Cipher
class.
All the abstract methods in this class must be implemented by each
cryptographic service provider who wishes to supply the implementation
of a particular cipher algorithm.
In order to create an instance of Cipher
, which
encapsulates an instance of this CipherSpi
class, an
application calls one of the
getInstance
factory methods of the
Cipher
engine class and specifies the requested
transformation.
Optionally, the application may also specify the name of a provider.
A transformation is a string that describes the operation (or set of operations) to be performed on the given input, to produce some output. A transformation always includes the name of a cryptographic algorithm (e.g., AES), and may be followed by a feedback mode and padding scheme.
A transformation is of the form:
- "algorithm/mode/padding" or
- "algorithm"
(in the latter case, provider-specific default values for the mode and padding scheme are used). For example, the following is a valid transformation:
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
A provider may supply a separate class for each combination
of algorithm/mode/padding, or may decide to provide more generic
classes representing sub-transformations corresponding to
algorithm or algorithm/mode or algorithm//padding
(note the double slashes),
in which case the requested mode and/or padding are set automatically by
the getInstance
methods of Cipher
, which invoke
the engineSetMode
and
engineSetPadding
methods of the provider's subclass of CipherSpi
.
A Cipher
property in a provider master class may have one of
the following formats:
-
// provider's subclass of "CipherSpi" implements "algName" with // pluggable mode and padding
Cipher.
algName -
// provider's subclass of "CipherSpi" implements "algName" in the // specified "mode", with pluggable padding
Cipher.
algName/mode -
// provider's subclass of "CipherSpi" implements "algName" with the // specified "padding", with pluggable mode
Cipher.
algName//padding -
// provider's subclass of "CipherSpi" implements "algName" with the // specified "mode" and "padding"
Cipher.
algName/mode/padding
For example, a provider may supply a subclass of CipherSpi
that implements AES/ECB/PKCS5Padding, one that implements
AES/CBC/PKCS5Padding, one that implements
AES/CFB/PKCS5Padding, and yet another one that implements
AES/OFB/PKCS5Padding. That provider would have the following
Cipher
properties in its master class:
-
Cipher.
AES/ECB/PKCS5Padding -
Cipher.
AES/CBC/PKCS5Padding -
Cipher.
AES/CFB/PKCS5Padding -
Cipher.
AES/OFB/PKCS5Padding
Another provider may implement a class for each of the above modes
(i.e., one class for ECB, one for CBC, one for CFB,
and one for OFB), one class for PKCS5Padding,
and a generic AES class that subclasses from CipherSpi
.
That provider would have the following
Cipher
properties in its master class:
-
Cipher.
AES
The getInstance
factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi
for a
transformation of the form "algorithm":
-
Check if the provider has registered a subclass of
CipherSpi
for the specified "algorithm".If the answer is YES, instantiate this class, for whose mode and padding scheme default values (as supplied by the provider) are used.
If the answer is NO, throw a
NoSuchAlgorithmException
exception.
The getInstance
factory method of the Cipher
engine class follows these rules in order to instantiate a provider's
implementation of CipherSpi
for a
transformation of the form "algorithm/mode/padding":
-
Check if the provider has registered a subclass of
CipherSpi
for the specified "algorithm/mode/padding" transformation.If the answer is YES, instantiate it.
If the answer is NO, go to the next step.
-
Check if the provider has registered a subclass of
CipherSpi
for the sub-transformation "algorithm/mode".If the answer is YES, instantiate it, and call
engineSetPadding(<i>padding</i>)
on the new instance.If the answer is NO, go to the next step.
-
Check if the provider has registered a subclass of
CipherSpi
for the sub-transformation "algorithm//padding" (note the double slashes).If the answer is YES, instantiate it, and call
engineSetMode(<i>mode</i>)
on the new instance.If the answer is NO, go to the next step.
-
Check if the provider has registered a subclass of
CipherSpi
for the sub-transformation "algorithm".If the answer is YES, instantiate it, and call
engineSetMode(<i>mode</i>)
andengineSetPadding(<i>padding</i>)
on the new instance.If the answer is NO, throw a
NoSuchAlgorithmException
exception.
- Since:
- 1.4
- See Also:
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected abstract byte[]
engineDoFinal
(byte[] input, int inputOffset, int inputLen) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.protected abstract int
engineDoFinal
(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.protected int
engineDoFinal
(ByteBuffer input, ByteBuffer output) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.protected abstract int
Returns the block size (in bytes).protected abstract byte[]
Returns the initialization vector (IV) in a new buffer.protected int
engineGetKeySize
(Key key) Returns the key size of the given key object in bits.protected abstract int
engineGetOutputSize
(int inputLen) Returns the length in bytes that an output buffer would need to be in order to hold the result of the nextupdate
ordoFinal
operation, given the input lengthinputLen
(in bytes).protected abstract AlgorithmParameters
Returns the parameters used with this cipher.protected abstract void
engineInit
(int opmode, Key key, AlgorithmParameters params, SecureRandom random) Initializes thisCipherSpi
object with a key, a set of algorithm parameters, and a source of randomness.protected abstract void
engineInit
(int opmode, Key key, SecureRandom random) Initializes thisCipherSpi
object with a key and a source of randomness.protected abstract void
engineInit
(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) Initializes thisCipherSpi
object with a key, a set of algorithm parameters, and a source of randomness.protected abstract void
engineSetMode
(String mode) Sets the mode of this cipher.protected abstract void
engineSetPadding
(String padding) Sets the padding mechanism of this cipher.protected Key
engineUnwrap
(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) Unwrap a previously wrapped key.protected abstract byte[]
engineUpdate
(byte[] input, int inputOffset, int inputLen) Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.protected abstract int
engineUpdate
(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.protected int
engineUpdate
(ByteBuffer input, ByteBuffer output) Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.protected void
engineUpdateAAD
(byte[] src, int offset, int len) Continues a multipart update of the Additional Authentication Data (AAD), using a subset of the provided buffer.protected void
Continues a multipart update of the Additional Authentication Data (AAD).protected byte[]
engineWrap
(Key key) Wrap a key.
-
Constructor Details
-
CipherSpi
public CipherSpi()Constructor for subclasses to call.
-
-
Method Details
-
engineSetMode
Sets the mode of this cipher.- Parameters:
mode
- the cipher mode- Throws:
NoSuchAlgorithmException
- if the requested cipher mode does not exist
-
engineSetPadding
Sets the padding mechanism of this cipher.- Parameters:
padding
- the padding mechanism- Throws:
NoSuchPaddingException
- if the requested padding mechanism does not exist
-
engineGetBlockSize
protected abstract int engineGetBlockSize()Returns the block size (in bytes).- Returns:
- the block size (in bytes), or 0 if the algorithm is not a block cipher
-
engineGetOutputSize
protected abstract int engineGetOutputSize(int inputLen) Returns the length in bytes that an output buffer would need to be in order to hold the result of the nextupdate
ordoFinal
operation, given the input lengthinputLen
(in bytes).This call takes into account any unprocessed (buffered) data from a previous
update
call, padding, and AEAD tagging.The actual output length of the next
update
ordoFinal
call may be smaller than the length returned by this method.- Parameters:
inputLen
- the input length (in bytes)- Returns:
- the required output buffer size (in bytes)
-
engineGetIV
protected abstract byte[] engineGetIV()Returns the initialization vector (IV) in a new buffer.This is useful in the context of password-based encryption or decryption, where the IV is derived from a user-provided passphrase.
- Returns:
- the initialization vector in a new buffer, or
null
if the algorithm does not use an IV, or if the IV has not yet been set
-
engineGetParameters
Returns the parameters used with this cipher.The returned parameters may be the same that were used to initialize this cipher, or may contain additional default or random parameter values used by the underlying cipher implementation. If the required parameters were not supplied and can be generated by the cipher, the generated parameters are returned. Otherwise,
null
is returned.- Returns:
- the parameters used with this cipher, or
null
-
engineInit
protected abstract void engineInit(int opmode, Key key, SecureRandom random) throws InvalidKeyException Initializes thisCipherSpi
object with a key and a source of randomness.The
CipherSpi
object is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value ofopmode
.If this cipher requires any algorithm parameters that cannot be derived from the given
key
, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise anInvalidKeyException
if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved usingengineGetParameters
orengineGetIV
(if the parameter is an IV).If this cipher requires algorithm parameters that cannot be derived from the input parameters, and there are no reasonable provider-specific default values, initialization will necessarily fail.
If this cipher (including its feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from
random
.Note that when a
CipherSpi
object is initialized, it loses all previously-acquired state. In other words, initializing aCipherSpi
object is equivalent to creating a new instance of thatCipherSpi
object and initializing it.- Parameters:
opmode
- the operation mode of thisCipherSpi
object (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
orUNWRAP_MODE
)key
- the encryption keyrandom
- the source of randomness- Throws:
InvalidKeyException
- if the given key is inappropriate for initializing this cipher, or requires algorithm parameters that cannot be determined from the given keyUnsupportedOperationException
- ifopmode
isWRAP_MODE
orUNWRAP_MODE
is not implemented by the cipher
-
engineInit
protected abstract void engineInit(int opmode, Key key, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException Initializes thisCipherSpi
object with a key, a set of algorithm parameters, and a source of randomness.The
CipherSpi
object is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value ofopmode
.If this cipher requires any algorithm parameters and
params
isnull
, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise anInvalidAlgorithmParameterException
if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved usingengineGetParameters
orengineGetIV
(if the parameter is an IV).If this cipher requires algorithm parameters that cannot be derived from the input parameters, and there are no reasonable provider-specific default values, initialization will necessarily fail.
If this cipher (including its feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from
random
.Note that when a
CipherSpi
object is initialized, it loses all previously-acquired state. In other words, initializing aCipherSpi
object is equivalent to creating a new instance of thatCipherSpi
object and initializing it.- Parameters:
opmode
- the operation mode of thisCipherSpi
object (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
, orUNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parametersrandom
- the source of randomness- Throws:
InvalidKeyException
- if the given key is inappropriate for initializing this cipherInvalidAlgorithmParameterException
- if the given algorithm parameters are inappropriate for this cipher, or if this cipher requires algorithm parameters andparams
isnull
UnsupportedOperationException
- ifopmode
isWRAP_MODE
orUNWRAP_MODE
is not implemented by the cipher
-
engineInit
protected abstract void engineInit(int opmode, Key key, AlgorithmParameters params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException Initializes thisCipherSpi
object with a key, a set of algorithm parameters, and a source of randomness.The
CipherSpi
object is initialized for one of the following four operations: encryption, decryption, key wrapping or key unwrapping, depending on the value ofopmode
.If this cipher requires any algorithm parameters and
params
isnull
, the underlying cipher implementation is supposed to generate the required parameters itself (using provider-specific default or random values) if it is being initialized for encryption or key wrapping, and raise anInvalidAlgorithmParameterException
if it is being initialized for decryption or key unwrapping. The generated parameters can be retrieved usingengineGetParameters
orengineGetIV
(if the parameter is an IV).If this cipher requires algorithm parameters that cannot be derived from the input parameters, and there are no reasonable provider-specific default values, initialization will necessarily fail.
If this cipher (including its feedback or padding scheme) requires any random bytes (e.g., for parameter generation), it will get them from
random
.Note that when a
CipherSpi
object is initialized, it loses all previously-acquired state. In other words, initializing aCipherSpi
object is equivalent to creating a new instance of thatCipherSpi
object and initializing it.- Parameters:
opmode
- the operation mode of thisCipherSpi
object (this is one of the following:ENCRYPT_MODE
,DECRYPT_MODE
,WRAP_MODE
, orUNWRAP_MODE
)key
- the encryption keyparams
- the algorithm parametersrandom
- the source of randomness- Throws:
InvalidKeyException
- if the given key is inappropriate for initializing this cipherInvalidAlgorithmParameterException
- if the given algorithm parameters are inappropriate for this cipher, or if this cipher requires algorithm parameters andparams
is nullUnsupportedOperationException
- ifopmode
isWRAP_MODE
orUNWRAP_MODE
is not implemented by the cipher
-
engineUpdate
protected abstract byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
inclusive, are processed, and the result is stored in a new buffer.- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input length- Returns:
- the new buffer with the result, or
null
if the cipher is a block cipher and the input data is too short to result in a new block
-
engineUpdate
protected abstract int engineUpdate(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
inclusive, are processed, and the result is stored in theoutput
buffer, starting atoutputOffset
inclusive.If the
output
buffer is too small to hold the result, aShortBufferException
is thrown.- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset inoutput
where the result is stored- Returns:
- the number of bytes stored in
output
- Throws:
ShortBufferException
- if the given output buffer is too small to hold the result
-
engineUpdate
Continues a multiple-part encryption or decryption operation (depending on how thisCipherSpi
object was initialized), processing another data part.All
input.remaining()
bytes starting atinput.position()
are processed. The result is stored in the output buffer. Upon return, the input buffer's position will be equal to its limit; its limit will not have changed. The output buffer's position will have advanced by n, where n is the value returned by this method; the output buffer's limit will not have changed.If
output.remaining()
bytes are insufficient to hold the result, aShortBufferException
is thrown.Subclasses should consider overriding this method if they can process ByteBuffers more efficiently than byte arrays.
- Parameters:
input
- the input ByteBufferoutput
- the output ByteBuffer- Returns:
- the number of bytes stored in
output
- Throws:
ShortBufferException
- if there is insufficient space in the output bufferNullPointerException
- if either parameter isnull
- Since:
- 1.5
-
engineDoFinal
protected abstract byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen) throws IllegalBlockSizeException, BadPaddingException Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how thisCipherSpi
object was initialized.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
inclusive, and any input bytes that may have been buffered during a previousupdate
operation, are processed, with padding (if requested) being applied. If an AEAD mode (such as GCM or CCM) is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.Upon finishing, this method resets this
CipherSpi
object to the state it was in when previously initialized via a call toengineInit
. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call toengineInit
) more data.Note: if any exception is thrown, this
CipherSpi
object may need to be reset before it can be used again.- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input length- Returns:
- the new buffer with the result
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data providedBadPaddingException
- if thisCipherSpi
object is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytesAEADBadTagException
- if thisCipherSpi
object is decrypting in an AEAD mode (such as GCM or CCM), and the received authentication tag does not match the calculated value
-
engineDoFinal
protected abstract int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how thisCipherSpi
object was initialized.The first
inputLen
bytes in theinput
buffer, starting atinputOffset
inclusive, and any input bytes that may have been buffered during a previousupdate
operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM or CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in theoutput
buffer, starting atoutputOffset
inclusive.If the
output
buffer is too small to hold the result, aShortBufferException
is thrown.Upon finishing, this method resets this
CipherSpi
object to the state it was in when previously initialized via a call toengineInit
. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call toengineInit
) more data.Note: if any exception is thrown, this
CipherSpi
object may need to be reset before it can be used again.- Parameters:
input
- the input bufferinputOffset
- the offset ininput
where the input startsinputLen
- the input lengthoutput
- the buffer for the resultoutputOffset
- the offset inoutput
where the result is stored- Returns:
- the number of bytes stored in
output
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data providedShortBufferException
- if the given output buffer is too small to hold the resultBadPaddingException
- if thisCipherSpi
object is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytesAEADBadTagException
- if thisCipherSpi
object is decrypting in an AEAD mode (such as GCM or CCM), and the received authentication tag does not match the calculated value
-
engineDoFinal
protected int engineDoFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how thisCipherSpi
object was initialized.All
input.remaining()
bytes starting atinput.position()
are processed. If an AEAD mode such as GCM or CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in the output buffer. Upon return, the input buffer's position will be equal to its limit; its limit will not have changed. The output buffer's position will have advanced by n, where n is the value returned by this method; the output buffer's limit will not have changed.If
output.remaining()
bytes are insufficient to hold the result, aShortBufferException
is thrown.Upon finishing, this method resets this
CipherSpi
object to the state it was in when previously initialized via a call toengineInit
. That is, the object is reset and available to encrypt or decrypt (depending on the operation mode that was specified in the call toengineInit
more data.Note: if any exception is thrown, this
CipherSpi
object may need to be reset before it can be used again.Subclasses should consider overriding this method if they can process ByteBuffers more efficiently than byte arrays.
- Parameters:
input
- the input ByteBufferoutput
- the output ByteBuffer- Returns:
- the number of bytes stored in
output
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data providedShortBufferException
- if there is insufficient space in the output bufferBadPaddingException
- if thisCipherSpi
object is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytesAEADBadTagException
- if thisCipherSpi
object is decrypting in an AEAD mode (such as GCM or CCM), and the received authentication tag does not match the calculated valueNullPointerException
- if either parameter isnull
- Since:
- 1.5
-
engineWrap
Wrap a key.This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.) It may be overridden by a provider to wrap a key. Such an override is expected to throw an
IllegalBlockSizeException
orInvalidKeyException
(under the specified circumstances), if the given key cannot be wrapped. If this method is not overridden, it always throws anUnsupportedOperationException
.- Parameters:
key
- the key to be wrapped- Returns:
- the wrapped key
- Throws:
IllegalBlockSizeException
- if this cipher is a block cipher, no padding has been requested, and the length of the encoding of the key to be wrapped is not a multiple of the block sizeInvalidKeyException
- if it is impossible or unsafe to wrap the key with this cipher (e.g., a hardware protected key is being passed to a software-only cipher)UnsupportedOperationException
- if this method is not supported
-
engineUnwrap
protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) throws InvalidKeyException, NoSuchAlgorithmException Unwrap a previously wrapped key.This concrete method has been added to this previously-defined abstract class. (For backwards compatibility, it cannot be abstract.) It may be overridden by a provider to unwrap a previously wrapped key. Such an override is expected to throw an
InvalidKeyException
if the given wrapped key cannot be unwrapped. If this method is not overridden, it always throws anUnsupportedOperationException
.- Parameters:
wrappedKey
- the key to be unwrappedwrappedKeyAlgorithm
- the algorithm associated with the wrapped keywrappedKeyType
- the type of the wrapped key. This is one ofSECRET_KEY
,PRIVATE_KEY
, orPUBLIC_KEY
.- Returns:
- the unwrapped key
- Throws:
NoSuchAlgorithmException
- if no installed providers can create keys of typewrappedKeyType
for thewrappedKeyAlgorithm
InvalidKeyException
- ifwrappedKey
does not represent a wrapped key of typewrappedKeyType
for thewrappedKeyAlgorithm
UnsupportedOperationException
- if this method is not supported
-
engineGetKeySize
Returns the key size of the given key object in bits.This concrete method has been added to this previously-defined abstract class. It throws an
UnsupportedOperationException
if it is not overridden by the provider.- Parameters:
key
- the key object- Returns:
- the key size of the given key object
- Throws:
InvalidKeyException
- ifkey
is invalid
-
engineUpdateAAD
protected void engineUpdateAAD(byte[] src, int offset, int len) Continues a multipart update of the Additional Authentication Data (AAD), using a subset of the provided buffer.Calls to this method provide AAD to the cipher when operating in modes such as AEAD (GCM or CCM). If this cipher is operating in either GCM or CCM mode, all AAD must be supplied before beginning operations on the ciphertext (via the
update
anddoFinal
methods).- Parameters:
src
- the buffer containing the AADoffset
- the offset insrc
where the AAD input startslen
- the number of AAD bytes- Throws:
IllegalStateException
- if thisCipherSpi
object is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of theupdate
methods has already been called for the active encryption/decryption operationUnsupportedOperationException
- if this method has not been overridden by an implementation- Since:
- 1.7
-
engineUpdateAAD
Continues a multipart update of the Additional Authentication Data (AAD).Calls to this method provide AAD to the cipher when operating in modes such as AEAD (GCM or CCM). If this cipher is operating in either GCM or CCM mode, all AAD must be supplied before beginning operations on the ciphertext (via the
update
anddoFinal
methods).All
src.remaining()
bytes starting atsrc.position()
are processed. Upon return, the input buffer's position will be equal to its limit; its limit will not have changed.- Parameters:
src
- the buffer containing the AAD- Throws:
IllegalStateException
- if thisCipherSpi
object is in a wrong state (e.g., has not been initialized), does not accept AAD, or if operating in either GCM or CCM mode and one of theupdate
methods has already been called for the active encryption/decryption operationUnsupportedOperationException
- if this method has not been overridden by an implementation- Since:
- 1.7
-