipher, or null if this cipher does not use any parameters.

pkcs11GetKeySize

protected abstract int pkcs11GetKeySize(java.security.Key key)
                                 throws java.security.InvalidKeyException

Determines the key size in bits.

Overrides:

pkcs11GetKeySize in class PKCS11Cipher

Parameters:

key - The key to get the length for.

Returns:

The key's length in bits.

Throws:

java.security.InvalidKeyException - If the given key is not supported by this class.

Preconditions:

(key <> null)

pkcs11GetBlockSize

protected abstract int pkcs11GetBlockSize()

Get the block size of this cipher algorithm. This is the same as the current key size, but in bytes. The concrete implementation must return a positive value, because every block cipher has a block size.

Overrides:

pkcs11GetBlockSize in class PKCS11Cipher

Returns:

The block size in bytes.

Postconditions:

(result > 0)

pkcs11GetIV

protected byte[] pkcs11GetIV()

Get the currently set initialization vector.

Overrides:

pkcs11GetIV in class PKCS11Cipher

Returns:

The currently set initialization vector or null, if there is none set.

getDefaultMode

protected java.lang.String getDefaultMode()

Get the default mode of operation of this cipher.

Returns:

The default mode of operation of this cipher; e.g. "ECB".

Postconditions:

(result <> null)

getDefaultPadding

protected java.lang.String getDefaultPadding()

Get the default padding scheme of this cipher.

Returns:

The default padding scheme of this cipher; e.g. "pkcs1padding"

Postconditions:

(result <> null)

getDefaultMechanism

protected abstract iaik.pkcs.pkcs11.Mechanism getDefaultMechanism()

Get the default mechanism of this cipher. This must work with the default mode of operation and padding

Specified by:

getDefaultMechanism in class PKCS11Cipher

Returns:

The default mechanism; e.g. Mechanism.DES_ECB.

Postconditions:

(result <> null)

getMechanism

protected iaik.pkcs.pkcs11.Mechanism getMechanism()

Get the current mechanism of this cipher object. This may change with the mode of operation and padding. This mechanism must also include any required parameter objects.

Specified by:

getMechanism in class PKCS11Cipher

Returns:

The mechanism this object uses for encryption and decryption. If the currently set combination of mode and padding is unsupported, this method returns null.

getMechanismForModeAndPadding

protected iaik.pkcs.pkcs11.Mechanism getMechanismForModeAndPadding()
                                                            throws java.security.NoSuchAlgorithmException

This method returns a mechanism object that corresponds to the currently set mode and padding. This returned mechanism object does not contain any parameters yet.

Returns:

The mechanism that corresponds to the current mode and padding.

Throws:

java.security.NoSuchAlgorithmException - If the current combination of mode and padding is unsupported.

Postconditions:

(result <> null)

getModePaddingMechanisms

protected abstract java.util.Hashtable getModePaddingMechanisms()

Get the hashtable that maps from mode + "/" + padding to the cryptoki mechanism.

Returns:

The hashtable that maps from mode + "/" + padding to the cryptoki mechanism.

Postconditions:

(result <> null)

isModeSupported

protected boolean isModeSupported(java.lang.String mode)

Check, if the given mode of operation is supported by this cipher.

Specified by:

isModeSupported in class PKCS11Cipher

Parameters:

mode - The mode to check.

Returns:

True, if the mode is supported, false otherwise.

isPaddingSupported

protected boolean isPaddingSupported(java.lang.String padding)

Check, if the given padding scheme is supported by this cipher.

Specified by:

isPaddingSupported in class PKCS11Cipher

Parameters:

padding - The padding scheme to check.

Returns:

True, if the padding scheme is supported, false otherwise.

isExternalPaddingSupported

protected static boolean isExternalPaddingSupported(java.lang.String padding)

Check, if an external software implementation is available for the given padding scheme.

Parameters:

padding - The padding scheme to check.

Returns:

True, if an external software implementation is available for the padding scheme, false otherwise.

pkcs11Update

protected byte[] pkcs11Update(byte[] data,
                              int offset,
                              int length)

Description copied from class: PKCS11Cipher

Update the currently running cipher operation with the given data.

Overrides:

pkcs11Update in class PKCS11Cipher

Parameters:

data - The byte array that holds the data.

offset - The offset in the byte array that indicates the first data byte to read.

length - The number of bytes to read starting from offset.

Returns:

The current intermediate result, if any. May be null.

pkcs11DoFinal

protected byte[] pkcs11DoFinal(byte[] input,
                               int inputOffset,
                               int inputLength)
                        throws javax.crypto.BadPaddingException,
                               javax.crypto.IllegalBlockSizeException

Description copied from class: PKCS11Cipher

Update the currently running cipher operation with the given data and finish the current operation. This may include padding before processing the last data block or unpadding after the processing of the last block.

Overrides:

pkcs11DoFinal in class PKCS11Cipher

Parameters:

input - The byte array that holds the input data.

inputOffset - The offset in the input byte array that indicates the first input data byte to read.

inputLength - The number of bytes to read starting from offset.

Returns:

The final operation result; i.e. cipher text or plain text.

Throws:

javax.crypto.BadPaddingException - If the padding of the decrypted data is bad or if the padding of the input data failed.

javax.crypto.IllegalBlockSizeException - If the input data size does not match the required block size.