cryptix.provider.padding
Class PKCS7

java.lang.Object
  |
  +--xjava.security.IJCE_Traceable
        |
        +--xjava.security.PaddingScheme
              |
              +--cryptix.provider.padding.PKCS7
All Implemented Interfaces:
Padding, Parameterized

public class PKCS7
extends PaddingScheme

A class for padding cipher data according to the following scheme, described in section 10.3 of RSA Data Security, Inc.'s PKCS #7 standard:

    Some content-encryption algorithms assume the
    input length is a multiple of k octets, where k >
    1, and let the application define a method for
    handling inputs whose lengths are not a multiple
    of k octets. For such algorithms, the method shall
    be to pad the input at the trailing end with k -
    (l mod k) octets all having value k - (l mod k),
    where l is the length of the input. In other
    words, the input is padded at the trailing end
    with one of the following strings:
 
01 -- if l mod k = k-1 02 02 -- if l mod k = k-2 . . . k k ... k k -- if l mod k = 0
The padding can be removed unambiguously since all input is padded and no padding string is a suffix of another. This padding method is well-defined if and only if k < 256; methods for larger k are an open issue for further study.

An IllegalBlockSizeException is thrown (by the Cipher class) if the block size is greater than 255 bytes.

References:

  1. PKCS#7: Cryptographic Message Syntax Standard. An RSA Laboratories Technical Note; Version 1.5; Revised November 1, 1993.

Copyright © 1997 Systemics Ltd on behalf of the Cryptix Development Team.
All rights reserved.

$Revision: 1.6 $

Since:
Cryptix 2.2.2
Author:
Raif S. Naffah, David Hopwood

Fields inherited from class xjava.security.PaddingScheme
blockSize
 
Fields inherited from class xjava.security.IJCE_Traceable
tracing
 
Constructor Summary
PKCS7()
          Creates a PKCS7 object.
 
Method Summary
protected  boolean engineIsValidBlockSize(int size)
          SPI: Returns true if size is a valid block size (in bytes) for this algorithm.
protected  int enginePad(byte[] in, int offset, int length)
          Pads a given array of bytes.
protected  int engineUnpad(byte[] in, int offset, int length)
          Given the specified subarray of bytes that includes padding bytes, returns the index indicating where padding starts.
 
Methods inherited from class xjava.security.PaddingScheme
clone, engineGetParameter, engineSetBlockSize, engineSetParameter, getAlgorithm, getAlgorithms, getAlgorithms, getBlockSize, getInstance, getInstance, getParameter, pad, paddingScheme, padLength, setParameter, toString, unpad
 
Methods inherited from class xjava.security.IJCE_Traceable
, disableTracing, enableTracing, traceMethod, traceResult, traceResult, traceVoidMethod
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

PKCS7

public PKCS7()
Creates a PKCS7 object.
Method Detail

enginePad

protected int enginePad(byte[] in,
                        int offset,
                        int length)
Pads a given array of bytes. The padding is written to the same buffer that is used for input (in). When this method returns, the padded block will be stored at in[offset+length..offset+blocksize-1].
Overrides:
enginePad in class PaddingScheme
Parameters:
in - the buffer containing the incomplete block.
offset - the offset into the in buffer of the first byte in the group of bytes to be padded.
length - the number of bytes from the in buffer, starting at offset, that need to be padded.

engineUnpad

protected int engineUnpad(byte[] in,
                          int offset,
                          int length)
Given the specified subarray of bytes that includes padding bytes, returns the index indicating where padding starts.

For PKCS#7, the padding bytes all have value blockSize - (length % blockSize). Hence to find the number of added bytes, it's enough to consider the last byte value of the padded message.

Overrides:
engineUnpad in class PaddingScheme
Parameters:
in - the buffer containing the bytes.
offset - the offset into the in buffer of the first byte in the block.
length - the length of the block in bytes.
Returns:
the index into the in buffer indicating where the padding starts.
Throws:
CryptixException - if the number of padding bytes is invalid.

engineIsValidBlockSize

protected boolean engineIsValidBlockSize(int size)
SPI: Returns true if size is a valid block size (in bytes) for this algorithm.

For PKCS#7 padding, values of size between 1 and 255 bytes inclusive are valid.

Overrides:
engineIsValidBlockSize in class PaddingScheme