// actual init() implementation
private void implInit(int opmode, Key key, byte[] iv, SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
cancelOperation();
switch (opmode) {
case Cipher.ENCRYPT_MODE:
encrypt = true;
break;
case Cipher.DECRYPT_MODE:
encrypt = false;
break;
default:
throw new InvalidAlgorithmParameterException("Unsupported mode: " + opmode);
}
if (blockMode == MODE_ECB) { // ECB or stream cipher
if (iv != null) {
if (blockSize == 0) {
throw new InvalidAlgorithmParameterException("IV not used with stream ciphers");
} else {
throw new InvalidAlgorithmParameterException("IV not used in ECB mode");
}
}
} else { // MODE_CBC or MODE_CTR
if (iv == null) {
if (encrypt == false) {
String exMsg =
(blockMode == MODE_CBC
? "IV must be specified for decryption in CBC mode"
: "IV must be specified for decryption in CTR mode");
throw new InvalidAlgorithmParameterException(exMsg);
}
// generate random IV
if (random == null) {
random = new SecureRandom();
}
iv = new byte[blockSize];
random.nextBytes(iv);
} else {
if (iv.length != blockSize) {
throw new InvalidAlgorithmParameterException("IV length must match block size");
}
}
}
this.iv = iv;
p11Key = P11SecretKeyFactory.convertKey(token, key, keyAlgorithm);
try {
initialize();
} catch (PKCS11Exception e) {
throw new InvalidKeyException("Could not initialize cipher", e);
}
}
// see JCE spec
@Override
protected int engineGetKeySize(Key key) throws InvalidKeyException {
int n = P11SecretKeyFactory.convertKey(token, key, keyAlgorithm).keyLength();
return n;
}