Modifier and Type | Field and Description |
---|---|
(package private) static ContentCryptoScheme |
AES_CBC
Encryption Only (EO) scheme.
|
(package private) static ContentCryptoScheme |
AES_CTR
This is an auxiliary scheme used for range retrieval when object is
encrypted via AES/GCM.
|
(package private) static ContentCryptoScheme |
AES_GCM
Authenticated Encryption (AE) scheme.
|
(package private) static long |
MAX_CBC_BYTES
The maximum number of bytes that can be securely encrypted per a single key using AES/CBC.
|
(package private) static long |
MAX_CTR_BYTES
The maximum number of bytes that can be securely encrypted per a single key using AES/CTR.
|
(package private) static long |
MAX_GCM_BLOCKS
The maximum number of 16-byte blocks that can be encrypted with a
GCM cipher.
|
(package private) static long |
MAX_GCM_BYTES
The maximum number of bytes that can be encrypted with a
GCM cipher.
|
Constructor and Description |
---|
ContentCryptoScheme() |
Modifier and Type | Method and Description |
---|---|
(package private) byte[] |
adjustIV(byte[] iv,
long startingBytePos) |
(package private) CipherLite |
createAuxillaryCipher(javax.crypto.SecretKey cek,
byte[] iv,
int cipherMode,
java.security.Provider securityProvider,
long startingBytePos) |
(package private) CipherLite |
createCipherLite(javax.crypto.SecretKey cek,
byte[] iv,
int cipherMode)
Creates and initializes a cipher lite for content encrypt/decryption.
|
(package private) CipherLite |
createCipherLite(javax.crypto.SecretKey cek,
byte[] iv,
int cipherMode,
java.security.Provider securityProvider)
Creates and initializes a
CipherLite for content
encrypt/decryption. |
(package private) static ContentCryptoScheme |
fromCEKAlgo(java.lang.String cekAlgo)
Returns the content crypto scheme of the given content encryption algorithm.
|
(package private) static ContentCryptoScheme |
fromCEKAlgo(java.lang.String cekAlgo,
boolean isRangeGet) |
(package private) abstract int |
getBlockSizeInBytes() |
(package private) abstract java.lang.String |
getCipherAlgorithm() |
(package private) abstract int |
getIVLengthInBytes() |
(package private) abstract java.lang.String |
getKeyGeneratorAlgorithm() |
(package private) abstract int |
getKeyLengthInBits() |
(package private) java.lang.String |
getKeySpec()
A convenient method motivated by KMS.
|
(package private) abstract long |
getMaxPlaintextSize()
Returns the maximum size of the plaintext that can be encrypted using
the current scheme per a single secret key; or -1 if there is effectively
no limit.
|
(package private) java.lang.String |
getSpecificCipherProvider()
Returns the only security provider that is known to work with the
cipher algorithm in the current implementation; or null if there is
no specific limitation.
|
(package private) int |
getTagLengthInBits() |
(package private) static byte[] |
incrementBlocks(byte[] counter,
long blockDelta)
Increment the rightmost 32 bits of a 16-byte counter by the specified
delta.
|
protected CipherLite |
newCipherLite(javax.crypto.Cipher cipher,
javax.crypto.SecretKey cek,
int cipherMode)
This is a factory method intended to be overridden by sublcasses to
return the appropriate instance of cipher lite.
|
java.lang.String |
toString() |
static final long MAX_GCM_BLOCKS
Reference: NIST Special Publication 800-38D..
static final long MAX_GCM_BYTES
static final long MAX_CBC_BYTES
static final long MAX_CTR_BYTES
static final ContentCryptoScheme AES_CBC
static final ContentCryptoScheme AES_GCM
static final ContentCryptoScheme AES_CTR
abstract java.lang.String getKeyGeneratorAlgorithm()
abstract java.lang.String getCipherAlgorithm()
java.lang.String getSpecificCipherProvider()
abstract int getKeyLengthInBits()
abstract int getBlockSizeInBytes()
abstract int getIVLengthInBytes()
int getTagLengthInBits()
byte[] adjustIV(byte[] iv, long startingBytePos)
public java.lang.String toString()
toString
in class java.lang.Object
static byte[] incrementBlocks(byte[] counter, long blockDelta)
counter
- a 16-byte counter used in AES/CTRblockDelta
- the number of blocks (16-byte) to incrementstatic ContentCryptoScheme fromCEKAlgo(java.lang.String cekAlgo)
static ContentCryptoScheme fromCEKAlgo(java.lang.String cekAlgo, boolean isRangeGet)
CipherLite createCipherLite(javax.crypto.SecretKey cek, byte[] iv, int cipherMode, java.security.Provider securityProvider)
CipherLite
for content
encrypt/decryption.cek
- content encrypting keyiv
- initialization vectorcipherMode
- such as Cipher.ENCRYPT_MODE
securityProvider
- optional security provider to be used but only if there is no
specific provider defined for the specified scheme.protected CipherLite newCipherLite(javax.crypto.Cipher cipher, javax.crypto.SecretKey cek, int cipherMode)
CipherLite createAuxillaryCipher(javax.crypto.SecretKey cek, byte[] iv, int cipherMode, java.security.Provider securityProvider, long startingBytePos) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, javax.crypto.NoSuchPaddingException, java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
javax.crypto.NoSuchPaddingException
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
CipherLite createCipherLite(javax.crypto.SecretKey cek, byte[] iv, int cipherMode) throws java.security.InvalidKeyException, java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException, javax.crypto.NoSuchPaddingException, java.security.InvalidAlgorithmParameterException
cek
- content encrypting keyiv
- initialization vectorcipherMode
- such as Cipher.ENCRYPT_MODE
java.security.InvalidKeyException
java.security.NoSuchAlgorithmException
java.security.NoSuchProviderException
javax.crypto.NoSuchPaddingException
java.security.InvalidAlgorithmParameterException
abstract long getMaxPlaintextSize()
final java.lang.String getKeySpec()