de.flexiprovider.common.ies
Class IES

java.lang.Object
  |
  +--javax.crypto.CipherSpi
        |
        +--de.flexiprovider.api.Cipher
              |
              +--de.flexiprovider.api.AsymmetricHybridCipher
                    |
                    +--de.flexiprovider.common.ies.IES

Direct Known Subclasses:

ECIES

public abstract class IES

extends AsymmetricHybridCipher

The Integrated Encryption Scheme (IES) is an encryption scheme based on a key agreement scheme using an ephemeral key pair, a symmetric cipher, and a message authentication code (MAC) to encrypt and decrypt data. IES is described in IEEE 1363a-2004.

Author:

Marcus Stögbauer, Hristo Indzhov, Martin Döring

Field Summary

protected AlgorithmParameterSpec	keyParams The algorithm parameters obtained from the (private or public) key.
protected SecureRandom	random the source of randomness

Fields inherited from class de.flexiprovider.api.AsymmetricHybridCipher

paramSpec

Fields inherited from class de.flexiprovider.api.Cipher

DECRYPT_MODE, ENCRYPT_MODE, opMode

Constructor Summary

protected

IES() Constructor.

Method Summary

protected abstract PrivateKey	checkPrivKey(Key key) Check whether the given decryption key is of the correct type.
protected abstract PublicKey	checkPubKey(Key key) Check whether the given encryption key is of the correct type.
protected abstract PublicKey	decodeEphPubKey(byte[] encEphPubKey) Decode the ephemeral public key.
protected int	decryptOutputSize(int inLen) Compute the output size of an update() or doFinal() operation of a hybrid asymmetric cipher in decryption mode when given input of the specified length.
byte[]	doFinal(byte[] input, int inOff, int inLen) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
protected abstract byte[]	encodeEphPubKey(PublicKey ephPubKey) Encode the ephemeral public key.
protected int	encryptOutputSize(int inLen) Compute the output size of an update() or doFinal() operation of a hybrid asymmetric cipher in encryption mode when given input of the specified length.
protected abstract KeyPair	generateEphKeyPair() Generate an ephemeral key pair.
protected abstract int	getEncEphPubKeySize() Compute and return the size (in bytes) of the encoded ephemeral public key.
protected abstract KeyAgreement	getKeyAgreement() Instantiate and return the key agreement module.
protected void	initCipherDecrypt(Key key, AlgorithmParameterSpec params) Initialize the cipher with a certain key for data encryption.
protected void	initCipherEncrypt(Key key, AlgorithmParameterSpec params, SecureRandom random) Initialize the cipher with a key and parameters for data encryption.
protected byte[]	messageDecrypt(byte[] input) Decrypt the ciphertext stored in input.
protected byte[]	messageEncrypt(byte[] input) Encrypt the plaintext stored in input.
byte[]	update(byte[] input, int inOff, int inLen) Continue a multiple-part encryption or decryption operation.

Methods inherited from class de.flexiprovider.api.AsymmetricHybridCipher

doFinal, getBlockSize, getIV, getOutputSize, getParameters, initDecrypt, initDecrypt, initEncrypt, initEncrypt, initEncrypt, initEncrypt, setMode, setPadding, update

Methods inherited from class de.flexiprovider.api.Cipher

doFinal, doFinal, engineDoFinal, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUpdate, engineUpdate, getKeySize, getName, update

Methods inherited from class java.lang.Object

, clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

random

protected SecureRandom random

the source of randomness

keyParams

protected AlgorithmParameterSpec keyParams

The algorithm parameters obtained from the (private or public) key.

Constructor Detail

IES

protected IES()

Constructor.

Method Detail

update

public byte[] update(byte[] input,
                     int inOff,
                     int inLen)

Continue a multiple-part encryption or decryption operation.

Overrides:

update in class AsymmetricHybridCipher

Parameters:

input - byte array containing the next part of the input

inOff - index in the array where the input starts

inLen - length of the input

Returns:

the processed byte array.

doFinal

public byte[] doFinal(byte[] input,
                      int inOff,
                      int inLen)
               throws BadPaddingException

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how this cipher was initialized.

Overrides:

doFinal in class AsymmetricHybridCipher

Parameters:

input - the input buffer

inOff - the offset in input where the input starts

inLen - the input length

Returns:

the new buffer with the result

Throws:

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

initCipherEncrypt

protected void initCipherEncrypt(Key key,
                                 AlgorithmParameterSpec params,
                                 SecureRandom random)
                          throws InvalidKeyException,
                                 InvalidAlgorithmParameterException

Initialize the cipher with a key and parameters for data encryption. The parameters have to be an instance of IESParameterSpec.

Overrides:

initCipherEncrypt in class AsymmetricHybridCipher

Parameters:

key - the key

params - the parameters

random - the source of randomness

Throws:

InvalidKeyException - if the key is inappropriate.

InvalidAlgorithmParameterException - if the parameters are not an instance of IESParameterSpec or the ephemeral key pair stored in the parameters is invalid.

initCipherDecrypt

protected void initCipherDecrypt(Key key,
                                 AlgorithmParameterSpec params)
                          throws InvalidKeyException,
                                 InvalidAlgorithmParameterException

Initialize the cipher with a certain key for data encryption.

Overrides:

initCipherDecrypt in class AsymmetricHybridCipher

Parameters:

key - the key

params - the algorithm parameters

Throws:

InvalidKeyException - if the given key is inappropriate for initializing this cipher.

InvalidAlgorithmParameterException - if the given parameters are inappropriate for initializing this cipher.

decryptOutputSize

protected int decryptOutputSize(int inLen)

Description copied from class: AsymmetricHybridCipher

Compute the output size of an update() or doFinal() operation of a hybrid asymmetric cipher in decryption mode when given input of the specified length.

Overrides:

decryptOutputSize in class AsymmetricHybridCipher

Following copied from class: de.flexiprovider.api.AsymmetricHybridCipher

Parameters:

inLen - the length of the input

Returns:

the output size

encryptOutputSize

protected int encryptOutputSize(int inLen)

Description copied from class: AsymmetricHybridCipher

Compute the output size of an update() or doFinal() operation of a hybrid asymmetric cipher in encryption mode when given input of the specified length.

Overrides:

encryptOutputSize in class AsymmetricHybridCipher

Following copied from class: de.flexiprovider.api.AsymmetricHybridCipher

Parameters:

inLen - the length of the input

Returns:

the output size

messageEncrypt

protected byte[] messageEncrypt(byte[] input)
                         throws BadPaddingException

Encrypt the plaintext stored in input. The method should also perform an additional length check.

Parameters:

input - the plaintext to be encrypted

Returns:

the encrypted message

Throws:

BadPaddingException - if encryption fails.

messageDecrypt

protected byte[] messageDecrypt(byte[] input)
                         throws BadPaddingException

Decrypt the ciphertext stored in input. If MAC verification fails, null is returned.

Parameters:

input - the message to be decrypted

Returns:

the decrypted ciphertext

Throws:

BadPaddingException - if the ciphertext is invalid.

checkPubKey

protected abstract PublicKey checkPubKey(Key key)
                                  throws InvalidKeyException

Check whether the given encryption key is of the correct type. If so, set the key parameters and return the checked key. If not, throw an InvalidKeyException.

Parameters:

key - the key to be checked

Returns:

the checked key

Throws:

InvalidKeyException - if the given key is inappropriate.

checkPrivKey

protected abstract PrivateKey checkPrivKey(Key key)
                                    throws InvalidKeyException

Check whether the given decryption key is of the correct type. If so, set the key parameters and return the checked key. If not, throw an InvalidKeyException.

Parameters:

key - the key to be checked

Returns:

the checked key

Throws:

InvalidKeyException - if the given key is inappropriate.

getKeyAgreement

protected abstract KeyAgreement getKeyAgreement()

Instantiate and return the key agreement module.

Returns:

the key agreement module

generateEphKeyPair

protected abstract KeyPair generateEphKeyPair()

Generate an ephemeral key pair. This method is used in case no ephemeral key pair is specified via the IESParameterSpec during initialization.

Returns:

the generated ephemeral key pair

encodeEphPubKey

protected abstract byte[] encodeEphPubKey(PublicKey ephPubKey)

Encode the ephemeral public key.

Parameters:

ephPubKey - the ephemeral public key

Returns:

the encoded key

getEncEphPubKeySize

protected abstract int getEncEphPubKeySize()

Compute and return the size (in bytes) of the encoded ephemeral public key.

Returns:

the size of the encoded ephemeral public key

decodeEphPubKey

protected abstract PublicKey decodeEphPubKey(byte[] encEphPubKey)

Decode the ephemeral public key.

Parameters:

encEphPubKey - the encoded ephemeral public key

Returns:

the decoded key