|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object javacardx.crypto.Cipher
The Cipher
class is the abstract base class for Cipher algorthims.
Implementations of Cipher algorithms must extend this class and implement
all the abstract methods.
The term "pad" is used in the public key cipher algorithms below to refer
to all the operations specified in the referenced scheme to transform the
message block into the cipher block size.
Field Summary | |
static byte |
ALG_DES_CBC_ISO9797_M1
Cipher algorithm ALG_DES_CBC_ISO9797_M1 provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and pads input data according to the ISO 9797 method 1 scheme. |
static byte |
ALG_DES_CBC_ISO9797_M2
Cipher algorithm ALG_DES_CBC_ISO9797_M2 provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and pads input data according to the ISO 9797 method 2 (ISO
7816-4, EMV'96) scheme. |
static byte |
ALG_DES_CBC_NOPAD
Cipher algorithm ALG_DES_CBC_NOPAD provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and does not pad input data. |
static byte |
ALG_DES_CBC_PKCS5
Cipher algorithm ALG_DES_CBC_PKCS5 provides a cipher using DES in CBC mode or triple DES in outer CBC mode, and pads input data according to the PKCS#5 scheme. |
static byte |
ALG_DES_ECB_ISO9797_M1
Cipher algorithm ALG_DES_ECB_ISO9797_M1 provides a
cipher using DES in ECB mode, and pads input data according to
the ISO 9797 method 1 scheme. |
static byte |
ALG_DES_ECB_ISO9797_M2
Cipher algorithm ALG_DES_ECB_ISO9797_M2 provides a
cipher using DES in ECB mode, and pads input data according to
the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme. |
static byte |
ALG_DES_ECB_NOPAD
Cipher algorithm ALG_DES_ECB_NOPAD provides a
cipher using DES in ECB mode, and does not pad input data. |
static byte |
ALG_DES_ECB_PKCS5
Cipher algorithm ALG_DES_ECB_PKCS5 provides a
cipher using DES in ECB mode, and pads input data according to
the PKCS#5 scheme. |
static byte |
ALG_RSA_ISO14888
Cipher algorithm ALG_RSA_ISO14888 provides a cipher
using RSA, and pads input data according to the ISO 14888
scheme. |
static byte |
ALG_RSA_ISO9796
Cipher algorithm ALG_RSA_ISO9796 provides a cipher using RSA. |
static byte |
ALG_RSA_NOPAD
Cipher algorithm ALG_RSA_NOPAD provides a cipher
using RSA and does not pad input data. |
static byte |
ALG_RSA_PKCS1
Cipher algorithm ALG_RSA_PKCS1 provides a cipher
using RSA, and pads input data according to the PKCS#1 (v1.5)
scheme. |
static byte |
MODE_DECRYPT
Used in init() methods to indicate decryption mode. |
static byte |
MODE_ENCRYPT
Used in init() methods to indicate encryption mode. |
Constructor Summary | |
protected |
Cipher()
Protected constructor. |
Method Summary | |
abstract short |
doFinal(byte[] inBuff,
short inOffset,
short inLength,
byte[] outBuff,
short outOffset)
Generates encrypted/decrypted output from all/last input data. |
abstract byte |
getAlgorithm()
Gets the Cipher algorithm. |
static Cipher |
getInstance(byte algorithm,
boolean externalAccess)
Creates a Cipher object instance of the selected
algorithm. |
abstract void |
init(Key theKey,
byte theMode)
Initializes the Cipher object with the appropriate
Key . |
abstract void |
init(Key theKey,
byte theMode,
byte[] bArray,
short bOff,
short bLen)
Initializes the Cipher object with the appropriate
Key and algorithm specific parameters. |
abstract short |
update(byte[] inBuff,
short inOffset,
short inLength,
byte[] outBuff,
short outOffset)
Generates encrypted/decrypted output from input data. |
Methods inherited from class java.lang.Object |
equals |
Field Detail |
public static final byte MODE_DECRYPT
init()
methods to indicate decryption mode.
public static final byte ALG_DES_ECB_ISO9797_M2
ALG_DES_ECB_ISO9797_M2
provides a
cipher using DES in ECB mode, and pads input data according to
the ISO 9797 method 2 (ISO 7816-4, EMV'96) scheme.
public static final byte MODE_ENCRYPT
init()
methods to indicate encryption mode.
public static final byte ALG_DES_ECB_PKCS5
ALG_DES_ECB_PKCS5
provides a
cipher using DES in ECB mode, and pads input data according to
the PKCS#5 scheme.
public static final byte ALG_DES_CBC_NOPAD
ALG_DES_CBC_NOPAD
provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and does not pad input data. If the input data is not (8-byte)
block aligned it throws CryptoException
with the
reason code ILLEGAL_USE
.
public static final byte ALG_DES_ECB_NOPAD
ALG_DES_ECB_NOPAD
provides a
cipher using DES in ECB mode, and does not pad input data. If
the input data is not (8-byte) block aligned it throws
CryptoException
with the reason code
ILLEGAL_USE
.
public static final byte ALG_DES_CBC_ISO9797_M2
ALG_DES_CBC_ISO9797_M2
provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and pads input data according to the ISO 9797 method 2 (ISO
7816-4, EMV'96) scheme.
public static final byte ALG_DES_CBC_PKCS5
public static final byte ALG_RSA_PKCS1
ALG_RSA_PKCS1
provides a cipher
using RSA, and pads input data according to the PKCS#1 (v1.5)
scheme.
Note:
public static final byte ALG_RSA_NOPAD
ALG_RSA_NOPAD
provides a cipher
using RSA and does not pad input data. If the input data is
bounded by incorrect padding bytes while using RSAPrivateCrtKey,
incorrect output may result. If the input data is not block
aligned it throws CryptoException
with the reason
code ILLEGAL_USE
.
public static final byte ALG_DES_CBC_ISO9797_M1
ALG_DES_CBC_ISO9797_M1
provides a
cipher using DES in CBC mode or triple DES in outer CBC mode,
and pads input data according to the ISO 9797 method 1 scheme.
public static final byte ALG_RSA_ISO9796
Note:
public static final byte ALG_DES_ECB_ISO9797_M1
ALG_DES_ECB_ISO9797_M1
provides a
cipher using DES in ECB mode, and pads input data according to
the ISO 9797 method 1 scheme.
public static final byte ALG_RSA_ISO14888
ALG_RSA_ISO14888
provides a cipher
using RSA, and pads input data according to the ISO 14888
scheme.
Constructor Detail |
protected Cipher()
Method Detail |
public static final Cipher getInstance(byte algorithm, boolean externalAccess) throws CryptoException
Cipher
object instance of the selected
algorithm.
algorithm
- the desired Cipher algorithm. Valid codes
listed in ALG_ .. constants above, for example, ALG_DES_CBC_NOPAD
.externalAccess
- true
indicates that the
instance will be shared among multiple applet instances and that
the Cipher
instance will also be accessed (via a
Shareable
interface) when the owner of the
Cipher
instance is not the currently selected
applet. If true
the implementation must not
allocate CLEAR_ON_DESELECT transient space for internal data.
Cipher
object instance of the requested
algorithm
CryptoException
- with the following reason codes:
CryptoException.NO_SUCH_ALGORITHM
if the
requested algorithm is not supported or shared access mode is
not supported.public abstract short doFinal(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset) throws CryptoException
update()
method as well as input
data supplied in the inBuff
parameter.
A call to this method also resets this Cipher
object to the state it was in when previously initialized via a
call to init()
. That is, the object is reset and
available to encrypt or decrypt (depending on the operation mode
that was specified in the call to init()
) more
data. In addition, note that the initial vector(IV) used in AES
and DES algorithms will be reset to 0.
Notes:
inBuff
and the output
buffer, outBuff
are the same array, then
the output data area must not partially overlap the input data
area such that the input data is modified before it is used; if
inBuff==outBuff
andinOffset < outOffset <
inOffset+inLength
, incorrect output may result.
inBuff==outBuff
andoutOffset < inOffset+inLength
,
incorrect output may result.
init(Key, byte, byte[],
short, short)
method.
outBuff
.
outBuff
may be larger or
smaller than inLength
or even 0.
ArrayIndexOutOfBoundException
,
outBuff
may be partially modified.
inBuff
- the input buffer of data to be encrypted/decryptedinOffset
- the offset into the input buffer at which to
begin encryption/decryptioninLength
- the byte length to be encrypted/decryptedoutBuff
- the output buffer, may be the same as the input
bufferoutOffset
- the offset into the output buffer where the
resulting output data begins
outBuff
CryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if key not
initialized.
CryptoException.INVALID_INIT
if this
Cipher
object is not initialized.
CryptoException.ILLEGAL_USE
if one of the
following conditions is met:
Cipher
algorithm does not pad the message
and the message is not block aligned.
Cipher
algorithm does not pad the message
and no input data has been provided in inBuff
or
via the update()
method.
public abstract void init(Key theKey, byte theMode, byte[] bArray, short bOff, short bLen) throws CryptoException
Cipher
object with the appropriate
Key and algorithm specific parameters.
init()
must be used to update the
Cipher
object with a new key. If the
Key
object is modified after invoking the
init()
method, the behavior of the
update()
and doFinal()
methods is
unspecified.
Note:
bArray
.
bArray
.
CryptoException.ILLEGAL_VALUE
.
theKey
- the key object to use for encrypting or
decrypting.theMode
- one of MODE_DECRYPT
or
MODE_ENCRYPT
bArray
- byte array containing algorithm specific
initialization infobOff
- offset within bArray where the algorithm specific
data beginsbLen
- byte length of algorithm specific parameter data
CryptoException
- with the following reason codes:
CryptoException.ILLEGAL_VALUE
if
theMode
option is an undefined value or if a byte
array parameter option is not supported by the algorithm or if
the bLen
is an incorrect byte length for the
algorithm specific data or if the Key
is
inconsistent with the Cipher
implementation.
CryptoException.UNINITIALIZED_KEY
if
theKey
instance is uninitialized. public abstract byte getAlgorithm()
public abstract short update(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, short outOffset) throws CryptoException
This method requires temporary storage of intermediate results. In addition, if the input data length is not block aligned (multiple of block size) then additional internal storage may be allocated at this time to store a partial input data block. This may result in additional resource consumption and/or slow performance.
This method should only be used if all the input data
required for the cipher is not available in one byte array. If
all the input data required for the cipher is located in a
single byte array, use of the doFinal()
method to
process all of the input data is recommended. The
doFinal()
method must be invoked to complete
processing of any remaining input data buffered by one or more
calls to the update()
method.
Notes:
inBuff
and the output
buffer, outBuff
are the same array, then
the output data area must not partially overlap the input data
area such that the input data is modified before it is used; if
inBuff==outBuff
andinOffset < outOffset <
inOffset+inLength
, incorrect output may result.
inBuff==outBuff
andoutOffset < inOffset+inLength
,
incorrect output may result.
outBuff
.
outBuff
be larger or smaller than
inLength
or even 0.
inLength
is 0 this method does
nothing.
inBuff
- the input buffer of data to be encrypted/decryptedinOffset
- the offset into the input buffer at which to
begin encryption/decryptioninLength
- the byte length to be encrypted/decryptedoutBuff
- the output buffer, may be the same as the input
bufferoutOffset
- the offset into the output buffer where the
resulting ciphertext/plaintext begins
outBuff
CryptoException
- with the following reason codes:
CryptoException.UNINITIALIZED_KEY
if key not
initialized.
CryptoException.INVALID_INIT
if this
Cipher
object is not initialized.
CryptoException.ILLEGAL_USE
if the input
message length is not supported. public abstract void init(Key theKey, byte theMode) throws CryptoException
Cipher
object with the appropriate
Key
. This method should be used for algorithms
which do not need initialization parameters or use default
parameter values.
init()
must be used to update the
Cipher
object with a new key. If the
Key
object is modified after invoking the
init()
method, the behavior of the
update()
and doFinal()
methods is
unspecified.
Note:
theKey
- the key object to use for encrypting or decryptingtheMode
- one of MODE_DECRYPT
or
MODE_ENCRYPT
CryptoException
- with the following reason codes:
CryptoException.ILLEGAL_VALUE
if
theMode
option is an undefined value or if the
Key
is inconsistent with the Cipher
implementation.
CryptoException.UNINITIALIZED_KEY
if
theKey
instance is uninitialized.
|
|||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |