archive/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2025-08-28 15:24:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

8288050: Add support of SHA-512/224 and SHA-512/256 to the PBKDF2 and PBES2 impls in SunJCE provider

Browse source 
Reviewed-by: weijun
This commit is contained in:
Valerie Peng 2023-01-26 22:07:31 +00:00
parent d6007a356f
commit 7eff578768
26 changed files with 390 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

93
src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -70,51 +70,49 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
validTypes.add("PBEWithHmacSHA256AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA384AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/224AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/256AndAES_128".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA1AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA224AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA256AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA384AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/224AndAES_256".toUpperCase(Locale.ENGLISH));
validTypes.add("PBEWithHmacSHA512/256AndAES_256".toUpperCase(Locale.ENGLISH));
}
public static final class PBEWithMD5AndDES
extends PBEKeyFactory {
public PBEWithMD5AndDES() {
public static final class PBEWithMD5AndDES extends PBEKeyFactory {
public PBEWithMD5AndDES() {
super("PBEWithMD5AndDES");
}
}
public static final class PBEWithSHA1AndDESede
extends PBEKeyFactory {
public PBEWithSHA1AndDESede() {
public static final class PBEWithSHA1AndDESede extends PBEKeyFactory {
public PBEWithSHA1AndDESede() {
super("PBEWithSHA1AndDESede");
}
}
public static final class PBEWithSHA1AndRC2_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_40() {
public static final class PBEWithSHA1AndRC2_40 extends PBEKeyFactory {
public PBEWithSHA1AndRC2_40() {
super("PBEWithSHA1AndRC2_40");
}
}
public static final class PBEWithSHA1AndRC2_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
public static final class PBEWithSHA1AndRC2_128 extends PBEKeyFactory {
public PBEWithSHA1AndRC2_128() {
super("PBEWithSHA1AndRC2_128");
}
}
public static final class PBEWithSHA1AndRC4_40
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
public static final class PBEWithSHA1AndRC4_40 extends PBEKeyFactory {
public PBEWithSHA1AndRC4_40() {
super("PBEWithSHA1AndRC4_40");
}
}
public static final class PBEWithSHA1AndRC4_128
extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
public static final class PBEWithSHA1AndRC4_128 extends PBEKeyFactory {
public PBEWithSHA1AndRC4_128() {
super("PBEWithSHA1AndRC4_128");
}
}
@ -122,83 +120,108 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
/*
* Private proprietary algorithm for supporting JCEKS.
*/
public static final class PBEWithMD5AndTripleDES
extends PBEKeyFactory {
public PBEWithMD5AndTripleDES() {
public static final class PBEWithMD5AndTripleDES extends PBEKeyFactory {
public PBEWithMD5AndTripleDES() {
super("PBEWithMD5AndTripleDES");
}
}
public static final class PBEWithHmacSHA1AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
public static final class PBEWithHmacSHA1AndAES_128 extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_128() {
super("PBEWithHmacSHA1AndAES_128");
}
}
public static final class PBEWithHmacSHA224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_128() {
public PBEWithHmacSHA224AndAES_128() {
super("PBEWithHmacSHA224AndAES_128");
}
}
public static final class PBEWithHmacSHA256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_128() {
public PBEWithHmacSHA256AndAES_128() {
super("PBEWithHmacSHA256AndAES_128");
}
}
public static final class PBEWithHmacSHA384AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_128() {
public PBEWithHmacSHA384AndAES_128() {
super("PBEWithHmacSHA384AndAES_128");
}
}
public static final class PBEWithHmacSHA512AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_128() {
public PBEWithHmacSHA512AndAES_128() {
super("PBEWithHmacSHA512AndAES_128");
}
}
public static final class PBEWithHmacSHA1AndAES_256
public static final class PBEWithHmacSHA512_224AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
public PBEWithHmacSHA512_224AndAES_128() {
super("PBEWithHmacSHA512/224AndAES_128");
}
}
public static final class PBEWithHmacSHA512_256AndAES_128
extends PBEKeyFactory {
public PBEWithHmacSHA512_256AndAES_128() {
super("PBEWithHmacSHA512/256AndAES_128");
}
}
public static final class PBEWithHmacSHA1AndAES_256 extends PBEKeyFactory {
public PBEWithHmacSHA1AndAES_256() {
super("PBEWithHmacSHA1AndAES_256");
}
}
public static final class PBEWithHmacSHA224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA224AndAES_256() {
public PBEWithHmacSHA224AndAES_256() {
super("PBEWithHmacSHA224AndAES_256");
}
}
public static final class PBEWithHmacSHA256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA256AndAES_256() {
public PBEWithHmacSHA256AndAES_256() {
super("PBEWithHmacSHA256AndAES_256");
}
}
public static final class PBEWithHmacSHA384AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA384AndAES_256() {
public PBEWithHmacSHA384AndAES_256() {
super("PBEWithHmacSHA384AndAES_256");
}
}
public static final class PBEWithHmacSHA512AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512AndAES_256() {
public PBEWithHmacSHA512AndAES_256() {
super("PBEWithHmacSHA512AndAES_256");
}
}
public static final class PBEWithHmacSHA512_224AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512_224AndAES_256() {
super("PBEWithHmacSHA512/224AndAES_256");
}
}
public static final class PBEWithHmacSHA512_256AndAES_256
extends PBEKeyFactory {
public PBEWithHmacSHA512_256AndAES_256() {
super("PBEWithHmacSHA512/256AndAES_256");
}
}
/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).

33
src/java.base/share/classes/com/sun/crypto/provider/PBES2Core.java
View file

@ -89,6 +89,12 @@ abstract class PBES2Core extends CipherSpi {
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
case "HmacSHA512/224":
kdf = new PBKDF2Core.HmacSHA512_224();
break;
case "HmacSHA512/256":
kdf = new PBKDF2Core.HmacSHA512_256();
break;
default:
throw new NoSuchAlgorithmException(
"No Cipher implementation for " + kdfAlgo);
@ -370,6 +376,20 @@ abstract class PBES2Core extends CipherSpi {
}
}
public static final class HmacSHA512_224AndAES_128 extends PBES2Core {
public HmacSHA512_224AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/224", "AES", 16);
}
}
public static final class HmacSHA512_256AndAES_128 extends PBES2Core {
public HmacSHA512_256AndAES_128()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/256", "AES", 16);
}
}
public static final class HmacSHA1AndAES_256 extends PBES2Core {
public HmacSHA1AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
@ -404,4 +424,17 @@ abstract class PBES2Core extends CipherSpi {
super("HmacSHA512", "AES", 32);
}
}
public static final class HmacSHA512_224AndAES_256 extends PBES2Core {
public HmacSHA512_224AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/224", "AES", 32);
}
}
public static final class HmacSHA512_256AndAES_256 extends PBES2Core {
public HmacSHA512_256AndAES_256()
throws NoSuchAlgorithmException, NoSuchPaddingException {
super("HmacSHA512/256", "AES", 32);
}
}
}

35
src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
View file

@ -166,6 +166,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
case "HmacSHA256":
case "HmacSHA384":
case "HmacSHA512":
case "HmacSHA512/224":
case "HmacSHA512/256":
kdfAlgo_OID = ObjectIdentifier.of(KnownOIDs.findMatch(kdfAlgo));
break;
default:
@ -285,7 +287,9 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
!o.stdName().equals("HmacSHA224") &&
!o.stdName().equals("HmacSHA256") &&
!o.stdName().equals("HmacSHA384") &&
!o.stdName().equals("HmacSHA512"))) {
!o.stdName().equals("HmacSHA512") &&
!o.stdName().equals("HmacSHA512/224") &&
!o.stdName().equals("HmacSHA512/256"))) {
throw new IOException("PBE parameter parsing error: "
+ "expecting the object identifier for a HmacSHA key "
+ "derivation function");
@ -360,7 +364,7 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
}
DerOutputStream prf = new DerOutputStream();
// algorithm is id-hmacWithSHA1/SHA224/SHA256/SHA384/SHA512
// algorithm is id-hmacWith<MD>
prf.putOID(kdfAlgo_OID);
// parameters is 'NULL'
prf.putNull();
@ -397,7 +401,8 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
*
* The algorithn name pattern is: "PBEWith<prf>And<encryption>"
* where <prf> is one of: HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384,
* or HmacSHA512, and <encryption> is AES with a keysize suffix.
* HmacSHA512, HmacSHA512/224, or HmacSHA512/256 and <encryption> is
* AES with a keysize suffix.
*/
protected String engineToString() {
return pbes2AlgorithmName;
@ -439,6 +444,18 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
}
}
public static final class HmacSHA512_224AndAES_128 extends PBES2Parameters {
public HmacSHA512_224AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/224AndAES_128");
}
}
public static final class HmacSHA512_256AndAES_128 extends PBES2Parameters {
public HmacSHA512_256AndAES_128() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/256AndAES_128");
}
}
public static final class HmacSHA1AndAES_256 extends PBES2Parameters {
public HmacSHA1AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA1AndAES_256");
@ -468,4 +485,16 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
super("PBEWithHmacSHA512AndAES_256");
}
}
public static final class HmacSHA512_224AndAES_256 extends PBES2Parameters {
public HmacSHA512_224AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/224AndAES_256");
}
}
public static final class HmacSHA512_256AndAES_256 extends PBES2Parameters {
public HmacSHA512_256AndAES_256() throws NoSuchAlgorithmException {
super("PBEWithHmacSHA512/256AndAES_256");
}
}
}

17
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java
View file

@ -35,8 +35,9 @@ import javax.crypto.spec.PBEKeySpec;
/**
* This class implements a key factory for PBE keys derived using
* PBKDF2 with HmacSHA1/HmacSHA224/HmacSHA256/HmacSHA384/HmacSHA512
* pseudo random function (PRF) as defined in PKCS#5 v2.1.
* PBKDF2 with HmacSHA1, HmacSHA224, HmacSHA256, HmacSHA384, HmacSHA512,
* HmacSHA512/224, and HmacSHA512/256 pseudo random function (PRF) as
* defined in PKCS#5 v2.1.
*
* @author Valerie Peng
*
@ -193,4 +194,16 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
super("HmacSHA512");
}
}
public static final class HmacSHA512_224 extends PBKDF2Core {
public HmacSHA512_224() {
super("HmacSHA512/224");
}
}
public static final class HmacSHA512_256 extends PBKDF2Core {
public HmacSHA512_256() {
super("HmacSHA512/256");
}
}
}

20
src/java.base/share/classes/com/sun/crypto/provider/PBMAC1Core.java
View file

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -76,6 +76,12 @@ abstract class PBMAC1Core extends HmacCore {
case "HmacSHA512":
kdf = new PBKDF2Core.HmacSHA512();
break;
case "HmacSHA512/224":
kdf = new PBKDF2Core.HmacSHA512_224();
break;
case "HmacSHA512/256":
kdf = new PBKDF2Core.HmacSHA512_256();
break;
default:
throw new ProviderException(
"No MAC implementation for " + algo);
@ -221,4 +227,16 @@ abstract class PBMAC1Core extends HmacCore {
super("HmacSHA512", "SHA-512", 128);
}
}
public static final class HmacSHA512_224 extends PBMAC1Core {
public HmacSHA512_224() throws NoSuchAlgorithmException {
super("HmacSHA512/224", "SHA-512/224", 128);
}
}
public static final class HmacSHA512_256 extends PBMAC1Core {
public HmacSHA512_256() throws NoSuchAlgorithmException {
super("HmacSHA512/256", "SHA-512/256", 128);
}
}
}

46
src/java.base/share/classes/com/sun/crypto/provider/SunJCE.java
View file

@ -347,6 +347,13 @@ public final class SunJCE extends Provider {
ps("Cipher", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_128");
ps("Cipher", "PBEWithHmacSHA512/224AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_128");
ps("Cipher", "PBEWithHmacSHA512/256AndAES_128",
"com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_128");
ps("Cipher", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA1AndAES_256");
@ -362,6 +369,12 @@ public final class SunJCE extends Provider {
ps("Cipher", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA512AndAES_256");
ps("Cipher", "PBEWithHmacSHA512/224AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA512_224AndAES_256");
ps("Cipher", "PBEWithHmacSHA512/256AndAES_256",
"com.sun.crypto.provider.PBES2Core$HmacSHA512_256AndAES_256");
/*
* Key(pair) Generator engines
*/
@ -498,6 +511,12 @@ public final class SunJCE extends Provider {
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA512/224AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512_224AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA512/256AndAES_128",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512_256AndAES_128");
ps("AlgorithmParameters", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA1AndAES_256");
@ -513,6 +532,12 @@ public final class SunJCE extends Provider {
ps("AlgorithmParameters", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA512/224AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512_224AndAES_256");
ps("AlgorithmParameters", "PBEWithHmacSHA512/256AndAES_256",
"com.sun.crypto.provider.PBES2Parameters$HmacSHA512_256AndAES_256");
ps("AlgorithmParameters", "Blowfish",
"com.sun.crypto.provider.BlowfishParameters");
@ -595,6 +620,12 @@ public final class SunJCE extends Provider {
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA512/224AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_224AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_128",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_128");
ps("SecretKeyFactory", "PBEWithHmacSHA1AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA1AndAES_256");
@ -610,6 +641,12 @@ public final class SunJCE extends Provider {
ps("SecretKeyFactory", "PBEWithHmacSHA512AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA512/224AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_224AndAES_256");
ps("SecretKeyFactory", "PBEWithHmacSHA512/256AndAES_256",
"com.sun.crypto.provider.PBEKeyFactory$PBEWithHmacSHA512_256AndAES_256");
// PBKDF2
psA("SecretKeyFactory", "PBKDF2WithHmacSHA1",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA1",
@ -622,6 +659,10 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.PBKDF2Core$HmacSHA384");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA512",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/224",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512_224");
ps("SecretKeyFactory", "PBKDF2WithHmacSHA512/256",
"com.sun.crypto.provider.PBKDF2Core$HmacSHA512_256");
/*
* MAC
@ -686,6 +727,11 @@ public final class SunJCE extends Provider {
"com.sun.crypto.provider.PBMAC1Core$HmacSHA384", null, attrs);
ps("Mac", "PBEWithHmacSHA512",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA512", null, attrs);
ps("Mac", "PBEWithHmacSHA512/224",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA512_224", null, attrs);
ps("Mac", "PBEWithHmacSHA512/256",
"com.sun.crypto.provider.PBMAC1Core$HmacSHA512_256", null, attrs);
ps("Mac", "SslMacMD5",
"com.sun.crypto.provider.SslMacCore$SslMacMD5", null, attrs);
ps("Mac", "SslMacSHA1",

56
src/java.base/share/classes/javax/crypto/Cipher.java
View file

@ -308,6 +308,8 @@ public class Cipher {
this.lock = new Object();
}
private static final String SHA512TRUNCATED = "SHA512/2";
private static String[] tokenizeTransformation(String transformation)
throws NoSuchAlgorithmException {
if (transformation == null) {
@ -320,27 +322,31 @@ public class Cipher {
* index 1: feedback component (e.g., CFB)
* index 2: padding component (e.g., PKCS5Padding)
*/
String[] parts = new String[3];
int count = 0;
StringTokenizer parser = new StringTokenizer(transformation, "/");
try {
while (parser.hasMoreTokens() && count < 3) {
parts[count++] = parser.nextToken().trim();
}
if (count == 0 || count == 2) {
String[] parts = { "", "", "" };
// check if the transformation contains algorithms with "/" in their
// name which can cause the parsing logic to go wrong
int sha512Idx = transformation.toUpperCase(Locale.ENGLISH)
.indexOf(SHA512TRUNCATED);
int startIdx = (sha512Idx == -1 ? 0 :
sha512Idx + SHA512TRUNCATED.length());
int endIdx = transformation.indexOf('/', startIdx);
if (endIdx == -1) {
// algorithm
parts[0] = transformation.trim();
} else {
// algorithm/mode/padding
parts[0] = transformation.substring(0, endIdx).trim();
startIdx = endIdx+1;
endIdx = transformation.indexOf('/', startIdx);
if (endIdx == -1) {
throw new NoSuchAlgorithmException("Invalid transformation"
+ " format:" +
transformation);
+ " format:" + transformation);
}
// treats all subsequent tokens as part of padding
if (count == 3 && parser.hasMoreTokens()) {
parts[2] = parts[2] + parser.nextToken("\r\n");
}
} catch (NoSuchElementException e) {
throw new NoSuchAlgorithmException("Invalid transformation " +
"format:" + transformation);
parts[1] = transformation.substring(startIdx, endIdx).trim();
parts[2] = transformation.substring(endIdx+1).trim();
}
if ((parts[0] == null) || (parts[0].isEmpty())) {
if (parts[0].isEmpty()) {
throw new NoSuchAlgorithmException("Invalid transformation: " +
"algorithm not specified-"
+ transformation);
@ -444,19 +450,13 @@ public class Cipher {
String alg = parts[0];
String mode = parts[1];
String pad = parts[2];
if ((mode != null) && (mode.isEmpty())) {
mode = null;
}
if ((pad != null) && (pad.isEmpty())) {
pad = null;
}
if ((mode == null) && (pad == null)) {
// AES
if ((mode.length() == 0) && (pad.length() == 0)) {
// Algorithm only
Transform tr = new Transform(alg, "", null, null);
return Collections.singletonList(tr);
} else { // if ((mode != null) && (pad != null)) {
// AES/CBC/PKCS5Padding
} else {
// Algorithm w/ at least mode or padding or both
List<Transform> list = new ArrayList<>(4);
list.add(new Transform(alg, "/" + mode + "/" + pad, null, null));
list.add(new Transform(alg, "/" + mode, null, pad));