1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
|
package org.spongycastle.pqc.jcajce.provider.util;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.BadPaddingException;
import javax.crypto.ShortBufferException;
/**
* The AsymmetricHybridCipher class extends CipherSpiExt.
* NOTE: Some Ciphers are using Padding. OneAndZeroesPadding is used as default
* padding. However padding can still be specified, but mode is not supported;
* if you try to instantiate the cipher with something else than "NONE" as mode,
* NoSuchAlgorithmException is thrown.
*/
public abstract class AsymmetricHybridCipher
extends CipherSpiExt
{
/**
* ParameterSpec used with this cipher
*/
protected AlgorithmParameterSpec paramSpec;
/**
* Since asymmetric hybrid ciphers do not support modes, this method does
* nothing.
*
* @param modeName the cipher mode (unused)
*/
protected final void setMode(String modeName)
{
// empty
}
/**
* Since asymmetric hybrid ciphers do not support padding, this method does
* nothing.
*
* @param paddingName the name of the padding scheme (not used)
*/
protected final void setPadding(String paddingName)
{
// empty
}
/**
* @return <tt>null</tt> since no initialization vector is used.
*/
public final byte[] getIV()
{
return null;
}
/**
* @return 0 since the implementing algorithms are not block ciphers
*/
public final int getBlockSize()
{
return 0;
}
/**
* Return the parameters used with this cipher.
* <p/>
* The returned parameters may be the same that were used to initialize this
* cipher, or may contain the default set of parameters or a set of randomly
* generated parameters used by the underlying cipher implementation
* (provided that the underlying cipher implementation uses a default set of
* parameters or creates new parameters if it needs parameters but was not
* initialized with any).
*
* @return the parameters used with this cipher, or <tt>null</tt> if this
* cipher does not use any parameters.
*/
public final AlgorithmParameterSpec getParameters()
{
return paramSpec;
}
/**
* Return the length in bytes that an output buffer would need to be in
* order to hold the result of the next update or doFinal operation, given
* the input length <tt>inLen</tt> (in bytes). This call takes into
* account any unprocessed (buffered) data from a previous update call, and
* padding. The actual output length of the next update() or doFinal() call
* may be smaller than the length returned by this method.
*
* @param inLen the length of the input
* @return the length of the output of the next <tt>update()</tt> or
* <tt>doFinal()</tt> call
*/
public final int getOutputSize(int inLen)
{
return opMode == ENCRYPT_MODE ? encryptOutputSize(inLen)
: decryptOutputSize(inLen);
}
/**
* Initialize the cipher for encryption by forwarding it to
* {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}.
* <p/>
* If this cipher requires any algorithm parameters that cannot be derived
* from the given key, the underlying cipher implementation is supposed to
* generate the required parameters itself (using provider-specific default
* or random values) if it is being initialized for encryption, and raise an
* InvalidKeyException if it is being initialized for decryption. The
* generated parameters can be retrieved using {@link #getParameters()}.
*
* @param key the encryption key
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher.
* @throws InvalidParameterException if this cipher needs algorithm parameters for
* initialization and cannot generate parameters itself.
*/
public final void initEncrypt(Key key)
throws InvalidKeyException
{
try
{
initEncrypt(key, null, new SecureRandom());
}
catch (InvalidAlgorithmParameterException e)
{
throw new InvalidParameterException(
"This cipher needs algorithm parameters for initialization (cannot be null).");
}
}
/**
* Initialize this cipher for encryption by forwarding it to
* {@link #initEncrypt(Key, AlgorithmParameterSpec, SecureRandom)}.
* <p/>
* If this cipher requires any algorithm parameters that cannot be derived
* from the given key, the underlying cipher implementation is supposed to
* generate the required parameters itself (using provider-specific default
* or random values) if it is being initialized for encryption, and raise an
* InvalidKeyException if it is being initialized for decryption. The
* generated parameters can be retrieved using {@link #getParameters()}.
*
* @param key the encryption key
* @param random the source of randomness
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher.
* @throws InvalidParameterException if this cipher needs algorithm parameters for
* initialization and cannot generate parameters itself.
*/
public final void initEncrypt(Key key, SecureRandom random)
throws InvalidKeyException
{
try
{
initEncrypt(key, null, random);
}
catch (InvalidAlgorithmParameterException iape)
{
throw new InvalidParameterException(
"This cipher needs algorithm parameters for initialization (cannot be null).");
}
}
/**
* Initialize the cipher for encryption by forwarding it to initEncrypt(Key,
* FlexiSecureRandom, AlgorithmParameterSpec).
*
* @param key the encryption key
* @param params the algorithm parameters
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher.
* @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for
* this cipher, or if this cipher is initialized with
* <tt>null</tt> parameters and cannot generate parameters
* itself.
*/
public final void initEncrypt(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
initEncrypt(key, params, new SecureRandom());
}
/**
* Initialize the cipher with a certain key for data encryption.
* <p/>
* If this cipher requires any random bytes (e.g., for parameter
* generation), it will get them from <tt>random</tt>.
* <p/>
* Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing it.
*
* @param key the encryption key
* @param random the source of randomness
* @param params the algorithm parameters
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher
* @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for
* this cipher, or if this cipher is initialized with
* <tt>null</tt> parameters and cannot generate parameters
* itself.
*/
public final void initEncrypt(Key key, AlgorithmParameterSpec params,
SecureRandom random)
throws InvalidKeyException,
InvalidAlgorithmParameterException
{
opMode = ENCRYPT_MODE;
initCipherEncrypt(key, params, random);
}
/**
* Initialize the cipher for decryption by forwarding it to initDecrypt(Key,
* FlexiSecureRandom).
* <p/>
* If this cipher requires any algorithm parameters that cannot be derived
* from the given key, the underlying cipher implementation is supposed to
* generate the required parameters itself (using provider-specific default
* or random values) if it is being initialized for encryption, and raise an
* InvalidKeyException if it is being initialized for decryption. The
* generated parameters can be retrieved using {@link #getParameters()}.
*
* @param key the decryption key
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher.
*/
public final void initDecrypt(Key key)
throws InvalidKeyException
{
try
{
initDecrypt(key, null);
}
catch (InvalidAlgorithmParameterException iape)
{
throw new InvalidParameterException(
"This cipher needs algorithm parameters for initialization (cannot be null).");
}
}
/**
* Initialize the cipher with a certain key for data decryption.
* <p/>
* If this cipher requires any random bytes (e.g., for parameter
* generation), it will get them from <tt>random</tt>.
* <p/>
* Note that when a Cipher object is initialized, it loses all
* previously-acquired state. In other words, initializing a Cipher is
* equivalent to creating a new instance of that Cipher and initializing it
*
* @param key the decryption key
* @param params the algorithm parameters
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher
* @throws InvalidAlgorithmParameterException if the given algorithm parameters are inappropriate for
* this cipher, or if this cipher is initialized with
* <tt>null</tt> parameters and cannot generate parameters
* itself.
*/
public final void initDecrypt(Key key, AlgorithmParameterSpec params)
throws InvalidKeyException, InvalidAlgorithmParameterException
{
opMode = DECRYPT_MODE;
initCipherDecrypt(key, params);
}
/**
* Continue a multiple-part encryption or decryption operation (depending on
* how this cipher was initialized), processing another data part.
*
* @param input the input buffer
* @param inOff the offset where the input starts
* @param inLen the input length
* @return a new buffer with the result (maybe an empty byte array)
*/
public abstract byte[] update(byte[] input, int inOff, int inLen);
/**
* Continue a multiple-part encryption or decryption operation (depending on
* how this cipher was initialized), processing another data part.
*
* @param input the input buffer
* @param inOff the offset where the input starts
* @param inLen the input length
* @param output the output buffer
* @param outOff the offset where the result is stored
* @return the length of the output
* @throws ShortBufferException if the output buffer is too small to hold the result.
*/
public final int update(byte[] input, int inOff, int inLen, byte[] output,
int outOff)
throws ShortBufferException
{
if (output.length < getOutputSize(inLen))
{
throw new ShortBufferException("output");
}
byte[] out = update(input, inOff, inLen);
System.arraycopy(out, 0, output, outOff, out.length);
return out.length;
}
/**
* Finish a multiple-part encryption or decryption operation (depending on
* how this cipher was initialized).
*
* @param input the input buffer
* @param inOff the offset where the input starts
* @param inLen the input length
* @return a new buffer with the result
* @throws BadPaddingException if the ciphertext is invalid.
*/
public abstract byte[] doFinal(byte[] input, int inOff, int inLen)
throws BadPaddingException;
/**
* Finish a multiple-part encryption or decryption operation (depending on
* how this cipher was initialized).
*
* @param input the input buffer
* @param inOff the offset where the input starts
* @param inLen the input length
* @param output the buffer for the result
* @param outOff the offset where the result is stored
* @return the output length
* @throws ShortBufferException if the output buffer is too small to hold the result.
* @throws BadPaddingException if the ciphertext is invalid.
*/
public final int doFinal(byte[] input, int inOff, int inLen, byte[] output,
int outOff)
throws ShortBufferException, BadPaddingException
{
if (output.length < getOutputSize(inLen))
{
throw new ShortBufferException("Output buffer too short.");
}
byte[] out = doFinal(input, inOff, inLen);
System.arraycopy(out, 0, output, outOff, out.length);
return out.length;
}
/**
* Compute the output size of an update() or doFinal() operation of a hybrid
* asymmetric cipher in encryption mode when given input of the specified
* length.
*
* @param inLen the length of the input
* @return the output size
*/
protected abstract int encryptOutputSize(int inLen);
/**
* Compute the output size of an update() or doFinal() operation of a hybrid
* asymmetric cipher in decryption mode when given input of the specified
* length.
*
* @param inLen the length of the input
* @return the output size
*/
protected abstract int decryptOutputSize(int inLen);
/**
* Initialize the AsymmetricHybridCipher with a certain key for data
* encryption.
*
* @param key the key which has to be used to encrypt data
* @param params the algorithm parameters
* @param sr the source of randomness
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher.
* @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for
* initializing this cipher.
*/
protected abstract void initCipherEncrypt(Key key,
AlgorithmParameterSpec params, SecureRandom sr)
throws InvalidKeyException, InvalidAlgorithmParameterException;
/**
* Initialize the AsymmetricHybridCipher with a certain key for data
* encryption.
*
* @param key the key which has to be used to decrypt data
* @param params the algorithm parameters
* @throws InvalidKeyException if the given key is inappropriate for initializing this
* cipher
* @throws InvalidAlgorithmParameterException if the given parameters are inappropriate for
* initializing this cipher.
*/
protected abstract void initCipherDecrypt(Key key,
AlgorithmParameterSpec params)
throws InvalidKeyException,
InvalidAlgorithmParameterException;
}
|
