/*
 * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */

package javax.crypto.spec;

import java.security.spec.AlgorithmParameterSpec;

Specifies the set of parameters required by a Cipher using the Galois/Counter Mode (GCM) mode.

Simple block cipher modes (such as CBC) generally require only an initialization vector (such as IvParameterSpec), but GCM needs these parameters:

  • IV: Initialization Vector (IV)
  • tLen: length (in bits) of authentication tag T

In addition to the parameters described here, other GCM inputs/output (Additional Authenticated Data (AAD), Keys, block ciphers, plain/ciphertext and authentication tags) are handled in the Cipher class.

Please see RFC 5116 for more information on the Authenticated Encryption with Associated Data (AEAD) algorithm, and NIST Special Publication 800-38D, "NIST Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC."

The GCM specification states that tLen may only have the values {128, 120, 112, 104, 96}, or {64, 32} for certain applications. Other values can be specified for this class, but not all CSP implementations will support them.

See Also:
Since:1.7
/** * Specifies the set of parameters required by a {@link * javax.crypto.Cipher} using the Galois/Counter Mode (GCM) mode. * <p> * Simple block cipher modes (such as CBC) generally require only an * initialization vector (such as {@code IvParameterSpec}), * but GCM needs these parameters: * <ul> * <li>{@code IV}: Initialization Vector (IV) </li> * <li>{@code tLen}: length (in bits) of authentication tag T</li> * </ul> * <p> * In addition to the parameters described here, other GCM inputs/output * (Additional Authenticated Data (AAD), Keys, block ciphers, * plain/ciphertext and authentication tags) are handled in the {@code * Cipher} class. * <p> * Please see <a href="http://www.ietf.org/rfc/rfc5116.txt"> RFC 5116 * </a> for more information on the Authenticated Encryption with * Associated Data (AEAD) algorithm, and <a href= * "http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf"> * NIST Special Publication 800-38D</a>, "NIST Recommendation for Block * Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC." * <p> * The GCM specification states that {@code tLen} may only have the * values {128, 120, 112, 104, 96}, or {64, 32} for certain * applications. Other values can be specified for this class, but not * all CSP implementations will support them. * * @see javax.crypto.Cipher * * @since 1.7 */
public class GCMParameterSpec implements AlgorithmParameterSpec { // Initialization Vector. Could use IvParameterSpec, but that // would add extra copies. private byte[] iv; // Required Tag length (in bits). private int tLen;
Constructs a GCMParameterSpec using the specified authentication tag bit-length and IV buffer.
Params:
  • tLen – the authentication tag length (in bits)
  • src – the IV source buffer. The contents of the buffer are copied to protect against subsequent modification.
Throws:
/** * Constructs a GCMParameterSpec using the specified authentication * tag bit-length and IV buffer. * * @param tLen the authentication tag length (in bits) * @param src the IV source buffer. The contents of the buffer are * copied to protect against subsequent modification. * * @throws IllegalArgumentException if {@code tLen} is negative, * or {@code src} is null. */
public GCMParameterSpec(int tLen, byte[] src) { if (src == null) { throw new IllegalArgumentException("src array is null"); } init(tLen, src, 0, src.length); }
Constructs a GCMParameterSpec object using the specified authentication tag bit-length and a subset of the specified buffer as the IV.
Params:
  • tLen – the authentication tag length (in bits)
  • src – the IV source buffer. The contents of the buffer are copied to protect against subsequent modification.
  • offset – the offset in src where the IV starts
  • len – the number of IV bytes
Throws:
  • IllegalArgumentException – if tLen is negative, src is null, len or offset is negative, or the sum of offset and len is greater than the length of the src byte array.
/** * Constructs a GCMParameterSpec object using the specified * authentication tag bit-length and a subset of the specified * buffer as the IV. * * @param tLen the authentication tag length (in bits) * @param src the IV source buffer. The contents of the * buffer are copied to protect against subsequent modification. * @param offset the offset in {@code src} where the IV starts * @param len the number of IV bytes * * @throws IllegalArgumentException if {@code tLen} is negative, * {@code src} is null, {@code len} or {@code offset} is negative, * or the sum of {@code offset} and {@code len} is greater than the * length of the {@code src} byte array. */
public GCMParameterSpec(int tLen, byte[] src, int offset, int len) { init(tLen, src, offset, len); } /* * Check input parameters. */ private void init(int tLen, byte[] src, int offset, int len) { if (tLen < 0) { throw new IllegalArgumentException( "Length argument is negative"); } this.tLen = tLen; // Input sanity check if ((src == null) ||(len < 0) || (offset < 0) || (len > (src.length - offset))) { throw new IllegalArgumentException("Invalid buffer arguments"); } iv = new byte[len]; System.arraycopy(src, offset, iv, 0, len); }
Returns the authentication tag length.
Returns:the authentication tag length (in bits)
/** * Returns the authentication tag length. * * @return the authentication tag length (in bits) */
public int getTLen() { return tLen; }
Returns the Initialization Vector (IV).
Returns:the IV. Creates a new array each time this method is called.
/** * Returns the Initialization Vector (IV). * * @return the IV. Creates a new array each time this method * is called. */
public byte[] getIV() { return iv.clone(); } }