com.amazonaws.services.s3.internal.crypto

Class GCMCipherLite

java.lang.Object

com.amazonaws.services.s3.internal.crypto.CipherLite

com.amazonaws.services.s3.internal.crypto.GCMCipherLite

public final class GCMCipherLite
extends CipherLite

A AES/GCM specific CipherLite that support re-processing of input data via mark() and reset().

Author:

Hanson Char

See Also:

CipherLite

Field Summary

Fields inherited from class com.amazonaws.services.s3.internal.crypto.CipherLite

Null

Method Summary

Modifier and Type	Method and Description
byte[]	doFinal() Finishes a multiple-part encryption or decryption operation, depending on how the underlying cipher was initialized.
byte[]	doFinal(byte[] input) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
byte[]	doFinal(byte[] input, int inputOffset, int inputLen) Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation.
long	getCurrentCount() For testing purposes.
byte[]	getFinalBytes() For testing purposes only.
long	getMarkedCount() For testing purposes.
long	getOutputByteCount() For testing purposes.
byte[]	getTag() For testing purposes.
long	mark() Marks the current position in this cipher lite.
boolean	markSupported() Tests if this cipher lite supports the mark and reset methods.
void	reset() Repositions this cipher lite to the position at the time the mark method was last called.
byte[]	update(byte[] input, int inputOffset, int inputLen) Continues a multiple-part encryption or decryption operation (depending on how the underlying cipher was initialized), processing another data part.

Methods inherited from class com.amazonaws.services.s3.internal.crypto.CipherLite

createAuxiliary, createInverse, createUsingIV, getBlockSize, getCipher, getCipherAlgorithm, getCipherProvider, getContentCryptoScheme, getIV, getSecretKeyAlgorithm, recreate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

doFinal

public byte[] doFinal()
               throws IllegalBlockSizeException,
                      BadPaddingException

Description copied from class: CipherLite

Finishes a multiple-part encryption or decryption operation, depending on how the underlying cipher was initialized.

Input data that may have been buffered during a previous update operation is processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Note: if any exception is thrown, a new instance of this cipher lite object may need to be constructed before it can be used again. be reconstructed before it can be used again.

Overrides:

doFinal in class CipherLite

Returns:

the new buffer with the result

Throws:

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes

AEADBadTagException - if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

doFinal

public final byte[] doFinal(byte[] input)
                     throws IllegalBlockSizeException,
                            BadPaddingException

Description copied from class: CipherLite

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how the underlying cipher was initialized.

The bytes in the input buffer, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Note: if any exception is thrown, a new instance of this cipher lite object may need to be constructed before it can be used again.

Overrides:

doFinal in class CipherLite

Parameters:

input - the input buffer

Returns:

the new buffer with the result

Throws:

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes; or if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

doFinal

public final byte[] doFinal(byte[] input,
                            int inputOffset,
                            int inputLen)
                     throws IllegalBlockSizeException,
                            BadPaddingException

Description copied from class: CipherLite

Encrypts or decrypts data in a single-part operation, or finishes a multiple-part operation. The data is encrypted or decrypted, depending on how the underlying cipher was initialized.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, and any input bytes that may have been buffered during a previous update operation, are processed, with padding (if requested) being applied. If an AEAD mode such as GCM/CCM is being used, the authentication tag is appended in the case of encryption, or verified in the case of decryption. The result is stored in a new buffer.

Note: if any exception is thrown, a new instance of this cipher lite object may need to be constructed before it can be used again.

Overrides:

doFinal in class CipherLite

Parameters:

input - the input buffer

inputOffset - the offset in input where the input starts

inputLen - the input length

Returns:

the new buffer with the result

Throws:

IllegalBlockSizeException - if this cipher is a block cipher, no padding has been requested (only in encryption mode), and the total input length of the data processed by this cipher is not a multiple of block size; or if this encryption algorithm is unable to process the input data provided.

BadPaddingException - if this cipher is in decryption mode, and (un)padding has been requested, but the decrypted data is not bounded by the appropriate padding bytes; or if this cipher is decrypting in an AEAD mode (such as GCM/CCM), and the received authentication tag does not match the calculated value

update

public byte[] update(byte[] input,
                     int inputOffset,
                     int inputLen)

Description copied from class: CipherLite

Continues a multiple-part encryption or decryption operation (depending on how the underlying cipher was initialized), processing another data part.

The first inputLen bytes in the input buffer, starting at inputOffset inclusive, are processed, and the result is stored in a new buffer.

If inputLen is zero, this method returns null.

Overrides:

update in class CipherLite

Parameters:

inputLen - for mark() and reset() to work correctly, inputLen should always be in multiple of 16 bytes except for the very last part of the plaintext.

input - the input buffer

inputOffset - the offset in input where the input starts

Returns:

the new buffer with the result, or null if the underlying cipher is a block cipher and the input data is too short to result in a new block.

mark

public long mark()

Description copied from class: CipherLite

Marks the current position in this cipher lite. A subsequent call to the reset method repositions this cipher lite at the last marked position so that subsequent crypto operations will be logically performed in an idempotent manner as if the cipher has been rewinded back to the marked position.

The general contract of mark is that, if the method markSupported returns true, the cipher lite somehow remembers the internal state after the call to mark and stands ready to restore to the internal state so that it would be able to produce the same output given the same input again if and whenever the method reset is called.

Overrides:

mark in class CipherLite

Returns:

the current position marked or -1 if mark/reset is not supported.

markSupported

public boolean markSupported()

Description copied from class: CipherLite

Tests if this cipher lite supports the mark and reset methods. Returns false by default, but subclass may override.

Overrides:

markSupported in class CipherLite

reset

public void reset()

Description copied from class: CipherLite

Repositions this cipher lite to the position at the time the mark method was last called.

The general contract of reset is:

• If the method markSupported returns true, then the cipher lite is reset to the internal state since the most recent call to mark (or since the start of the input data, if mark has not been called), so that subsequent callers of the udpate or doFinal method would produce the same output given the same input data identical to the input data after the mark method was last called..
• If the method markSupported returns false, then the call to reset may throw an IllegalStateException.

Overrides:

reset in class CipherLite

getFinalBytes

public byte[] getFinalBytes()

For testing purposes only.

getTag

public byte[] getTag()

For testing purposes. Applicable only during encryption: returns the tag that has been produced; or null otherwise.

getOutputByteCount

public long getOutputByteCount()

For testing purposes.

getCurrentCount

public long getCurrentCount()

For testing purposes.

getMarkedCount

public long getMarkedCount()

For testing purposes.