Initial Contribution

51 files changed, 6075 insertions, 0 deletions

diff --git a/crypto/MODULE_LICENSE_APACHE2 b/crypto/MODULE_LICENSE_APACHE2
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/crypto/MODULE_LICENSE_APACHE2
diff --git a/crypto/src/main/java/javax/crypto/BadPaddingException.java b/crypto/src/main/java/javax/crypto/BadPaddingException.java
new file mode 100644
index 0000000..1b69bc2
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/BadPaddingException.java
@@ -0,0 +1,52 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class BadPaddingException extends GeneralSecurityException {
+
+    /**
+     * @serial
+     */
+    private static final long serialVersionUID = -5315033893984728443L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public BadPaddingException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public BadPaddingException() {
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/Cipher.java b/crypto/src/main/java/javax/crypto/Cipher.java
new file mode 100644
index 0000000..ff94245
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/Cipher.java
@@ -0,0 +1,784 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Boris V. Kuznetsov
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+import org.apache.harmony.crypto.internal.NullCipherSpi;
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class Cipher {
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int DECRYPT_MODE = 2;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int ENCRYPT_MODE = 1;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int PRIVATE_KEY = 2;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int PUBLIC_KEY = 1;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int SECRET_KEY = 3;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int UNWRAP_MODE = 4;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int WRAP_MODE = 3;
+
+    private int mode;
+
+    /**
+     * The service name.
+     */
+    private static final String SERVICE = "Cipher"; //$NON-NLS-1$
+
+    /**
+     * Used to access common engine functionality
+     */
+    private static final Engine engine = new Engine(SERVICE);
+
+    /**
+     * The provider
+     */
+    private Provider provider;
+
+    /**
+     * The SPI implementation.
+     */
+    private CipherSpi spiImpl;
+
+    /**
+     * The transformation.
+     */
+    private String transformation;
+
+    private static SecureRandom sec_rand;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected Cipher(CipherSpi cipherSpi, Provider provider,
+            String transformation) {
+        if (cipherSpi == null) {
+            throw new NullPointerException();
+        }
+        if (!(cipherSpi instanceof NullCipherSpi) && provider == null) {
+            throw new NullPointerException();
+        }
+        this.provider = provider;
+        this.transformation = transformation;
+        this.spiImpl = cipherSpi;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final Cipher getInstance(String transformation)
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+        return getCipher(transformation, null);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final Cipher getInstance(String transformation,
+            String provider) throws NoSuchAlgorithmException,
+            NoSuchProviderException, NoSuchPaddingException {
+
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+
+        Provider p = Security.getProvider(provider);
+        if (p == null) {
+            throw new NoSuchProviderException(Messages.getString("crypto.16", provider)); //$NON-NLS-1$
+        }
+        return getInstance(transformation, p);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final Cipher getInstance(String transformation,
+            Provider provider) throws NoSuchAlgorithmException,
+            NoSuchPaddingException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        Cipher c = getCipher(transformation, provider);
+        return c;
+    }
+
+    /**
+     * Find appropriate Cipher according the specification rules
+     * 
+     * @param transformation
+     * @param provider
+     * @return
+     * @throws NoSuchAlgorithmException
+     * @throws NoSuchPaddingException
+     */
+    private static synchronized Cipher getCipher(String transformation, Provider provider)
+            throws NoSuchAlgorithmException, NoSuchPaddingException {
+
+        if (transformation == null || "".equals(transformation)) { //$NON-NLS-1$
+            throw new NoSuchAlgorithmException(Messages.getString("crypto.17", //$NON-NLS-1$
+                    transformation));
+        }
+
+        String[] transf = checkTransformation(transformation);
+
+        boolean needSetPadding = false;
+        boolean needSetMode = false;
+        if (transf[1] == null && transf[2] == null) { // "algorithm"
+            if (provider == null) {
+                engine.getInstance(transf[0], null);
+            } else {
+                engine.getInstance(transf[0], provider, null);
+            }
+        } else {
+            String[] searhOrder = {
+                    transf[0] + "/" + transf[1] + "/" + transf[2], // "algorithm/mode/padding" //$NON-NLS-1$ //$NON-NLS-2$
+                    transf[0] + "/" + transf[1], // "algorithm/mode" //$NON-NLS-1$
+                    transf[0] + "//" + transf[2], // "algorithm//padding" //$NON-NLS-1$
+                    transf[0] // "algorithm"
+            };
+            int i;
+            for (i = 0; i < searhOrder.length; i++) {
+                try {
+                    if (provider == null) {
+                        engine.getInstance(searhOrder[i], null);
+                    } else {
+                        engine.getInstance(searhOrder[i], provider, null);
+                    }
+                    break;
+                } catch (NoSuchAlgorithmException e) {
+                    if ( i == searhOrder.length-1) {
+                        throw new NoSuchAlgorithmException(transformation);
+                    }
+                }
+            }
+            switch (i) {
+            case 1: // "algorithm/mode"
+                needSetPadding = true;
+                break;
+            case 2: // "algorithm//padding"
+                needSetMode = true;
+                break;
+            case 3: // "algorithm"
+                needSetPadding = true;
+                needSetMode = true;
+            }
+        }
+        CipherSpi cspi;
+        try {
+            cspi = (CipherSpi) engine.spi;
+        } catch (ClassCastException e) {
+            throw new NoSuchAlgorithmException(e);
+        }
+        Cipher c = new Cipher(cspi, engine.provider, transformation);
+        if (needSetMode) {
+            c.spiImpl.engineSetMode(transf[1]);
+        }
+        if (needSetPadding) {
+            c.spiImpl.engineSetPadding(transf[2]);
+        }
+        return c;
+    }
+
+    private static String[] checkTransformation(String transformation)
+            throws NoSuchAlgorithmException {
+        String[] transf = { null, null, null };
+        StringTokenizer st;
+        int i = 0;
+        for (st = new StringTokenizer(transformation, "/"); st //$NON-NLS-1$
+                .hasMoreElements();) {
+            if (i > 2) {
+                throw new NoSuchAlgorithmException(Messages.getString("crypto.17", //$NON-NLS-1$
+                        transformation));
+            }
+            transf[i] = st.nextToken();
+            if (transf[i] != null) {
+                transf[i] = transf[i].trim();
+                if ("".equals(transf[i])) { //$NON-NLS-1$
+                    transf[i] = null;
+                }
+                i++;
+            }
+        }
+        if (transf[0] == null) {
+            throw new NoSuchAlgorithmException(Messages.getString("crypto.17", //$NON-NLS-1$
+                    transformation));
+        }
+        if (!(transf[1] == null && transf[2] == null)
+                && (transf[1] == null || transf[2] == null)) {
+            throw new NoSuchAlgorithmException(Messages.getString("crypto.17", //$NON-NLS-1$
+                    transformation));
+        }
+        return transf;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final String getAlgorithm() {
+        return transformation;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int getBlockSize() {
+        return spiImpl.engineGetBlockSize();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int getOutputSize(int inputLen) {
+        if (mode == 0) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.18")); //$NON-NLS-1$
+        }
+        return spiImpl.engineGetOutputSize(inputLen);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] getIV() {
+        return spiImpl.engineGetIV();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final AlgorithmParameters getParameters() {
+        return spiImpl.engineGetParameters();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final ExemptionMechanism getExemptionMechanism() {
+        //FIXME implement getExemptionMechanism
+
+        //        try {
+        //            return ExemptionMechanism.getInstance(transformation, provider);
+        //        } catch (NoSuchAlgorithmException e) {
+        return null;
+        //        }
+
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key) throws InvalidKeyException {
+        if (sec_rand == null) {
+            // In theory it might be thread-unsafe but in the given case it's OK
+            // since it does not matter which SecureRandom instance is passed
+            // to the init()
+            sec_rand = new SecureRandom();
+        }
+        init(opmode, key, sec_rand);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+        if (opmode != ENCRYPT_MODE && opmode != DECRYPT_MODE
+                && opmode != UNWRAP_MODE && opmode != WRAP_MODE) {
+            throw new InvalidParameterException(Messages.getString("crypto.19")); //$NON-NLS-1$
+        }
+        //        FIXME InvalidKeyException
+        //        if keysize exceeds the maximum allowable keysize
+        //        (jurisdiction policy files)
+        spiImpl.engineInit(opmode, key, random);
+        mode = opmode;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key, AlgorithmParameterSpec params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (sec_rand == null) {
+            sec_rand = new SecureRandom();
+        }
+        init(opmode, key, params, sec_rand);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key, AlgorithmParameterSpec params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException {
+        if (opmode != ENCRYPT_MODE && opmode != DECRYPT_MODE
+                && opmode != UNWRAP_MODE && opmode != WRAP_MODE) {
+            throw new InvalidParameterException(Messages.getString("crypto.19")); //$NON-NLS-1$
+        }
+        //        FIXME InvalidKeyException
+        //        if keysize exceeds the maximum allowable keysize
+        //        (jurisdiction policy files)
+        //        FIXME InvalidAlgorithmParameterException
+        //        cryptographic strength exceed the legal limits
+        //        (jurisdiction policy files)
+        spiImpl.engineInit(opmode, key, params, random);
+        mode = opmode;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key, AlgorithmParameters params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (sec_rand == null) {
+            sec_rand = new SecureRandom();
+        }
+        init(opmode, key, params, sec_rand);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Key key, AlgorithmParameters params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException {
+        if (opmode != ENCRYPT_MODE && opmode != DECRYPT_MODE
+                && opmode != UNWRAP_MODE && opmode != WRAP_MODE) {
+            throw new InvalidParameterException(Messages.getString("crypto.19")); //$NON-NLS-1$
+        }
+        //        FIXME InvalidKeyException
+        //        if keysize exceeds the maximum allowable keysize
+        //        (jurisdiction policy files)
+        //        FIXME InvalidAlgorithmParameterException
+        //        cryptographic strength exceed the legal limits
+        //        (jurisdiction policy files)
+        spiImpl.engineInit(opmode, key, params, random);
+        mode = opmode;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Certificate certificate)
+            throws InvalidKeyException {
+        if (sec_rand == null) {
+            sec_rand = new SecureRandom();
+        }
+        init(opmode, certificate, sec_rand);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int opmode, Certificate certificate,
+            SecureRandom random) throws InvalidKeyException {
+        if (opmode != ENCRYPT_MODE && opmode != DECRYPT_MODE
+                && opmode != UNWRAP_MODE && opmode != WRAP_MODE) {
+            throw new InvalidParameterException(Messages.getString("crypto.19")); //$NON-NLS-1$
+        }
+        if (certificate instanceof X509Certificate) {
+            Set<String> ce = ((X509Certificate) certificate).getCriticalExtensionOIDs();
+            boolean critical = false;
+            if (ce != null && !ce.isEmpty()) {
+                for (String oid : ce) {
+                    if (oid.equals("2.5.29.15")) { //KeyUsage OID = 2.5.29.15 //$NON-NLS-1$
+                        critical = true;
+                        break;
+                    }
+                }
+                if (critical) {
+                    boolean[] keyUsage = ((X509Certificate) certificate)
+                            .getKeyUsage();
+                    // As specified in RFC 3280 -
+                    // Internet X.509 Public Key Infrastructure
+                    // Certificate and Certificate Revocation List (CRL) Profile.
+                    // (http://www.ietf.org/rfc/rfc3280.txt)
+                    //
+                    // KeyUsage ::= BIT STRING {digitalSignature (0),
+                    //                          ...
+                    //                          encipherOnly (7),
+                    //                          decipherOnly (8) }
+                    if (keyUsage != null) {
+                        if (opmode == ENCRYPT_MODE && (!keyUsage[7])) {
+                            throw new InvalidKeyException(
+                                    Messages.getString("crypto.1A")); //$NON-NLS-1$
+                        } else if (opmode == DECRYPT_MODE && (!keyUsage[8])) {
+                            throw new InvalidKeyException(
+                                    Messages.getString("crypto.1B")); //$NON-NLS-1$
+                        }
+                    }
+                }
+            }
+        }
+        //        FIXME InvalidKeyException
+        //        if keysize exceeds the maximum allowable keysize
+        //        (jurisdiction policy files)
+        spiImpl.engineInit(opmode, certificate.getPublicKey(), random);
+        mode = opmode;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] update(byte[] input) {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (input == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.1D")); //$NON-NLS-1$
+        }
+        if (input.length == 0) {
+            return null;
+        }
+        return spiImpl.engineUpdate(input, 0, input.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] update(byte[] input, int inputOffset, int inputLen) {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (input == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.1D")); //$NON-NLS-1$
+        }
+        if (inputOffset < 0 || inputLen < 0
+                || inputLen > input.length 
+                || inputOffset > input.length - inputLen) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.1E")); //$NON-NLS-1$
+        }
+        if (input.length == 0) {
+            return null;
+        }
+        return spiImpl.engineUpdate(input, inputOffset, inputLen);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int update(byte[] input, int inputOffset, int inputLen,
+            byte[] output) throws ShortBufferException {
+        return update(input, inputOffset, inputLen, output, 0);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int update(byte[] input, int inputOffset, int inputLen,
+            byte[] output, int outputOffset) throws ShortBufferException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (input == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.1D")); //$NON-NLS-1$
+        }
+        if (output == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.1F")); //$NON-NLS-1$
+        }
+        if (outputOffset < 0) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.20")); //$NON-NLS-1$
+        }
+        if (inputOffset < 0 || inputLen < 0
+                || inputLen > input.length
+                || inputOffset > input.length - inputLen) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.21")); //$NON-NLS-1$
+        }
+        if (input.length == 0) {
+            return 0;
+        }
+        return spiImpl.engineUpdate(input, inputOffset, inputLen, output,
+                outputOffset);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int update(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (input == output) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.22")); //$NON-NLS-1$
+        }
+        return spiImpl.engineUpdate(input, output);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] doFinal() throws IllegalBlockSizeException,
+            BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(null, 0, 0);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int doFinal(byte[] output, int outputOffset)
+            throws IllegalBlockSizeException, ShortBufferException,
+            BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (outputOffset < 0) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.20")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(null, 0, 0, output, outputOffset);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] doFinal(byte[] input) throws IllegalBlockSizeException,
+            BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(input, 0, input.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] doFinal(byte[] input, int inputOffset, int inputLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (inputOffset < 0 || inputLen < 0
+                || inputOffset + inputLen > input.length) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.1E")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(input, inputOffset, inputLen);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int doFinal(byte[] input, int inputOffset, int inputLen,
+            byte[] output) throws ShortBufferException,
+            IllegalBlockSizeException, BadPaddingException {
+        return doFinal(input, inputOffset, inputLen, output, 0);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int doFinal(byte[] input, int inputOffset, int inputLen,
+            byte[] output, int outputOffset) throws ShortBufferException,
+            IllegalBlockSizeException, BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (inputOffset < 0 || inputLen < 0
+                || inputOffset + inputLen > input.length) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.1E")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(input, inputOffset, inputLen, output,
+                outputOffset);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int doFinal(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException, IllegalBlockSizeException,
+            BadPaddingException {
+        if (mode != ENCRYPT_MODE && mode != DECRYPT_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        if (input == output) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.2E")); //$NON-NLS-1$
+        }
+        return spiImpl.engineDoFinal(input, output);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] wrap(Key key) throws IllegalBlockSizeException,
+            InvalidKeyException {
+        if (mode != WRAP_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        return spiImpl.engineWrap(key);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Key unwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+            int wrappedKeyType) throws InvalidKeyException,
+            NoSuchAlgorithmException {
+        if (mode != UNWRAP_MODE) {
+            throw new IllegalStateException(
+                    Messages.getString("crypto.1C")); //$NON-NLS-1$
+        }
+        return spiImpl.engineUnwrap(wrappedKey, wrappedKeyAlgorithm,
+                wrappedKeyType);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final int getMaxAllowedKeyLength(String transformation)
+            throws NoSuchAlgorithmException {
+        if (transformation == null) {
+            throw new NullPointerException();
+        }
+        checkTransformation(transformation);
+        //FIXME jurisdiction policy files
+        return Integer.MAX_VALUE;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final AlgorithmParameterSpec getMaxAllowedParameterSpec(
+            String transformation) throws NoSuchAlgorithmException {
+        if (transformation == null) {
+            throw new NullPointerException();
+        }
+        checkTransformation(transformation);
+        //FIXME jurisdiction policy files
+        return null;
+    }
+}
diff --git a/crypto/src/main/java/javax/crypto/CipherInputStream.java b/crypto/src/main/java/javax/crypto/CipherInputStream.java
new file mode 100644
index 0000000..a9258ed
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/CipherInputStream.java
@@ -0,0 +1,165 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.io.FilterInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import javax.crypto.NullCipher;
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class CipherInputStream extends FilterInputStream {
+
+    private final Cipher cipher;
+    private final int I_BUFFER_SIZE = 20;
+    private final byte[] i_buffer = new byte[I_BUFFER_SIZE];
+    private int index; // index of the bytes to return from o_buffer
+    private byte[] o_buffer;
+    private boolean finished;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public CipherInputStream(InputStream is, Cipher c) {
+        super(is);
+        this.cipher = c;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    protected CipherInputStream(InputStream is) {
+        this(is, new NullCipher());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int read() throws IOException {
+        if (finished) {
+            return ((o_buffer == null) || (index == o_buffer.length)) 
+                            ? -1 
+                            : o_buffer[index++] & 0xFF;
+        }
+        if ((o_buffer != null) && (index < o_buffer.length)) {
+            return o_buffer[index++] & 0xFF;
+        }
+        index = 0;
+        o_buffer = null;
+        int num_read;
+        while (o_buffer == null) {
+            if ((num_read = in.read(i_buffer)) == -1) {
+                try {
+                    o_buffer = cipher.doFinal();
+                } catch (Exception e) {
+                    throw new IOException(e.getMessage());
+                }
+                finished = true;
+                break;
+            }
+            o_buffer = cipher.update(i_buffer, 0, num_read);
+        }
+        return read();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int read(byte[] b) throws IOException {
+        return read(b, 0, b.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int read(byte[] b, int off, int len) throws IOException {
+        if (in == null) {
+            throw new NullPointerException("Underlying input stream is null");
+        }
+
+        int read_b;
+        int i;
+        for (i=0; i<len; i++) {
+            if ((read_b = read()) == -1) {
+                return (i == 0) ? -1 : i; 
+            }
+            if (b != null) {
+                b[off+i] = (byte) read_b;
+            }
+        }
+        return i;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public long skip(long n) throws IOException {
+        long i = 0;
+        int available = available();
+        if (available < n) {
+            n = available;
+        }
+        while ((i < n) && (read() != -1)) {
+            i++;
+        }
+        return i;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int available() throws IOException {
+        return 0;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void close() throws IOException {
+        in.close();
+        try {
+            cipher.doFinal();
+        } catch (GeneralSecurityException ignore) {
+            //do like RI does
+        }
+
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public boolean markSupported() {
+        return false;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/CipherOutputStream.java b/crypto/src/main/java/javax/crypto/CipherOutputStream.java
new file mode 100644
index 0000000..739d185
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/CipherOutputStream.java
@@ -0,0 +1,123 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import javax.crypto.NullCipher;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class CipherOutputStream extends FilterOutputStream {
+
+    private final Cipher cipher;
+    private final byte[] arr = new byte[1];
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public CipherOutputStream(OutputStream os, Cipher c) {
+        super(os);
+        cipher = c;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    protected CipherOutputStream(OutputStream os) {
+        this(os, new NullCipher());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void write(int b) throws IOException {
+        byte[] result;
+        arr[0] = (byte) b;
+        result = cipher.update(arr);
+        if (result != null) {
+            out.write(result);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void write(byte[] b) throws IOException {
+        write(b, 0, b.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void write(byte[] b, int off, int len) throws IOException {
+        if (len == 0) {
+            return;
+        }
+        byte[] result = cipher.update(b, off, len);
+        if (result != null) {
+            out.write(result);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void flush() throws IOException {
+        out.flush();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public void close() throws IOException {
+        byte[] result;
+        try {
+            if (cipher != null) {
+                result = cipher.doFinal();
+                if (result != null) {
+                    out.write(result);
+                }
+            }
+            if (out != null) {
+                out.flush();
+            }
+        } catch (BadPaddingException e) {
+            throw new IOException(e.getMessage());
+        } catch (IllegalBlockSizeException e) {
+            throw new IOException(e.getMessage());
+        } finally {
+            if (out != null) {
+                out.close();
+            }
+        }
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/CipherSpi.java b/crypto/src/main/java/javax/crypto/CipherSpi.java
new file mode 100644
index 0000000..186b23b
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/CipherSpi.java
@@ -0,0 +1,254 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+import java.nio.ByteBuffer;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+
+public abstract class CipherSpi {
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public CipherSpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineSetMode(String mode)
+            throws NoSuchAlgorithmException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineSetPadding(String padding)
+            throws NoSuchPaddingException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGetBlockSize();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGetOutputSize(int inputLen);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineGetIV();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract AlgorithmParameters engineGetParameters();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(int opmode, Key key,
+            AlgorithmParameterSpec params, SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(int opmode, Key key,
+            AlgorithmParameters params, SecureRandom random)
+            throws InvalidKeyException, InvalidAlgorithmParameterException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineUpdate(byte[] input, int inputOffset,
+            int inputLen);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineUpdate(byte[] input, int inputOffset,
+            int inputLen, byte[] output, int outputOffset)
+            throws ShortBufferException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected int engineUpdate(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException {
+        if (input == null) {
+            throw new NullPointerException(Messages.getString("crypto.0C")); //$NON-NLS-1$
+        }
+        if (output == null) {
+            throw new NullPointerException(Messages.getString("crypto.0D")); //$NON-NLS-1$
+        }
+        int position = input.position();
+        int limit = input.limit();
+        if ((limit - position) <= 0) {
+            return 0;
+        }
+        byte[] bInput;
+        byte[] bOutput;
+        if (input.hasArray()) {
+            bInput = input.array();
+            int offset = input.arrayOffset();
+            bOutput = engineUpdate(bInput, offset + position, limit - position);
+            input.position(limit);
+        } else {
+            bInput = new byte[limit - position];
+            input.get(bInput);
+            bOutput = engineUpdate(bInput, 0, limit - position);
+        }
+        if (output.remaining() < bOutput.length) {
+            throw new ShortBufferException(Messages.getString("crypto.0E")); //$NON-NLS-1$
+        }
+        try {
+            output.put(bOutput);
+        } catch (java.nio.BufferOverflowException e) {
+            throw new ShortBufferException(Messages.getString("crypto.0F", e)); //$NON-NLS-1$
+        }
+        return bOutput.length;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineDoFinal(byte[] input, int inputOffset,
+            int inputLen) throws IllegalBlockSizeException, BadPaddingException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineDoFinal(byte[] input, int inputOffset,
+            int inputLen, byte[] output, int outputOffset)
+            throws ShortBufferException, IllegalBlockSizeException,
+            BadPaddingException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected int engineDoFinal(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException, IllegalBlockSizeException,
+            BadPaddingException {
+        if (input == null) {
+            throw new NullPointerException(Messages.getString("crypto.0C")); //$NON-NLS-1$
+        }
+        if (output == null) {
+            throw new NullPointerException(Messages.getString("crypto.0D")); //$NON-NLS-1$
+        }
+        int position = input.position();
+        int limit = input.limit();
+
+        if ((limit - position) <= 0) {
+            return 0;
+        }
+        byte[] bInput;
+        byte[] bOutput;
+
+        if (input.hasArray()) {
+            bInput = input.array();
+            int offset = input.arrayOffset();
+            bOutput = engineDoFinal(bInput, offset + position, limit - position);
+            input.position(limit);
+        } else {
+            bInput = new byte[limit - position];
+            input.get(bInput);
+            bOutput = engineDoFinal(bInput, 0, limit - position);
+        }
+        if (output.remaining() < bOutput.length) {
+            throw new ShortBufferException(Messages.getString("crypto.0E")); //$NON-NLS-1$
+        }
+        try {
+            output.put(bOutput);
+        } catch (java.nio.BufferOverflowException e) {
+            throw new ShortBufferException(Messages.getString("crypto.0F", e)); //$NON-NLS-1$
+        }
+        return bOutput.length;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected byte[] engineWrap(Key key) throws IllegalBlockSizeException,
+            InvalidKeyException {
+        throw new UnsupportedOperationException(
+                Messages.getString("crypto.10")); //$NON-NLS-1$
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+            int wrappedKeyType) throws InvalidKeyException,
+            NoSuchAlgorithmException {
+        throw new UnsupportedOperationException(
+                Messages.getString("crypto.11")); //$NON-NLS-1$
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected int engineGetKeySize(Key key) throws InvalidKeyException {
+        throw new UnsupportedOperationException(
+                Messages.getString("crypto.12")); //$NON-NLS-1$
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/EncryptedPrivateKeyInfo.java b/crypto/src/main/java/javax/crypto/EncryptedPrivateKeyInfo.java
new file mode 100644
index 0000000..2887794
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/EncryptedPrivateKeyInfo.java
@@ -0,0 +1,437 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vladimir N. Molotkov, Stepan M. Mishura
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.io.IOException;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.PKCS8EncodedKeySpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.asn1.ASN1Any;
+import org.apache.harmony.security.asn1.ASN1Implicit;
+import org.apache.harmony.security.asn1.ASN1Integer;
+import org.apache.harmony.security.asn1.ASN1OctetString;
+import org.apache.harmony.security.asn1.ASN1Sequence;
+import org.apache.harmony.security.asn1.ASN1SetOf;
+import org.apache.harmony.security.asn1.ASN1Type;
+import org.apache.harmony.security.utils.AlgNameMapper;
+import org.apache.harmony.security.x509.AlgorithmIdentifier;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class EncryptedPrivateKeyInfo {
+    // Encryption algorithm name
+    private String algName;
+    // Encryption algorithm parameters
+    private final AlgorithmParameters algParameters;
+    // Encrypted private key data
+    private final byte[] encryptedData;
+    // Encryption algorithm OID
+    private String oid;
+    // This EncryptedPrivateKeyInfo ASN.1 DER encoding
+    private volatile byte[] encoded;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public EncryptedPrivateKeyInfo(byte[] encoded)
+            throws IOException {
+        if (encoded == null) {
+            throw new NullPointerException(Messages.getString("crypto.22")); //$NON-NLS-1$
+        }
+        this.encoded = new byte[encoded.length];
+        System.arraycopy(encoded, 0, this.encoded, 0, encoded.length);
+        Object[] values;
+            
+        values = (Object[])asn1.decode(encoded);
+
+        AlgorithmIdentifier aId = (AlgorithmIdentifier) values[0];
+
+        algName = aId.getAlgorithm();
+        // algName == oid now
+        boolean mappingExists = mapAlgName();
+        // algName == name from map oid->name if mapping exists, or
+        // algName == oid if mapping does not exist
+
+        AlgorithmParameters aParams = null;
+        byte[] params = aId.getParameters();
+        if (params != null && !isNullValue(params)) {
+            try {
+                aParams = AlgorithmParameters.getInstance(algName);
+                aParams.init(aId.getParameters());
+                if (!mappingExists) {
+                    algName = aParams.getAlgorithm();
+                }
+            } catch (NoSuchAlgorithmException e) {
+            }
+        }
+        algParameters = aParams;
+
+        encryptedData = (byte[]) values[1];
+    }
+
+    private static boolean isNullValue(byte[] toCheck) {
+        return toCheck[0] == 5 && toCheck[1] == 0;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public EncryptedPrivateKeyInfo(String encrAlgName, byte[] encryptedData)
+        throws NoSuchAlgorithmException {
+        if (encrAlgName == null) {
+            throw new NullPointerException(Messages.getString("crypto.23")); //$NON-NLS-1$
+        }
+        this.algName = encrAlgName;
+        if (!mapAlgName()) {
+            throw new NoSuchAlgorithmException(Messages.getString("crypto.24", this.algName)); //$NON-NLS-1$
+        }
+        if (encryptedData == null) {
+            throw new NullPointerException(
+                    Messages.getString("crypto.25")); //$NON-NLS-1$
+        }
+        if (encryptedData.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.26")); //$NON-NLS-1$
+        }
+        this.encryptedData = new byte[encryptedData.length];
+        System.arraycopy(encryptedData, 0,
+                this.encryptedData, 0, encryptedData.length);
+        this.algParameters = null;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public EncryptedPrivateKeyInfo(AlgorithmParameters algParams,
+            byte[] encryptedData)
+        throws NoSuchAlgorithmException {
+        if (algParams == null) {
+            throw new NullPointerException(Messages.getString("crypto.27")); //$NON-NLS-1$
+        }
+        this.algParameters = algParams;
+        if (encryptedData == null) {
+            throw new NullPointerException(
+                    Messages.getString("crypto.25")); //$NON-NLS-1$
+        }
+        if (encryptedData.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.26")); //$NON-NLS-1$
+        }
+        this.encryptedData = new byte[encryptedData.length];
+        System.arraycopy(encryptedData, 0,
+                this.encryptedData, 0, encryptedData.length);
+        this.algName = this.algParameters.getAlgorithm();
+        if (!mapAlgName()) {
+            throw new NoSuchAlgorithmException(Messages.getString("crypto.24", this.algName)); //$NON-NLS-1$
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getAlgName() {
+        return algName;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public AlgorithmParameters getAlgParameters() {
+        return algParameters;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getEncryptedData() {
+        byte[] ret = new byte[encryptedData.length];
+        System.arraycopy(encryptedData, 0, ret, 0, encryptedData.length);
+        return ret;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PKCS8EncodedKeySpec getKeySpec(Cipher cipher)
+        throws InvalidKeySpecException {
+        if (cipher == null) {
+            throw new NullPointerException(Messages.getString("crypto.28")); //$NON-NLS-1$
+        }
+        try {
+            byte[] decryptedData = cipher.doFinal(encryptedData);
+            try {
+                ASN1PrivateKeyInfo.verify(decryptedData);
+            } catch (IOException e1) {
+                throw new InvalidKeySpecException(
+                        Messages.getString("crypto.29")); //$NON-NLS-1$
+            }
+            return new PKCS8EncodedKeySpec(decryptedData);
+        } catch (IllegalStateException e) {
+            throw new InvalidKeySpecException(e.getMessage());
+        } catch (IllegalBlockSizeException e) {
+            throw new InvalidKeySpecException(e.getMessage());
+        } catch (BadPaddingException e) {
+            throw new InvalidKeySpecException(e.getMessage());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PKCS8EncodedKeySpec getKeySpec(Key decryptKey)
+        throws NoSuchAlgorithmException,
+               InvalidKeyException {
+        if (decryptKey == null) {
+            throw new NullPointerException(Messages.getString("crypto.2A")); //$NON-NLS-1$
+        }
+        try {
+            Cipher cipher = Cipher.getInstance(algName);
+            if (algParameters == null) {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey, algParameters);
+            }
+            byte[] decryptedData = cipher.doFinal(encryptedData);
+            try {
+                ASN1PrivateKeyInfo.verify(decryptedData);
+            } catch (IOException e1) {
+                throw new InvalidKeyException(
+                        Messages.getString("crypto.29")); //$NON-NLS-1$
+            }
+            return new PKCS8EncodedKeySpec(decryptedData);
+        } catch (NoSuchPaddingException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (IllegalStateException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (IllegalBlockSizeException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (BadPaddingException e) {
+            throw new InvalidKeyException(e.getMessage());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, String providerName)
+        throws NoSuchProviderException, 
+               NoSuchAlgorithmException,
+               InvalidKeyException {
+        if (decryptKey == null) {
+            throw new NullPointerException(Messages.getString("crypto.2A")); //$NON-NLS-1$
+        }
+        if (providerName == null) {
+            throw new NullPointerException(
+                    Messages.getString("crypto.2B")); //$NON-NLS-1$
+        }
+        try {
+            Cipher cipher = Cipher.getInstance(algName, providerName);
+            if (algParameters == null) {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey, algParameters);
+            }
+            byte[] decryptedData = cipher.doFinal(encryptedData);
+            try {
+                ASN1PrivateKeyInfo.verify(decryptedData);
+            } catch (IOException e1) {
+                throw new InvalidKeyException(
+                        Messages.getString("crypto.29")); //$NON-NLS-1$
+            }
+            return new PKCS8EncodedKeySpec(decryptedData);
+        } catch (NoSuchPaddingException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (IllegalStateException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (IllegalBlockSizeException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (BadPaddingException e) {
+            throw new InvalidKeyException(e.getMessage());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PKCS8EncodedKeySpec getKeySpec(Key decryptKey, Provider provider)
+        throws NoSuchAlgorithmException,
+               InvalidKeyException {
+        if (decryptKey == null) {
+            throw new NullPointerException(Messages.getString("crypto.2A")); //$NON-NLS-1$
+        }
+        if (provider == null) {
+            throw new NullPointerException(Messages.getString("crypto.2C")); //$NON-NLS-1$
+        }
+        try {
+            Cipher cipher = Cipher.getInstance(algName, provider);
+            if (algParameters == null) {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, decryptKey, algParameters);
+            }
+            byte[] decryptedData = cipher.doFinal(encryptedData);
+            try {
+                ASN1PrivateKeyInfo.verify(decryptedData);
+            } catch (IOException e1) {
+                throw new InvalidKeyException(
+                        Messages.getString("crypto.29")); //$NON-NLS-1$
+            }
+            return new PKCS8EncodedKeySpec(decryptedData);
+        } catch (NoSuchPaddingException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new NoSuchAlgorithmException(e.getMessage());
+        } catch (IllegalStateException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (IllegalBlockSizeException e) {
+            throw new InvalidKeyException(e.getMessage());
+        } catch (BadPaddingException e) {
+            throw new InvalidKeyException(e.getMessage());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getEncoded() throws IOException {
+        if (encoded == null) {
+            // Generate ASN.1 encoding:
+            encoded = asn1.encode(this);
+        }
+        byte[] ret = new byte[encoded.length];
+        System.arraycopy(encoded, 0, ret, 0, encoded.length);
+        return ret;
+    }
+
+    // Performs all needed alg name mappings.
+    // Returns 'true' if mapping available 'false' otherwise
+    private boolean mapAlgName() {
+        if (AlgNameMapper.isOID(this.algName)) {
+            // OID provided to the ctor
+            // get rid of possible leading "OID."
+            this.oid = AlgNameMapper.normalize(this.algName);
+            // try to find mapping OID->algName
+            this.algName = AlgNameMapper.map2AlgName(this.oid);
+            // if there is no mapping OID->algName
+            // set OID as algName
+            if (this.algName == null) {
+                this.algName = this.oid;
+            }
+        } else {
+            String stdName = AlgNameMapper.getStandardName(this.algName);
+            // Alg name provided to the ctor
+            // try to find mapping algName->OID or
+            // (algName->stdAlgName)->OID
+            this.oid = AlgNameMapper.map2OID(this.algName);
+            if (this.oid == null) {
+                if (stdName == null) {
+                    // no above mappings available
+                    return false;
+                }
+                this.oid = AlgNameMapper.map2OID(stdName);
+                if (this.oid == null) {
+                    return false;
+                }
+                this.algName = stdName;
+            } else if (stdName != null) {
+                this.algName = stdName;
+            }
+        }
+        return true;
+    }
+
+    //
+    // EncryptedPrivateKeyInfo DER encoder/decoder.
+    // EncryptedPrivateKeyInfo ASN.1 definition
+    // (as defined in PKCS #8: Private-Key Information Syntax Standard
+    //  http://www.ietf.org/rfc/rfc2313.txt)
+    //
+    // EncryptedPrivateKeyInfo ::=  SEQUENCE {
+    //      encryptionAlgorithm   AlgorithmIdentifier,
+    //      encryptedData   OCTET STRING }
+    //
+
+    private static final byte[] nullParam = new byte[] { 5, 0 };
+    
+    private static final ASN1Sequence asn1 = new ASN1Sequence(new ASN1Type[] {
+            AlgorithmIdentifier.ASN1, ASN1OctetString.getInstance() }) {
+
+                @Override
+                protected void getValues(Object object, Object[] values) {
+        
+                    EncryptedPrivateKeyInfo epki = (EncryptedPrivateKeyInfo) object;
+        
+                    try {
+                        byte[] algParmsEncoded = (epki.algParameters == null) ? nullParam
+                                : epki.algParameters.getEncoded();
+                        values[0] = new AlgorithmIdentifier(epki.oid, algParmsEncoded);
+                        values[1] = epki.encryptedData;
+                    } catch (IOException e) {
+                        throw new RuntimeException(e.getMessage());
+                    }
+                }
+    };
+
+    // PrivateKeyInfo DER decoder.
+    // PrivateKeyInfo ASN.1 definition
+    // (as defined in PKCS #8: Private-Key Information Syntax Standard
+    //  http://www.ietf.org/rfc/rfc2313.txt)
+    //
+    // 
+    //    PrivateKeyInfo ::= SEQUENCE {
+    //        version Version,
+    //        privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+    //        privateKey PrivateKey,
+    //        attributes [0] IMPLICIT Attributes OPTIONAL }
+    //
+    //      Version ::= INTEGER
+    //
+    //      PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+    //
+    //      PrivateKey ::= OCTET STRING
+    //
+    //      Attributes ::= SET OF Attribute
+
+    private static final ASN1SetOf ASN1Attributes = new ASN1SetOf(ASN1Any.getInstance());
+
+    private static final ASN1Sequence ASN1PrivateKeyInfo = new ASN1Sequence(
+            new ASN1Type[] { ASN1Integer.getInstance(), AlgorithmIdentifier.ASN1,
+                    ASN1OctetString.getInstance(),
+                    new ASN1Implicit(0, ASN1Attributes) }) {
+        {
+            setOptional(3); //attributes are optional
+        }
+    };
+}
diff --git a/crypto/src/main/java/javax/crypto/ExemptionMechanism.java b/crypto/src/main/java/javax/crypto/ExemptionMechanism.java
new file mode 100644
index 0000000..349a190
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/ExemptionMechanism.java
@@ -0,0 +1,193 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+public class ExemptionMechanism {
+
+    // Used to access common engine functionality
+    private static final Engine engine = new Engine("ExemptionMechanism");
+
+    // Store used provider
+    private final Provider provider;
+
+    // Store used spi implementation
+    private final ExemptionMechanismSpi spiImpl;
+
+    // Store mechanism name
+    private final String mechanism;
+
+    // Store state (initialized or not)
+    private boolean isInit;
+
+    // Store initKey value
+    private Key initKey;
+
+    // Indicates if blob generated successfully
+    private boolean generated;
+
+    protected ExemptionMechanism(ExemptionMechanismSpi exmechSpi,
+            Provider provider, String mechanism) {
+        this.mechanism = mechanism;
+        this.spiImpl = exmechSpi;
+        this.provider = provider;
+        isInit = false;
+    }
+
+    public final String getName() {
+        return mechanism;
+    }
+
+    public static final ExemptionMechanism getInstance(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, null);
+            return new ExemptionMechanism((ExemptionMechanismSpi) engine.spi,
+                    engine.provider, algorithm);
+        }
+    }
+
+    public static final ExemptionMechanism getInstance(String algorithm,
+            String provider) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        Provider impProvider = Security.getProvider(provider);
+        if (impProvider == null) {
+            throw new NoSuchProviderException(provider);
+        }
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        return getInstance(algorithm, impProvider);
+    }
+
+    public static final ExemptionMechanism getInstance(String algorithm,
+            Provider provider) throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, provider, null);
+            return new ExemptionMechanism((ExemptionMechanismSpi) engine.spi,
+                    provider, algorithm);
+        }
+    }
+
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    public final boolean isCryptoAllowed(Key key)
+            throws ExemptionMechanismException {
+
+        if (generated
+                && (initKey.equals(key) || Arrays.equals(initKey.getEncoded(),
+                        key.getEncoded()))) {
+            return true;
+        }
+        return false;
+    }
+
+    public final int getOutputSize(int inputLen) throws IllegalStateException {
+        if (!isInit) {
+            throw new IllegalStateException(Messages.getString("crypto.2D"));
+        }
+        return spiImpl.engineGetOutputSize(inputLen);
+    }
+
+    public final void init(Key key) throws InvalidKeyException,
+            ExemptionMechanismException {
+        generated = false;
+        spiImpl.engineInit(key);
+        initKey = key;
+        isInit = true;
+    }
+
+    public final void init(Key key, AlgorithmParameters param)
+            throws InvalidKeyException, InvalidAlgorithmParameterException,
+            ExemptionMechanismException {
+        generated = false;
+        spiImpl.engineInit(key, param);
+        initKey = key;
+        isInit = true;
+    }
+
+    public final void init(Key key, AlgorithmParameterSpec param)
+            throws InvalidKeyException, InvalidAlgorithmParameterException,
+            ExemptionMechanismException {
+        generated = false;
+        spiImpl.engineInit(key, param);
+        initKey = key;
+        isInit = true;
+    }
+
+    public final byte[] genExemptionBlob() throws IllegalStateException,
+            ExemptionMechanismException {
+        if (!isInit) {
+            throw new IllegalStateException(Messages.getString("crypto.2D"));
+        }
+        generated = false;
+        byte[] result = spiImpl.engineGenExemptionBlob();
+        generated = true;
+        return result;
+    }
+
+    public final int genExemptionBlob(byte[] output)
+            throws IllegalStateException, ShortBufferException,
+            ExemptionMechanismException {
+        return genExemptionBlob(output, 0);
+    }
+
+    public final int genExemptionBlob(byte[] output, int outputOffset)
+            throws IllegalStateException, ShortBufferException,
+            ExemptionMechanismException {
+        if (!isInit) {
+            throw new IllegalStateException(Messages.getString("crypto.2D"));
+        }
+        generated = false;
+        int len = spiImpl.engineGenExemptionBlob(output, outputOffset);
+        generated = true;
+        return len;
+    }
+
+    @Override
+    protected void finalize() {
+        initKey = null;
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/ExemptionMechanismException.java b/crypto/src/main/java/javax/crypto/ExemptionMechanismException.java
new file mode 100644
index 0000000..1c1ba2c
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/ExemptionMechanismException.java
@@ -0,0 +1,52 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class ExemptionMechanismException extends GeneralSecurityException {
+
+    /**
+     * @serial
+     */
+    private static final long serialVersionUID = 1572699429277957109L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public ExemptionMechanismException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public ExemptionMechanismException() {
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/ExemptionMechanismSpi.java b/crypto/src/main/java/javax/crypto/ExemptionMechanismSpi.java
new file mode 100644
index 0000000..d4865b1
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/ExemptionMechanismSpi.java
@@ -0,0 +1,86 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public abstract class ExemptionMechanismSpi {
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public ExemptionMechanismSpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineGenExemptionBlob()
+            throws ExemptionMechanismException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGenExemptionBlob(byte[] output,
+            int outputOffset) throws ShortBufferException,
+            ExemptionMechanismException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGetOutputSize(int inputLen);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key) throws InvalidKeyException,
+            ExemptionMechanismException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key, AlgorithmParameters params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException,
+            ExemptionMechanismException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException,
+            ExemptionMechanismException;
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/HmacSpi.java b/crypto/src/main/java/javax/crypto/HmacSpi.java
new file mode 100644
index 0000000..54862d0
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/HmacSpi.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2007 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package javax.crypto;
+
+import java.io.ByteArrayOutputStream;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.spec.AlgorithmParameterSpec;
+
+
+/**
+ * Internal class implementing HMAC
+ */
+class HmacSpi extends MacSpi
+{
+    protected byte[] engineDoFinal()
+    {
+        byte[] result = native_compute_sha1_hmac(mKey.getEncoded(), mData.toByteArray());
+        engineReset();
+        return result;
+    }
+
+    protected int engineGetMacLength()
+    {
+        throw new UnsupportedOperationException("Not implemented");
+    }
+
+    protected void engineInit(Key key, AlgorithmParameterSpec params)
+                            throws InvalidKeyException, InvalidAlgorithmParameterException
+    {
+        mKey = key;
+        mData = null;
+    }
+
+    protected void engineReset()
+    {
+        synchronized (mSync) {
+            mData = null;
+        }
+    }
+
+    protected void engineUpdate(byte input)
+    {
+        synchronized (mSync) {
+            if (mData == null) {
+                mData = new ByteArrayOutputStream();
+            }
+            mData.write(input);
+        }
+    }
+
+    protected void engineUpdate(byte[] input, int offset, int len)
+    {
+        synchronized (mSync) {
+            if (mData == null) {
+                mData = new ByteArrayOutputStream();
+            }
+            mData.write(input, offset, len);
+        }
+    }
+
+    private native byte[] native_compute_sha1_hmac(byte[] key, byte[] data);
+
+    private Key mKey;
+    private ByteArrayOutputStream mData;
+    private Object mSync = new Object();
+}
+
diff --git a/crypto/src/main/java/javax/crypto/IllegalBlockSizeException.java b/crypto/src/main/java/javax/crypto/IllegalBlockSizeException.java
new file mode 100644
index 0000000..9a6c4d1
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/IllegalBlockSizeException.java
@@ -0,0 +1,52 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class IllegalBlockSizeException extends GeneralSecurityException {
+
+    /**
+     * @serial
+     */
+    private static final long serialVersionUID = -1965144811953540392L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public IllegalBlockSizeException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public IllegalBlockSizeException() {
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/KeyAgreement.java b/crypto/src/main/java/javax/crypto/KeyAgreement.java
new file mode 100644
index 0000000..3a23181
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/KeyAgreement.java
@@ -0,0 +1,212 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+
+public class KeyAgreement {
+
+    // Used to access common engine functionality
+    private static final Engine engine = new Engine("KeyAgreement"); //$NON-NLS-1$
+
+    // Store SecureRandom
+    private static final SecureRandom rndm = new SecureRandom();
+
+    // Store used provider
+    private final Provider provider;
+
+    // Store used spi implementation
+    private final KeyAgreementSpi spiImpl;
+
+    // Store used algorithm name
+    private final String algorithm;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected KeyAgreement(KeyAgreementSpi keyAgreeSpi, Provider provider,
+            String algorithm) {
+        this.provider = provider;
+        this.algorithm = algorithm;
+        this.spiImpl = keyAgreeSpi;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyAgreement getInstance(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, null);
+            return new KeyAgreement((KeyAgreementSpi) engine.spi, engine.provider,
+                    algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyAgreement getInstance(String algorithm,
+            String provider) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        if ((provider == null) || (provider.length() == 0)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.03")); //$NON-NLS-1$
+        }
+        Provider impProvider = Security.getProvider(provider);
+        if (impProvider == null) {
+            throw new NoSuchProviderException(provider);
+        }
+        return getInstance(algorithm, impProvider);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyAgreement getInstance(String algorithm,
+            Provider provider) throws NoSuchAlgorithmException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, provider, null);
+            return new KeyAgreement((KeyAgreementSpi) engine.spi, provider,
+                    algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key) throws InvalidKeyException {
+        spiImpl.engineInit(key, rndm);//new SecureRandom());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key, SecureRandom random)
+            throws InvalidKeyException {
+        spiImpl.engineInit(key, random);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key, AlgorithmParameterSpec params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+        spiImpl.engineInit(key, params, rndm);//new SecureRandom());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key, AlgorithmParameterSpec params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException {
+        spiImpl.engineInit(key, params, random);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Key doPhase(Key key, boolean lastPhase)
+            throws InvalidKeyException, IllegalStateException {
+        return spiImpl.engineDoPhase(key, lastPhase);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] generateSecret() throws IllegalStateException {
+        return spiImpl.engineGenerateSecret();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int generateSecret(byte[] sharedSecret, int offset)
+            throws IllegalStateException, ShortBufferException {
+        return spiImpl.engineGenerateSecret(sharedSecret, offset);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final SecretKey generateSecret(String algorithm)
+            throws IllegalStateException, NoSuchAlgorithmException,
+            InvalidKeyException {
+        return spiImpl.engineGenerateSecret(algorithm);
+    }
+
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/KeyAgreementSpi.java b/crypto/src/main/java/javax/crypto/KeyAgreementSpi.java
new file mode 100644
index 0000000..23a536b
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/KeyAgreementSpi.java
@@ -0,0 +1,88 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public abstract class KeyAgreementSpi {
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+
+    public KeyAgreementSpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract Key engineDoPhase(Key key, boolean lastPhase)
+            throws InvalidKeyException, IllegalStateException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineGenerateSecret()
+            throws IllegalStateException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGenerateSecret(byte[] sharedSecret, int offset)
+            throws IllegalStateException, ShortBufferException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract SecretKey engineGenerateSecret(String algorithm)
+            throws IllegalStateException, NoSuchAlgorithmException,
+            InvalidKeyException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key, SecureRandom random)
+            throws InvalidKeyException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key, AlgorithmParameterSpec params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException;
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/KeyGenerator.java b/crypto/src/main/java/javax/crypto/KeyGenerator.java
new file mode 100644
index 0000000..0f952b8
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/KeyGenerator.java
@@ -0,0 +1,187 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.SecureRandom;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+
+public class KeyGenerator {
+
+    // Used to access common engine functionality
+    private static final Engine engine = new Engine("KeyGenerator"); //$NON-NLS-1$
+
+    // Store SecureRandom
+    private static final SecureRandom rndm = new SecureRandom();
+
+    // Store used provider
+    private final Provider provider;
+
+    // Store used spi implementation
+    private final KeyGeneratorSpi spiImpl;
+
+    // Store used algorithm name
+    private final String algorithm;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected KeyGenerator(KeyGeneratorSpi keyGenSpi, Provider provider,
+            String algorithm) {
+        this.provider = provider;
+        this.algorithm = algorithm;
+        this.spiImpl = keyGenSpi;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyGenerator getInstance(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, null);
+            return new KeyGenerator((KeyGeneratorSpi) engine.spi, engine.provider,
+                    algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyGenerator getInstance(String algorithm,
+            String provider) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        if ((provider == null) || (provider.length() == 0)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.03")); //$NON-NLS-1$
+        }
+        Provider impProvider = Security.getProvider(provider);
+        if (impProvider == null) {
+            throw new NoSuchProviderException(provider);
+        }
+        return getInstance(algorithm, impProvider);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final KeyGenerator getInstance(String algorithm,
+            Provider provider) throws NoSuchAlgorithmException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, provider, null);
+            return new KeyGenerator((KeyGeneratorSpi) engine.spi, provider,
+                    algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final SecretKey generateKey() {
+        return spiImpl.engineGenerateKey();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(AlgorithmParameterSpec params)
+            throws InvalidAlgorithmParameterException {
+        spiImpl.engineInit(params, rndm);//new SecureRandom());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(AlgorithmParameterSpec params, SecureRandom random)
+            throws InvalidAlgorithmParameterException {
+        spiImpl.engineInit(params, random);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int keysize) {
+        spiImpl.engineInit(keysize, rndm);//new SecureRandom());
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(int keysize, SecureRandom random) {
+        spiImpl.engineInit(keysize, random);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(SecureRandom random) {
+        spiImpl.engineInit(random);
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/KeyGeneratorSpi.java b/crypto/src/main/java/javax/crypto/KeyGeneratorSpi.java
new file mode 100644
index 0000000..46dd78f
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/KeyGeneratorSpi.java
@@ -0,0 +1,65 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public abstract class KeyGeneratorSpi {
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public KeyGeneratorSpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract SecretKey engineGenerateKey();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(AlgorithmParameterSpec params,
+            SecureRandom random) throws InvalidAlgorithmParameterException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(int keysize, SecureRandom random);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(SecureRandom random);
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/Mac.java b/crypto/src/main/java/javax/crypto/Mac.java
new file mode 100644
index 0000000..c609310
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/Mac.java
@@ -0,0 +1,308 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.nio.ByteBuffer;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+
+public class Mac implements Cloneable {
+
+    //Used to access common engine functionality
+    private static final Engine engine = new Engine("Mac"); //$NON-NLS-1$
+
+    // Store used provider
+    private final Provider provider;
+
+    // Store used spi implementation
+    private final MacSpi spiImpl;
+
+    // Store used algorithm name
+    private final String algorithm;
+
+    // Store Mac state (initialized or not initialized)
+    private boolean isInitMac;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected Mac(MacSpi macSpi, Provider provider, String algorithm) {
+        this.provider = provider;
+        this.algorithm = algorithm;
+        this.spiImpl = macSpi;
+        this.isInitMac = false;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     * throws NullPointerException if algorithm is null (instead of
+     * NoSuchAlgorithmException as in 1.4 release)
+     */
+    public static final Mac getInstance(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, null);
+            return new Mac((MacSpi) engine.spi, engine.provider, algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     * throws NullPointerException if algorithm is null (instead of
+     * NoSuchAlgorithmException as in 1.4 release)
+     */
+    public static final Mac getInstance(String algorithm, String provider)
+            throws NoSuchAlgorithmException, NoSuchProviderException {
+        if ((provider == null) || (provider.length() == 0)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.03")); //$NON-NLS-1$
+        }
+        Provider impProvider = Security.getProvider(provider);
+        if (impProvider == null) {
+            throw new NoSuchProviderException(provider);
+        }
+        return getInstance(algorithm, impProvider);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     * throws NullPointerException if algorithm is null (instead of
+     * NoSuchAlgorithmException as in 1.4 release)
+     */
+    public static final Mac getInstance(String algorithm, Provider provider)
+            throws NoSuchAlgorithmException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, provider, null);
+            return new Mac((MacSpi) engine.spi, provider, algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final int getMacLength() {
+        return spiImpl.engineGetMacLength();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key, AlgorithmParameterSpec params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (key == null) {
+            throw new InvalidKeyException(Messages.getString("crypto.05")); //$NON-NLS-1$
+        }
+        spiImpl.engineInit(key, params);
+        isInitMac = true;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void init(Key key) throws InvalidKeyException {
+        if (key == null) {
+            throw new InvalidKeyException(Messages.getString("crypto.05")); //$NON-NLS-1$
+        }
+        try {
+            spiImpl.engineInit(key, null);
+            isInitMac = true;
+        } catch (InvalidAlgorithmParameterException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void update(byte input) throws IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        spiImpl.engineUpdate(input);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void update(byte[] input, int offset, int len)
+            throws IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        if (input == null) {
+            return;
+        }
+        if ((offset < 0) || (len < 0) || ((offset + len) > input.length)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.06")); //$NON-NLS-1$
+        }
+        spiImpl.engineUpdate(input, offset, len);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void update(byte[] input) throws IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        if (input != null) {
+            spiImpl.engineUpdate(input, 0, input.length);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void update(ByteBuffer input) {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        if (input != null) {
+            spiImpl.engineUpdate(input);
+        } else {
+            throw new IllegalArgumentException(Messages.getString("crypto.07")); //$NON-NLS-1$
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] doFinal() throws IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        return spiImpl.engineDoFinal();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void doFinal(byte[] output, int outOffset)
+            throws ShortBufferException, IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.01"));
+        }
+        if (output == null) {
+            throw new ShortBufferException(Messages.getString("crypto.08")); //$NON-NLS-1$
+        }
+        if ((outOffset < 0) || (outOffset >= output.length)) {
+            throw new ShortBufferException(Messages.getString("crypto.09", //$NON-NLS-1$
+                    Integer.toString(outOffset)));
+        }
+        int t = spiImpl.engineGetMacLength();
+        if (t > (output.length - outOffset)) {
+            throw new ShortBufferException(
+                    Messages.getString("crypto.0A", //$NON-NLS-1$
+                            Integer.toString(t))); 
+        }
+        byte[] result = spiImpl.engineDoFinal();
+        System.arraycopy(result, 0, output, outOffset, result.length);
+
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final byte[] doFinal(byte[] input) throws IllegalStateException {
+        if (!isInitMac) {
+            throw new IllegalStateException(Messages.getString("crypto.0B")); //$NON-NLS-1$
+        }
+        if (input != null) {
+            spiImpl.engineUpdate(input, 0, input.length);
+        }
+        return spiImpl.engineDoFinal();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final void reset() {
+        spiImpl.engineReset();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    @Override
+    public final Object clone() throws CloneNotSupportedException {
+        MacSpi newSpiImpl = (MacSpi)spiImpl.clone(); 
+        Mac mac = new Mac(newSpiImpl, this.provider, this.algorithm);
+        mac.isInitMac = this.isInitMac; 
+        return mac;
+    }
+}
diff --git a/crypto/src/main/java/javax/crypto/MacSpi.java b/crypto/src/main/java/javax/crypto/MacSpi.java
new file mode 100644
index 0000000..b02560d
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/MacSpi.java
@@ -0,0 +1,112 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.Key;
+import java.security.InvalidKeyException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.spec.AlgorithmParameterSpec;
+import java.nio.ByteBuffer;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+
+public abstract class MacSpi {
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public MacSpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract int engineGetMacLength();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineInit(Key key, AlgorithmParameterSpec params)
+            throws InvalidKeyException, InvalidAlgorithmParameterException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineUpdate(byte input);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineUpdate(byte[] input, int offset, int len);
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected void engineUpdate(ByteBuffer input) {
+        if (!input.hasRemaining()) {
+            return;
+        }
+        byte[] bInput;
+        if (input.hasArray()) {
+            bInput = input.array();
+            int offset = input.arrayOffset();
+            int position = input.position();
+            int limit = input.limit();
+            engineUpdate(bInput, offset + position, limit - position);
+            input.position(limit);
+        } else {
+            bInput = new byte[input.limit() - input.position()];
+            input.get(bInput);
+            engineUpdate(bInput, 0, bInput.length);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract byte[] engineDoFinal();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract void engineReset();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    @Override
+    public Object clone() throws CloneNotSupportedException {
+        return super.clone();
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/NoSuchPaddingException.java b/crypto/src/main/java/javax/crypto/NoSuchPaddingException.java
new file mode 100644
index 0000000..0fb196f
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/NoSuchPaddingException.java
@@ -0,0 +1,52 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class NoSuchPaddingException extends GeneralSecurityException {
+
+    /**
+     * @serial
+     */
+    private static final long serialVersionUID = -4572885201200175466L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public NoSuchPaddingException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public NoSuchPaddingException() {
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/NullCipher.java b/crypto/src/main/java/javax/crypto/NullCipher.java
new file mode 100644
index 0000000..34b3e85
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/NullCipher.java
@@ -0,0 +1,50 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Boris V. Kuznetsov
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.SecureRandom;
+
+import org.apache.harmony.crypto.internal.NullCipherSpi;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ *
+ */
+public class NullCipher extends Cipher {
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public NullCipher() {
+        super(new NullCipherSpi(), null, null);
+        try {
+            this.init(Cipher.ENCRYPT_MODE, (Key)null, (SecureRandom)null);    
+        } catch (InvalidKeyException e) {        
+        }
+    }
+    
+}
diff --git a/crypto/src/main/java/javax/crypto/SealedObject.java b/crypto/src/main/java/javax/crypto/SealedObject.java
new file mode 100644
index 0000000..65b60e4
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/SealedObject.java
@@ -0,0 +1,221 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class SealedObject implements Serializable {
+
+    // the value of this field was derived by using serialver utility
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    private static final long serialVersionUID = 4482838265551344752L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    protected byte[] encodedParams;
+    private byte[] encryptedContent;
+    private String sealAlg;
+    private String paramsAlg;
+
+    private void readObject(ObjectInputStream s)
+                throws IOException, ClassNotFoundException {
+        encodedParams = (byte []) s.readUnshared();
+        encryptedContent = (byte []) s.readUnshared();
+        sealAlg = (String) s.readUnshared();
+        paramsAlg = (String) s.readUnshared();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public SealedObject(Serializable object, Cipher c)
+                throws IOException, IllegalBlockSizeException {
+        if (c == null) {
+            throw new NullPointerException(Messages.getString("crypto.13")); //$NON-NLS-1$
+        }
+        try {
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            ObjectOutputStream oos = new ObjectOutputStream(bos);
+            oos.writeObject(object);
+            oos.flush();
+            AlgorithmParameters ap = c.getParameters();
+            this.encodedParams = (ap == null) ? null : ap.getEncoded();
+            this.paramsAlg = (ap == null) ? null : ap.getAlgorithm();
+            this.sealAlg = c.getAlgorithm();
+            this.encryptedContent = c.doFinal(bos.toByteArray());
+        } catch (BadPaddingException e) {
+            // should be never thrown because the cipher
+            // should be initialized for encryption
+            throw new IOException(e.toString());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    protected SealedObject(SealedObject so) {
+        if (so == null) {
+            throw new NullPointerException(Messages.getString("crypto.14")); //$NON-NLS-1$
+        }
+        this.encryptedContent = so.encryptedContent;
+        this.encodedParams = so.encodedParams;
+        this.sealAlg = so.sealAlg;
+        this.paramsAlg = so.paramsAlg;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final String getAlgorithm() {
+        return sealAlg;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final Object getObject(Key key)
+                throws IOException, ClassNotFoundException,
+                       NoSuchAlgorithmException, InvalidKeyException {
+        try {
+            Cipher cipher = Cipher.getInstance(sealAlg);
+            if ((paramsAlg != null) && (paramsAlg.length() != 0)) {
+                AlgorithmParameters params =
+                    AlgorithmParameters.getInstance(paramsAlg);
+                params.init(encodedParams);
+                cipher.init(Cipher.DECRYPT_MODE, key, params);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, key);
+            }
+            byte[] serialized = cipher.doFinal(encryptedContent);
+            ObjectInputStream ois =
+                    new ObjectInputStream(
+                            new ByteArrayInputStream(serialized));
+            return ois.readObject();
+        } catch (NoSuchPaddingException e)  {
+            // should not be thrown because cipher text was made
+            // with existing padding
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (InvalidAlgorithmParameterException e) {
+            // should not be thrown because cipher text was made
+            // with correct algorithm parameters
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (IllegalBlockSizeException e) {
+            // should not be thrown because the cipher text
+            // was correctly made
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (BadPaddingException e) {
+            // should not be thrown because the cipher text
+            // was correctly made
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (IllegalStateException  e) {
+            // should never be thrown because cipher is initialized
+            throw new NoSuchAlgorithmException(e.toString());
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final Object getObject(Cipher c)
+                throws IOException, ClassNotFoundException,
+                       IllegalBlockSizeException, BadPaddingException {
+        if (c == null) {
+            throw new NullPointerException(Messages.getString("crypto.13")); //$NON-NLS-1$
+        }
+        byte[] serialized = c.doFinal(encryptedContent);
+        ObjectInputStream ois =
+                new ObjectInputStream(
+                        new ByteArrayInputStream(serialized));
+        return ois.readObject();
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final Object getObject(Key key, String provider)
+                throws IOException, ClassNotFoundException,
+                       NoSuchAlgorithmException, NoSuchProviderException,
+                       InvalidKeyException {
+        if ((provider == null) || (provider.length() == 0)) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.15")); //$NON-NLS-1$
+        }
+        try {
+            Cipher cipher = Cipher.getInstance(sealAlg, provider);
+            if ((paramsAlg != null) && (paramsAlg.length() != 0)) {
+                AlgorithmParameters params =
+                    AlgorithmParameters.getInstance(paramsAlg);
+                params.init(encodedParams);
+                cipher.init(Cipher.DECRYPT_MODE, key, params);
+            } else {
+                cipher.init(Cipher.DECRYPT_MODE, key);
+            }
+            byte[] serialized = cipher.doFinal(encryptedContent);
+            ObjectInputStream ois =
+                    new ObjectInputStream(
+                            new ByteArrayInputStream(serialized));
+            return ois.readObject();
+        } catch (NoSuchPaddingException e)  {
+            // should not be thrown because cipher text was made
+            // with existing padding
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (InvalidAlgorithmParameterException e) {
+            // should not be thrown because cipher text was made
+            // with correct algorithm parameters
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (IllegalBlockSizeException e) {
+            // should not be thrown because the cipher text
+            // was correctly made
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (BadPaddingException e) {
+            // should not be thrown because the cipher text
+            // was correctly made
+            throw new NoSuchAlgorithmException(e.toString());
+        } catch (IllegalStateException  e) {
+            // should never be thrown because cipher is initialized
+            throw new NoSuchAlgorithmException(e.toString());
+        }
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/SecretKey.java b/crypto/src/main/java/javax/crypto/SecretKey.java
new file mode 100644
index 0000000..3c10cda
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/SecretKey.java
@@ -0,0 +1,39 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.Key;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public interface SecretKey extends Key {
+
+    /**
+     * @com.intel.drl.spec_ref
+     * @serial
+     *  
+     */
+    public static final long serialVersionUID = -4795878709595146952L;
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/SecretKeyFactory.java b/crypto/src/main/java/javax/crypto/SecretKeyFactory.java
new file mode 100644
index 0000000..adeb456
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/SecretKeyFactory.java
@@ -0,0 +1,162 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+import org.apache.harmony.security.fortress.Engine;
+
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class SecretKeyFactory {
+
+    // Used to access common engine functionality
+    private static final Engine engine = new Engine("SecretKeyFactory"); //$NON-NLS-1$
+
+    // Store used provider
+    private final Provider provider;
+
+    // Store used spi implementation
+    private final SecretKeyFactorySpi spiImpl;
+
+    // Store used algorithm name
+    private final String algorithm;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected SecretKeyFactory(SecretKeyFactorySpi keyFacSpi,
+            Provider provider, String algorithm) {
+        this.provider = provider;
+        this.algorithm = algorithm;
+        this.spiImpl = keyFacSpi;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final Provider getProvider() {
+        return provider;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final SecretKeyFactory getInstance(String algorithm)
+            throws NoSuchAlgorithmException {
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, null);
+            return new SecretKeyFactory((SecretKeyFactorySpi) engine.spi,
+                    engine.provider, algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final SecretKeyFactory getInstance(String algorithm,
+            String provider) throws NoSuchAlgorithmException,
+            NoSuchProviderException {
+        if ((provider == null) || (provider.length() == 0)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.03")); //$NON-NLS-1$
+        }
+        Provider impProvider = Security.getProvider(provider);
+        if (impProvider == null) {
+            throw new NoSuchProviderException(provider);
+        }
+        return getInstance(algorithm, impProvider);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public static final SecretKeyFactory getInstance(String algorithm,
+            Provider provider) throws NoSuchAlgorithmException {
+        if (provider == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.04")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new NullPointerException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        synchronized (engine) {
+            engine.getInstance(algorithm, provider, null);
+            return new SecretKeyFactory((SecretKeyFactorySpi) engine.spi, provider,
+                    algorithm);
+        }
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final SecretKey generateSecret(KeySpec keySpec)
+            throws InvalidKeySpecException {
+        return spiImpl.engineGenerateSecret(keySpec);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    @SuppressWarnings("unchecked")
+    public final KeySpec getKeySpec(SecretKey key, Class keySpec)
+            throws InvalidKeySpecException {
+        return spiImpl.engineGetKeySpec(key, keySpec);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public final SecretKey translateKey(SecretKey key)
+            throws InvalidKeyException {
+        return spiImpl.engineTranslateKey(key);
+
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/SecretKeyFactorySpi.java b/crypto/src/main/java/javax/crypto/SecretKeyFactorySpi.java
new file mode 100644
index 0000000..d72f6d5
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/SecretKeyFactorySpi.java
@@ -0,0 +1,63 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.InvalidKeyException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.KeySpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public abstract class SecretKeyFactorySpi {
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public SecretKeyFactorySpi() {
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract SecretKey engineGenerateSecret(KeySpec keySpec)
+            throws InvalidKeySpecException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    @SuppressWarnings("unchecked")
+    protected abstract KeySpec engineGetKeySpec(SecretKey key, Class keySpec)
+            throws InvalidKeySpecException;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    protected abstract SecretKey engineTranslateKey(SecretKey key)
+            throws InvalidKeyException;
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/ShortBufferException.java b/crypto/src/main/java/javax/crypto/ShortBufferException.java
new file mode 100644
index 0000000..d1e44a8
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/ShortBufferException.java
@@ -0,0 +1,52 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public class ShortBufferException extends GeneralSecurityException {
+
+    /**
+     * @serial
+     */
+    private static final long serialVersionUID = 8427718640832943747L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public ShortBufferException(String msg) {
+        super(msg);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     * 
+     */
+    public ShortBufferException() {
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/interfaces/DHKey.java b/crypto/src/main/java/javax/crypto/interfaces/DHKey.java
new file mode 100644
index 0000000..f128033
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/interfaces/DHKey.java
@@ -0,0 +1,39 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto.interfaces;
+
+import javax.crypto.spec.DHParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public interface DHKey {
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public DHParameterSpec getParams();
+}
+
diff --git a/crypto/src/main/java/javax/crypto/interfaces/DHPrivateKey.java b/crypto/src/main/java/javax/crypto/interfaces/DHPrivateKey.java
new file mode 100644
index 0000000..7eda7d4
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/interfaces/DHPrivateKey.java
@@ -0,0 +1,46 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PrivateKey;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public interface DHPrivateKey extends DHKey, PrivateKey {
+
+    /**
+     * @com.intel.drl.spec_ref
+     * @serial
+     */
+    public static final long serialVersionUID = 2211791113380396553L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public BigInteger getX();
+
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/interfaces/DHPublicKey.java b/crypto/src/main/java/javax/crypto/interfaces/DHPublicKey.java
new file mode 100644
index 0000000..4d3fb6a
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/interfaces/DHPublicKey.java
@@ -0,0 +1,45 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto.interfaces;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public interface DHPublicKey extends DHKey, PublicKey {
+
+    /**
+     * @com.intel.drl.spec_ref
+     * @serial
+     */
+    public static final long serialVersionUID = -6628103563352519193L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public BigInteger getY();
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/interfaces/PBEKey.java b/crypto/src/main/java/javax/crypto/interfaces/PBEKey.java
new file mode 100644
index 0000000..991a4c0
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/interfaces/PBEKey.java
@@ -0,0 +1,57 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Vera Y. Petrashkova
+* @version $Revision$
+*/
+
+package javax.crypto.interfaces;
+
+import javax.crypto.SecretKey;
+
+/**
+ * @com.intel.drl.spec_ref
+ * 
+ */
+public interface PBEKey extends SecretKey {
+
+    /**
+     * @com.intel.drl.spec_ref
+     * @serial
+     */
+    public static final long serialVersionUID = -1430015993304333921L;
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public int getIterationCount();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public byte[] getSalt();
+
+    /**
+     * @com.intel.drl.spec_ref
+     *  
+     */
+    public char[] getPassword();
+
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/interfaces/package.html b/crypto/src/main/java/javax/crypto/interfaces/package.html
new file mode 100644
index 0000000..e5817d1
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/interfaces/package.html
@@ -0,0 +1,16 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+</head>
+<html>
+<body>
+<p>
+This package provides the interfaces needed to implement the Diffie-Hellman (DH)
+key agreement's algorithm as specified by PKCS#3.
+
+The parameters for the DH algorithm must be accessed without unduly restriction as for example
+hardware repository for the parameters material.
+
+</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/crypto/src/main/java/javax/crypto/package.html b/crypto/src/main/java/javax/crypto/package.html
new file mode 100644
index 0000000..20c0c63
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/package.html
@@ -0,0 +1,19 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+</head>
+<html>
+<body>
+<p>
+This package provides the classes and interfaces needed to define encryption algorithm,
+keys' agreement algorithms and MAC (Message Authentication Code). Stream ciphers are supported
+as well as asymmetric, symmetric, block ciphers.
+With class {@link javax.crypto.SealedObject} a programmer can secure an object by
+encrypting it with a supported cipher.
+Not only MAC but also HMAC (Hash MAC) with sha-1 arr supported.
+
+Ciphers' implementations from different providers ae easily integrated in the package thanks
+to the SPI (Security Provider Interface) abstract classes.
+</p>
+</body>
+</html>
diff --git a/crypto/src/main/java/javax/crypto/spec/DESKeySpec.java b/crypto/src/main/java/javax/crypto/spec/DESKeySpec.java
new file mode 100644
index 0000000..67166ab
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DESKeySpec.java
@@ -0,0 +1,179 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DESKeySpec implements KeySpec {
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static final int DES_KEY_LEN = 8;
+
+    private final byte[] key;
+
+    // DES weak and semi-weak keys
+    // Got from:
+    // FIP PUB 74
+    // FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION 1981
+    // GUIDELINES FOR IMPLEMENTING AND USING THE NBS DATA ENCRYPTION STANDARD 
+    // http://www.dice.ucl.ac.be/crypto/standards/fips/fip74/fip74-1.pdf
+    private static final byte[][] SEMIWEAKS = {
+                {(byte) 0xE0, (byte) 0x01, (byte) 0xE0, (byte) 0x01,
+                 (byte) 0xF1, (byte) 0x01, (byte) 0xF1, (byte) 0x01},
+
+                {(byte) 0x01, (byte) 0xE0, (byte) 0x01, (byte) 0xE0,
+                 (byte) 0x01, (byte) 0xF1, (byte) 0x01, (byte) 0xF1},
+
+                {(byte) 0xFE, (byte) 0x1F, (byte) 0xFE, (byte) 0x1F,
+                 (byte) 0xFE, (byte) 0x0E, (byte) 0xFE, (byte) 0x0E},
+
+                {(byte) 0x1F, (byte) 0xFE, (byte) 0x1F, (byte) 0xFE,
+                 (byte) 0x0E, (byte) 0xFE, (byte) 0x0E, (byte) 0xFE},
+
+                {(byte) 0xE0, (byte) 0x1F, (byte) 0xE0, (byte) 0x1F,
+                 (byte) 0xF1, (byte) 0x0E, (byte) 0xF1, (byte) 0x0E},
+
+                {(byte) 0x1F, (byte) 0xE0, (byte) 0x1F, (byte) 0xE0,
+                 (byte) 0x0E, (byte) 0xF1, (byte) 0x0E, (byte) 0xF1},
+
+                {(byte) 0x01, (byte) 0xFE, (byte) 0x01, (byte) 0xFE,
+                 (byte) 0x01, (byte) 0xFE, (byte) 0x01, (byte) 0xFE},
+
+                {(byte) 0xFE, (byte) 0x01, (byte) 0xFE, (byte) 0x01,
+                 (byte) 0xFE, (byte) 0x01, (byte) 0xFE, (byte) 0x01},
+
+                {(byte) 0x01, (byte) 0x1F, (byte) 0x01, (byte) 0x1F,
+                 (byte) 0x01, (byte) 0x0E, (byte) 0x01, (byte) 0x0E},
+
+                {(byte) 0x1F, (byte) 0x01, (byte) 0x1F, (byte) 0x01,
+                 (byte) 0x0E, (byte) 0x01, (byte) 0x0E, (byte) 0x01},
+
+                {(byte) 0xE0, (byte) 0xFE, (byte) 0xE0, (byte) 0xFE,
+                 (byte) 0xF1, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE},
+
+                {(byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xE0,
+                 (byte) 0xFE, (byte) 0xF1, (byte) 0xFE, (byte) 0xF1},
+
+                {(byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x01, 
+                 (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x01},
+
+                {(byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE,
+                 (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE},
+
+                {(byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0,
+                 (byte) 0xF1, (byte) 0xF1, (byte) 0xF1, (byte) 0xF1},
+
+                {(byte) 0x1F, (byte) 0x1F, (byte) 0x1F, (byte) 0x1F,
+                 (byte) 0x0E, (byte) 0x0E, (byte) 0x0E, (byte) 0x0E},
+
+                };
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DESKeySpec(byte[] key) throws InvalidKeyException {
+        this(key, 0);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DESKeySpec(byte[] key, int offset)
+                throws InvalidKeyException {
+        if (key == null) {
+            throw new NullPointerException(Messages.getString("crypto.2F")); //$NON-NLS-1$
+        }
+        if (key.length - offset < DES_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.40")); //$NON-NLS-1$
+        }
+        this.key = new byte[DES_KEY_LEN];
+        System.arraycopy(key, offset, this.key, 0, DES_KEY_LEN);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getKey() {
+        byte[] result = new byte[DES_KEY_LEN];
+        System.arraycopy(this.key, 0, result, 0, DES_KEY_LEN);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static boolean isParityAdjusted(byte[] key, int offset)
+            throws InvalidKeyException {
+        if (key == null) {
+            throw new InvalidKeyException(Messages.getString("crypto.2F")); //$NON-NLS-1$
+        }
+        if (key.length - offset < DES_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.40")); //$NON-NLS-1$
+        }
+
+        int byteKey = 0;
+
+        for (int i = offset; i < DES_KEY_LEN; i++) {
+            byteKey = key[i];
+
+            byteKey ^= byteKey >> 1;
+            byteKey ^= byteKey >> 2;
+            byteKey ^= byteKey >> 4;
+
+            if ((byteKey & 1) == 0) {
+                return false;
+            }
+        }
+        return true;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static boolean isWeak(byte[] key, int offset)
+              throws InvalidKeyException {
+        if (key == null) {
+            throw new InvalidKeyException(Messages.getString("crypto.2F")); //$NON-NLS-1$
+        }
+        if (key.length - offset < DES_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.40")); //$NON-NLS-1$
+        }
+        I:
+        for (int i=0; i<SEMIWEAKS.length; i++) {
+            for (int j=0; j<DES_KEY_LEN; j++) {
+                if (SEMIWEAKS[i][j] != key[offset+j]) {
+                    continue I;
+                }
+            }
+            return true;
+        }
+        return false;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/DESedeKeySpec.java b/crypto/src/main/java/javax/crypto/spec/DESedeKeySpec.java
new file mode 100644
index 0000000..3c04547
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DESedeKeySpec.java
@@ -0,0 +1,102 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.InvalidKeyException;
+import java.security.spec.KeySpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DESedeKeySpec implements KeySpec {
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static final int DES_EDE_KEY_LEN = 24;
+
+    private final byte[] key;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DESedeKeySpec(byte[] key)
+                throws InvalidKeyException {
+        if (key == null) {
+            throw new NullPointerException(Messages.getString("crypto.2F")); //$NON-NLS-1$
+        }
+        if (key.length < DES_EDE_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.30")); //$NON-NLS-1$
+        }
+        this.key = new byte[DES_EDE_KEY_LEN];
+        System.arraycopy(key, 0, this.key, 0, DES_EDE_KEY_LEN);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DESedeKeySpec(byte[] key, int offset)
+                throws InvalidKeyException {
+        if (key == null) {
+            throw new NullPointerException(Messages.getString("crypto.2F")); //$NON-NLS-1$
+        }
+        if (key.length - offset < DES_EDE_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.30")); //$NON-NLS-1$
+        }
+        this.key = new byte[DES_EDE_KEY_LEN];
+        System.arraycopy(key, offset, this.key, 0, DES_EDE_KEY_LEN);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getKey() {
+        byte[] result = new byte [DES_EDE_KEY_LEN];
+        System.arraycopy(this.key, 0, result, 0, DES_EDE_KEY_LEN);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static boolean isParityAdjusted(byte[] key, int offset)
+                throws InvalidKeyException {
+        if (key.length - offset < DES_EDE_KEY_LEN) {
+            throw new InvalidKeyException(
+                    Messages.getString("crypto.30")); //$NON-NLS-1$
+        }
+        for (int i=offset; i<DES_EDE_KEY_LEN+offset; i++) {
+            int b = key[i];
+            if ((((b & 1) + ((b & 2) >> 1) + ((b & 4) >> 2)
+                + ((b & 8) >> 3) + ((b & 16) >> 4) + ((b & 32) >> 5)
+                + ((b & 64) >> 6)) & 1) == ((b & 128) >> 7)) {
+                return false;
+            }
+        }
+        return true;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/DHGenParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/DHGenParameterSpec.java
new file mode 100644
index 0000000..7beea4b
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DHGenParameterSpec.java
@@ -0,0 +1,57 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DHGenParameterSpec implements AlgorithmParameterSpec {
+
+    private final int primeSize;
+    private final int exponentSize;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DHGenParameterSpec(int primeSize, int exponentSize) {
+        this.primeSize = primeSize;
+        this.exponentSize = exponentSize;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getPrimeSize() {
+        return primeSize;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getExponentSize() {
+        return exponentSize;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/DHParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/DHParameterSpec.java
new file mode 100644
index 0000000..030cfcb
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DHParameterSpec.java
@@ -0,0 +1,76 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.AlgorithmParameterSpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DHParameterSpec implements AlgorithmParameterSpec {
+
+    private final BigInteger p;
+    private final BigInteger g;
+    private final int l;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DHParameterSpec(BigInteger p, BigInteger g) {
+        this.p = p;
+        this.g = g;
+        this.l = 0;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DHParameterSpec(BigInteger p, BigInteger g, int l) {
+        this.p = p;
+        this.g = g;
+        this.l = l;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getP() {
+        return p;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getG() {
+        return g;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getL() {
+        return l;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/DHPrivateKeySpec.java b/crypto/src/main/java/javax/crypto/spec/DHPrivateKeySpec.java
new file mode 100644
index 0000000..711d3a7
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DHPrivateKeySpec.java
@@ -0,0 +1,67 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DHPrivateKeySpec implements KeySpec {
+
+    private final BigInteger x;
+    private final BigInteger p;
+    private final BigInteger g;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DHPrivateKeySpec(BigInteger x, BigInteger p, BigInteger g) {
+        this.x = x;
+        this.p = p;
+        this.g = g;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getX() {
+        return x;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getP() {
+        return p;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getG() {
+        return g;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/DHPublicKeySpec.java b/crypto/src/main/java/javax/crypto/spec/DHPublicKeySpec.java
new file mode 100644
index 0000000..e83640a
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/DHPublicKeySpec.java
@@ -0,0 +1,67 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.math.BigInteger;
+import java.security.spec.KeySpec;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class DHPublicKeySpec implements KeySpec {
+
+    private final BigInteger y;
+    private final BigInteger p;
+    private final BigInteger g;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public DHPublicKeySpec(BigInteger y, BigInteger p, BigInteger g) {
+        this.y = y;
+        this.p = p;
+        this.g = g;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getY() {
+        return y;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getP() {
+        return p;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public BigInteger getG() {
+        return g;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/IvParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/IvParameterSpec.java
new file mode 100644
index 0000000..bd77029
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/IvParameterSpec.java
@@ -0,0 +1,70 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class IvParameterSpec implements AlgorithmParameterSpec {
+
+    private final byte[] iv;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public IvParameterSpec(byte[] iv) {
+        if (iv == null) {
+            throw new NullPointerException(Messages.getString("crypto.38")); //$NON-NLS-1$
+        }
+        this.iv = new byte[iv.length];
+        System.arraycopy(iv, 0, this.iv, 0, iv.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public IvParameterSpec(byte[] iv, int offset, int len) {
+        if ((iv == null) || (iv.length - offset < len)) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.39")); //$NON-NLS-1$
+        }
+        if (offset < 0 || len < 0) {
+            throw new ArrayIndexOutOfBoundsException(Messages.getString("crypto.3A")); //$NON-NLS-1$
+        }
+        this.iv = new byte[len];
+        System.arraycopy(iv, offset, this.iv, 0, len);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getIV() {
+        byte[] res = new byte[iv.length];
+        System.arraycopy(iv, 0, res, 0, iv.length);
+        return res;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/OAEPParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/OAEPParameterSpec.java
new file mode 100644
index 0000000..a625cb1
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/OAEPParameterSpec.java
@@ -0,0 +1,93 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.AlgorithmParameterSpec;
+import javax.crypto.spec.PSource;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class OAEPParameterSpec implements AlgorithmParameterSpec {
+
+    private final String mdName;
+    private final String mgfName;
+    private final AlgorithmParameterSpec mgfSpec;
+    private final PSource pSrc;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static final OAEPParameterSpec DEFAULT = new OAEPParameterSpec();
+
+    private OAEPParameterSpec() {
+        this.mdName = "SHA-1"; //$NON-NLS-1$
+        this.mgfName = "MGF1"; //$NON-NLS-1$
+        this.mgfSpec = MGF1ParameterSpec.SHA1;
+        this.pSrc = PSource.PSpecified.DEFAULT;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public OAEPParameterSpec(String mdName, String mgfName,
+                                AlgorithmParameterSpec mgfSpec, PSource pSrc) {
+        if ((mdName == null) || (mgfName == null) || (pSrc == null)) {
+            throw new NullPointerException();
+        }
+        this.mdName = mdName;
+        this.mgfName = mgfName;
+        this.mgfSpec = mgfSpec;
+        this.pSrc = pSrc;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getDigestAlgorithm() {
+        return mdName;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getMGFAlgorithm() {
+        return mgfName;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public AlgorithmParameterSpec getMGFParameters() {
+        return mgfSpec;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PSource getPSource() {
+        return pSrc;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/PBEKeySpec.java b/crypto/src/main/java/javax/crypto/spec/PBEKeySpec.java
new file mode 100644
index 0000000..80e340e
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/PBEKeySpec.java
@@ -0,0 +1,159 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.KeySpec;
+import java.util.Arrays;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class PBEKeySpec implements KeySpec {
+
+    private char[] password;
+    private final byte[] salt;
+    private final int iterationCount;
+    private final int keyLength;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PBEKeySpec(char[] password) {
+        if (password == null) {
+            this.password = new char[0];
+        } else {
+            this.password = new char[password.length];
+            System.arraycopy(password, 0, this.password, 0, password.length);
+        }
+        salt = null;
+        iterationCount = 0;
+        keyLength = 0;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PBEKeySpec(char[] password, byte[] salt, int iterationCount,
+                      int keyLength) {
+        if (salt == null) {
+            throw new NullPointerException(Messages.getString("crypto.3B")); //$NON-NLS-1$
+        }
+        if (salt.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.3C")); //$NON-NLS-1$
+        }
+        if (iterationCount <= 0) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.3D")); //$NON-NLS-1$
+        }
+        if (keyLength <= 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.3E")); //$NON-NLS-1$
+        }
+
+        if (password == null) {
+            this.password = new char[0];
+        } else {
+            this.password = new char[password.length];
+            System.arraycopy(password, 0, this.password, 0, password.length);
+        }
+        this.salt = new byte[salt.length];
+        System.arraycopy(salt, 0, this.salt, 0, salt.length);
+        this.iterationCount = iterationCount;
+        this.keyLength = keyLength;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PBEKeySpec(char[] password, byte[] salt, int iterationCount) {
+        if (salt == null) {
+            throw new NullPointerException(Messages.getString("crypto.3B")); //$NON-NLS-1$
+        }
+        if (salt.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.3C")); //$NON-NLS-1$
+        }
+        if (iterationCount <= 0) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.3D")); //$NON-NLS-1$
+        }
+
+        if (password == null) {
+            this.password = new char[0];
+        } else {
+            this.password = new char[password.length];
+            System.arraycopy(password, 0, this.password, 0, password.length);
+        }
+        this.salt = new byte[salt.length];
+        System.arraycopy(salt, 0, this.salt, 0, salt.length);
+        this.iterationCount = iterationCount;
+        this.keyLength = 0;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final void clearPassword() {
+        Arrays.fill(password, '?');
+        password = null;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final char[] getPassword() {
+        if (password == null) {
+            throw new IllegalStateException(Messages.getString("crypto.3F")); //$NON-NLS-1$
+        }
+        char[] result = new char[password.length];
+        System.arraycopy(password, 0, result, 0, password.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final byte[] getSalt() {
+        if (salt == null) {
+            return null;
+        }
+        byte[] result = new byte[salt.length];
+        System.arraycopy(salt, 0, result, 0, salt.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final int getIterationCount() {
+        return iterationCount;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public final int getKeyLength() {
+        return keyLength;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/PBEParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/PBEParameterSpec.java
new file mode 100644
index 0000000..6e220b8
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/PBEParameterSpec.java
@@ -0,0 +1,65 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class PBEParameterSpec implements AlgorithmParameterSpec {
+
+    private final byte[] salt;
+    private final int iterationCount;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public PBEParameterSpec(byte[] salt, int iterationCount) {
+        if (salt == null) {
+            throw new NullPointerException(Messages.getString("crypto.3B")); //$NON-NLS-1$
+        }
+        this.salt = new byte[salt.length];
+        System.arraycopy(salt, 0, this.salt, 0, salt.length);
+        this.iterationCount = iterationCount;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getSalt() {
+        byte[] result = new byte[salt.length];
+        System.arraycopy(salt, 0, result, 0, salt.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getIterationCount() {
+        return iterationCount;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/PSource.java b/crypto/src/main/java/javax/crypto/spec/PSource.java
new file mode 100644
index 0000000..e83b423
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/PSource.java
@@ -0,0 +1,94 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class PSource {
+
+    private String pSrcName;
+
+    private PSource() {}
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    protected PSource(String pSrcName) {
+        if (pSrcName == null) {
+            throw new NullPointerException(Messages.getString("crypto.42")); //$NON-NLS-1$
+        }
+        this.pSrcName = pSrcName;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getAlgorithm() {
+        return pSrcName;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public static final class PSpecified extends PSource {
+
+        private final byte[] p;
+
+        /**
+         * @com.intel.drl.spec_ref
+         */
+        public static final PSpecified DEFAULT = new PSpecified();
+
+        private PSpecified() {
+            super("PSpecified"); //$NON-NLS-1$
+            p = new byte[0];
+        }
+
+        /**
+         * @com.intel.drl.spec_ref
+         */
+        public PSpecified(byte[] p) {
+            super("PSpecified"); //$NON-NLS-1$
+            if (p == null) {
+                throw new NullPointerException(Messages.getString("crypto.43")); //$NON-NLS-1$
+            }
+            //TODO: It is unknown which name should be used!
+            //super("");
+            this.p = new byte[p.length];
+            System.arraycopy(p, 0, this.p, 0, p.length);
+        }
+
+        /**
+         * @com.intel.drl.spec_ref
+         */
+        public byte[] getValue() {
+            byte[] result = new byte[p.length];
+            System.arraycopy(p, 0, result, 0, p.length);
+            return result;
+        }
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/RC2ParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/RC2ParameterSpec.java
new file mode 100644
index 0000000..6a24964
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/RC2ParameterSpec.java
@@ -0,0 +1,126 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class RC2ParameterSpec implements AlgorithmParameterSpec {
+
+    private final int effectiveKeyBits;
+    private final byte[] iv;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC2ParameterSpec(int effectiveKeyBits) {
+        this.effectiveKeyBits = effectiveKeyBits;
+        iv = null;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC2ParameterSpec(int effectiveKeyBits, byte[] iv) {
+        if (iv == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.31")); //$NON-NLS-1$
+        }
+        if (iv.length < 8) {
+            throw new IllegalArgumentException(Messages.getString("crypto.41")); //$NON-NLS-1$
+        }
+        this.effectiveKeyBits = effectiveKeyBits;
+        this.iv = new byte[8];
+        System.arraycopy(iv, 0, this.iv, 0, 8);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC2ParameterSpec(int effectiveKeyBits, byte[] iv, int offset) {
+        if (iv == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.31")); //$NON-NLS-1$
+        }
+        if (iv.length - offset < 8) {
+            throw new IllegalArgumentException(Messages.getString("crypto.41")); //$NON-NLS-1$
+        }
+        this.effectiveKeyBits = effectiveKeyBits;
+        this.iv = new byte[8];
+        System.arraycopy(iv, offset, this.iv, 0, 8);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getEffectiveKeyBits() {
+        return effectiveKeyBits;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getIV() {
+        if (iv == null) {
+            return null;
+        }
+        byte[] result = new byte[iv.length];
+        System.arraycopy(iv, 0, result, 0, iv.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (!(obj instanceof RC2ParameterSpec)) {
+            return false;
+        }
+        RC2ParameterSpec ps = (RC2ParameterSpec) obj;
+        return (effectiveKeyBits == ps.effectiveKeyBits)
+            && (Arrays.equals(iv, ps.iv));
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int hashCode() {
+        int result = effectiveKeyBits;
+        if (iv == null) {
+            return result;
+        }
+        for (byte element : iv) {
+            result += element;
+        }
+        return result;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/RC5ParameterSpec.java b/crypto/src/main/java/javax/crypto/spec/RC5ParameterSpec.java
new file mode 100644
index 0000000..b4a7fcc
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/RC5ParameterSpec.java
@@ -0,0 +1,156 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.security.spec.AlgorithmParameterSpec;
+import java.util.Arrays;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class RC5ParameterSpec implements AlgorithmParameterSpec {
+
+    private final int version;
+    private final int rounds;
+    private final int wordSize;
+    private final byte[] iv;
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC5ParameterSpec(int version, int rounds, int wordSize) {
+        this.version = version;
+        this.rounds = rounds;
+        this.wordSize = wordSize;
+        this.iv = null;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC5ParameterSpec(int version, int rounds, int wordSize, byte[] iv) {
+        if (iv == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.31")); //$NON-NLS-1$
+        }
+        if (iv.length < 2 * (wordSize / 8)) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.32")); //$NON-NLS-1$
+        }
+        this.version = version;
+        this.rounds = rounds;
+        this.wordSize = wordSize;
+        this.iv = new byte[2*(wordSize/8)];
+        System.arraycopy(iv, 0, this.iv, 0, 2*(wordSize/8));
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public RC5ParameterSpec(int version, int rounds,
+                                int wordSize, byte[] iv, int offset) {
+        if (iv == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.31")); //$NON-NLS-1$
+        }
+        if (offset < 0) {
+            throw new ArrayIndexOutOfBoundsException(Messages.getString("crypto.33")); //$NON-NLS-1$
+        }
+        if (iv.length - offset < 2 * (wordSize / 8)) {
+            throw new IllegalArgumentException(
+                    Messages.getString("crypto.34")); //$NON-NLS-1$
+        }
+        this.version = version;
+        this.rounds = rounds;
+        this.wordSize = wordSize;
+        this.iv = new byte[offset+2*(wordSize/8)];
+        System.arraycopy(iv, offset, this.iv, 0, 2*(wordSize/8));
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getVersion() {
+        return version;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getRounds() {
+        return rounds;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public int getWordSize() {
+        return wordSize;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getIV() {
+        if (iv == null) {
+            return null;
+        }
+        byte[] result = new byte[iv.length];
+        System.arraycopy(iv, 0, result, 0, iv.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (!(obj instanceof RC5ParameterSpec)) {
+            return false;
+        }
+        RC5ParameterSpec ps = (RC5ParameterSpec) obj;
+        return (version == ps.version)
+            && (rounds == ps.rounds)
+            && (wordSize == ps.wordSize)
+            && (Arrays.equals(iv, ps.iv));
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int hashCode() {
+        int result = version + rounds + wordSize;
+        if (iv == null) {
+            return result;
+        }
+        for (byte element : iv) {
+            result += element & 0xFF;
+        }
+        return result;
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/SecretKeySpec.java b/crypto/src/main/java/javax/crypto/spec/SecretKeySpec.java
new file mode 100644
index 0000000..1aef40c
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/SecretKeySpec.java
@@ -0,0 +1,140 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Alexander Y. Kleymenov
+* @version $Revision$
+*/
+
+package javax.crypto.spec;
+
+import java.io.Serializable;
+import java.security.spec.KeySpec;
+import java.util.Arrays;
+import javax.crypto.SecretKey;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * @com.intel.drl.spec_ref
+ */
+public class SecretKeySpec implements SecretKey, KeySpec, Serializable {
+
+    // The 5.0 spec. doesn't declare this serialVersionUID field
+    // In order to be compatible it is explicitly declared here
+    // for details see HARMONY-233
+    private static final long serialVersionUID = 6577238317307289933L;
+
+    private final byte[] key;
+    private final String algorithm;
+    private final String format = "RAW"; //$NON-NLS-1$
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public SecretKeySpec(byte[] key, String algorithm) {
+        if (key == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.05")); //$NON-NLS-1$
+        }
+        if (key.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.35")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+
+        this.algorithm = algorithm;
+        this.key = new byte[key.length];
+        System.arraycopy(key, 0, this.key, 0, key.length);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public SecretKeySpec(byte[] key, int offset, int len, String algorithm) {
+        if (key == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.05")); //$NON-NLS-1$
+        }
+        if (key.length == 0) {
+            throw new IllegalArgumentException(Messages.getString("crypto.35")); //$NON-NLS-1$
+        }
+        if (len < 0) {
+            throw new ArrayIndexOutOfBoundsException(Messages.getString("crypto.36")); //$NON-NLS-1$
+        }
+        if ((key.length - offset < len)) {
+            throw new IllegalArgumentException(Messages.getString("crypto.37")); //$NON-NLS-1$
+        }
+        if (algorithm == null) {
+            throw new IllegalArgumentException(Messages.getString("crypto.02")); //$NON-NLS-1$
+        }
+        this.algorithm = algorithm;
+        this.key = new byte[len];
+        System.arraycopy(key, offset, this.key, 0, len);
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public String getFormat() {
+        return format;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    public byte[] getEncoded() {
+        byte[] result = new byte[key.length];
+        System.arraycopy(key, 0, result, 0, key.length);
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public int hashCode() {
+        int result = algorithm.length();
+        for (byte element : key) {
+            result += element;
+        }
+        return result;
+    }
+
+    /**
+     * @com.intel.drl.spec_ref
+     */
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == this) {
+            return true;
+        }
+        if (!(obj instanceof SecretKeySpec)) {
+            return false;
+        }
+        SecretKeySpec ks = (SecretKeySpec) obj;
+        return (algorithm.equalsIgnoreCase(ks.algorithm))
+            && (Arrays.equals(key, ks.key));
+    }
+}
+
diff --git a/crypto/src/main/java/javax/crypto/spec/package.html b/crypto/src/main/java/javax/crypto/spec/package.html
new file mode 100644
index 0000000..da03779
--- /dev/null
+++ b/crypto/src/main/java/javax/crypto/spec/package.html
@@ -0,0 +1,19 @@
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
+</head>
+<html>
+<body>
+<p>
+This package provides the classes and interfaces needed to specify keys and parameter for
+encryption. Following standards are supported:
+(1) PKCS#3 Diffie-Hellman ekey agreement's standard;
+(2) FIPS-46-2 Data Encryption Standard (DES);
+(3) PKCS#5 Password Based Encryption (PBE) standard.
+Keys may be specified via algorithm or in a more abstract and general way with ASN.1.
+
+Keys and algorithm parameters are specified for the following procedures:
+(i) DH, (ii) DES, (iii) TripleDES, (iv) PBE, (v) RC2 and (vi) RC5.
+</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/crypto/src/main/java/org/apache/harmony/crypto/internal/NullCipherSpi.java b/crypto/src/main/java/org/apache/harmony/crypto/internal/NullCipherSpi.java
new file mode 100644
index 0000000..d6b2619
--- /dev/null
+++ b/crypto/src/main/java/org/apache/harmony/crypto/internal/NullCipherSpi.java
@@ -0,0 +1,175 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/**
+* @author Boris V. Kuznetsov
+* @version $Revision$
+*/
+
+package org.apache.harmony.crypto.internal;
+
+import java.nio.ByteBuffer;
+import java.security.AlgorithmParameters;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.CipherSpi;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.ShortBufferException;
+
+import org.apache.harmony.crypto.internal.nls.Messages;
+
+/**
+ * CipherSpi implementation for javax.crypto.NullCipher
+ * 
+ */
+public class NullCipherSpi extends CipherSpi {
+
+    @Override
+    public void engineSetMode(String arg0) throws NoSuchAlgorithmException {
+        // Do nothing
+    }
+
+    @Override
+    public void engineSetPadding(String arg0) throws NoSuchPaddingException {
+        // Do nothing
+    }
+
+    @Override
+    public int engineGetBlockSize() {
+        return 1;
+    }
+
+    @Override
+    public int engineGetOutputSize(int inputLen) {
+        return inputLen;
+    }
+
+    @Override
+    public byte[] engineGetIV() {
+        return new byte[8]; // compatible with RI
+    }
+
+    @Override
+    public AlgorithmParameters engineGetParameters() {
+        return null;
+    }
+
+    @Override
+    public void engineInit(int opmode, Key key, SecureRandom random)
+            throws InvalidKeyException {
+        // Do nothing
+    }
+
+    @Override
+    public void engineInit(int opmode, Key key, AlgorithmParameterSpec params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException {
+        // Do nothing
+    }
+
+    @Override
+    public void engineInit(int opmode, Key key, AlgorithmParameters params,
+            SecureRandom random) throws InvalidKeyException,
+            InvalidAlgorithmParameterException {
+        // Do nothing
+    }
+
+    @Override
+    public byte[] engineUpdate(byte[] input, int inputOffset, int inputLen) {
+        if (input == null) {
+            return null;
+        }
+        byte[] result = new byte[inputLen];
+        System.arraycopy(input, inputOffset, result, 0, inputLen);
+        return result;
+    }
+
+    @Override
+    public int engineUpdate(byte[] input, int inputOffset, int inputLen,
+            byte[] output, int outputOffset) throws ShortBufferException {
+        if (input == null) {
+            return 0;
+        }
+        System.arraycopy(input, inputOffset, output, outputOffset, inputLen);
+        return inputLen;
+    }
+
+    @Override
+    public int engineUpdate(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException {
+        if (input == null || output == null) {
+            throw new NullPointerException();
+        }
+        int result = input.limit() - input.position();
+        try {
+            output.put(input);
+        } catch (java.nio.BufferOverflowException e) {
+            throw new ShortBufferException(Messages.getString("crypto.0F", e)); //$NON-NLS-1$
+        }
+        return result;
+    }
+
+    @Override
+    public byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
+            throws IllegalBlockSizeException, BadPaddingException {
+        if (input == null) {
+            return null;
+        }
+        return engineUpdate(input, inputOffset, inputLen);
+    }
+
+    @Override
+    public int engineDoFinal(byte[] input, int inputOffset, int inputLen,
+            byte[] output, int outputOffset) throws ShortBufferException,
+            IllegalBlockSizeException, BadPaddingException {
+        int result = engineUpdate(input, inputOffset, inputLen, output,
+                outputOffset);
+        return result;
+    }
+
+    @Override
+    public int engineDoFinal(ByteBuffer input, ByteBuffer output)
+            throws ShortBufferException, IllegalBlockSizeException,
+            BadPaddingException {
+        return engineUpdate(input, output);
+    }
+
+    @Override
+    public byte[] engineWrap(Key key) throws IllegalBlockSizeException,
+            InvalidKeyException {
+        throw new UnsupportedOperationException(Messages.getString("crypto.44")); //$NON-NLS-1$
+    }
+
+    @Override
+    public Key engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm,
+            int wrappedKeyType) throws InvalidKeyException,
+            NoSuchAlgorithmException {
+        throw new UnsupportedOperationException(Messages.getString("crypto.45")); //$NON-NLS-1$
+    }
+
+    @Override
+    public int engineGetKeySize(Key key) throws InvalidKeyException {
+        throw new UnsupportedOperationException(Messages.getString("crypto.46")); //$NON-NLS-1$
+    }
+}
\ No newline at end of file
diff --git a/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/Messages.java b/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/Messages.java
new file mode 100644
index 0000000..6731e00
--- /dev/null
+++ b/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/Messages.java
@@ -0,0 +1,132 @@
+/* 
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ * THE FILE HAS BEEN AUTOGENERATED BY MSGTOOL TOOL.
+ * All changes made to this file manually will be overwritten 
+ * if this tool runs again. Better make changes in the template file.
+ */
+
+package org.apache.harmony.crypto.internal.nls;
+
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.Locale;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+import org.apache.harmony.kernel.vm.VM;
+import org.apache.harmony.luni.util.MsgHelp;
+
+/**
+ * This class retrieves strings from a resource bundle and returns them,
+ * formatting them with MessageFormat when required.
+ * <p>
+ * It is used by the system classes to provide national language support, by
+ * looking up messages in the <code>
+ *    org.apache.harmony.crypto.internal.nls.messages
+ * </code>
+ * resource bundle. Note that if this file is not available, or an invalid key
+ * is looked up, or resource bundle support is not available, the key itself
+ * will be returned as the associated message. This means that the <em>KEY</em>
+ * should a reasonable human-readable (english) string.
+ * 
+ */
+public class Messages {
+
+    private static final String sResource =
+        "org.apache.harmony.crypto.internal.nls.messages"; //$NON-NLS-1$
+
+    /**
+     * Retrieves a message which has no arguments.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg) {
+        return MsgHelp.getString(sResource, msg);
+    }
+
+    /**
+     * Retrieves a message which takes 1 argument.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @param arg
+     *            Object the object to insert in the formatted output.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg, Object arg) {
+        return getString(msg, new Object[] { arg });
+    }
+
+    /**
+     * Retrieves a message which takes 1 integer argument.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @param arg
+     *            int the integer to insert in the formatted output.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg, int arg) {
+        return getString(msg, new Object[] { Integer.toString(arg) });
+    }
+
+    /**
+     * Retrieves a message which takes 1 character argument.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @param arg
+     *            char the character to insert in the formatted output.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg, char arg) {
+        return getString(msg, new Object[] { String.valueOf(arg) });
+    }
+
+    /**
+     * Retrieves a message which takes 2 arguments.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @param arg1
+     *            Object an object to insert in the formatted output.
+     * @param arg2
+     *            Object another object to insert in the formatted output.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg, Object arg1, Object arg2) {
+        return getString(msg, new Object[] { arg1, arg2 });
+    }
+
+    /**
+     * Retrieves a message which takes several arguments.
+     * 
+     * @param msg
+     *            String the key to look up.
+     * @param args
+     *            Object[] the objects to insert in the formatted output.
+     * @return String the message for that key in the system message bundle.
+     */
+    static public String getString(String msg, Object[] args) {
+        return MsgHelp.getString(sResource, msg, args);
+    }
+}
diff --git a/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/messages.properties b/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/messages.properties
new file mode 100644
index 0000000..509e100
--- /dev/null
+++ b/crypto/src/main/java/org/apache/harmony/crypto/internal/nls/messages.properties
@@ -0,0 +1,87 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#  
+#      http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+# 
+
+# messages for EN locale
+crypto.01=MAC was not initialized
+crypto.02=Algorithm is null
+crypto.03=Provider is null or empty
+crypto.04=Provider is null
+crypto.05=key is null
+crypto.06=Incorrect arguments
+crypto.07=input is null
+crypto.08=Output buffer is null
+crypto.09=Incorrect outOffset parameter: {0}
+crypto.0A=Output buffer is short. It is needed {0} bytes
+crypto.0B=Not initialized Mac
+crypto.0C=input byte buffer is null
+crypto.0D=output byte buffer is null
+crypto.0E=Output is small
+crypto.0F=Output buffer is too small: {0}
+crypto.10=engineWrap(Key key) is not supported
+crypto.11=engineUnwrap(byte[] wrappedKey, String wrappedKeyAlgorithm, int wrappedKeyType) is not supported
+crypto.12=engineGetKeySize(Key key) is not supported
+crypto.13=Cipher is null\!
+crypto.14=Specified sealed object is null\!
+crypto.15=The provider name is empty or null
+crypto.16=Provider {0} is not available
+crypto.17=Invalid transformation {0}
+crypto.18=Cipher has not yet been initialized
+crypto.19=Invalid mode
+crypto.1A=The public key in the certificate cannot be used for ENCRYPT_MODE
+crypto.1B=The public key in the certificate cannot be used for DECRYPT_MODE
+crypto.1C=Cipher has not yet been initialized properly
+crypto.1D=The input parameter is null
+crypto.1E=Incorrect inputOffset/inputLen parameters
+crypto.1F=The output parameter is null
+crypto.20=Incorrect outputOffset parameter
+crypto.21=Incorrect inputOffset/inputLen parameters
+crypto.22=the encoded parameter is null
+crypto.23=the algName parameter is null
+crypto.24={0} not supported
+crypto.25=the encryptedData parameter is null
+crypto.26=the encryptedData is empty
+crypto.27=the algParams parameter is null
+crypto.28=the cipher parameter is null
+crypto.29=Decrypted data does not represent valid PKCS\#8 PrivateKeyInfo
+crypto.2A=the decryptKey parameter is null
+crypto.2B=the providerName parameter is null
+crypto.2C=the provider parameter is null
+crypto.2D=ExemptionMechanism is not initialized
+crypto.2E=Input and output are the same object
+crypto.2F=Specified key material is null.
+crypto.30=The key material is shorter than 24 bytes.
+crypto.31=iv is null
+crypto.32=iv.length < 2 * (wordSize / 8)
+crypto.33=offset is negative
+crypto.34=iv.length - offset < 2 * (wordSize / 8)
+crypto.35=key is empty
+crypto.36=len is negative
+crypto.37=key is too short
+crypto.38=Specified IV is null.
+crypto.39=iv is null or (iv.length - offset < len)
+crypto.3A=offset < 0 or len < 0
+crypto.3B=Specified salt is null.
+crypto.3C=salt is empty
+crypto.3D=iterationCount is not positive.
+crypto.3E=keyLength is not positive.
+crypto.3F=The password has been cleared.
+crypto.40=The key material is shorter than 8 bytes
+crypto.41=iv is shorter than 8 bytes
+crypto.42=pSrcName is null\!
+crypto.43=encoding input is null\!
+crypto.44=Wrap
+crypto.45=Unwrap
+crypto.46=GetKeySize
diff --git a/crypto/src/main/native/javax_crypto_HmacSpi.cpp b/crypto/src/main/native/javax_crypto_HmacSpi.cpp
new file mode 100644
index 0000000..fed4ec9
--- /dev/null
+++ b/crypto/src/main/native/javax_crypto_HmacSpi.cpp
@@ -0,0 +1,79 @@
+/*
+ * Copyright (C) 2006 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <jni.h>
+#include <JNIHelp.h>
+//#include <android_runtime/AndroidRuntime.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <stdint.h>
+#include <string.h>
+
+
+jbyteArray native_compute_sha1_hmac(JNIEnv* env, jobject object,
+                                    jbyteArray keyArray, jbyteArray dataArray)
+{
+    uint8_t * output = (uint8_t *)malloc(EVP_MAX_MD_SIZE);
+    if (!output) {
+        jniThrowException(env, "java/lang/OutOfMemoryError", NULL);
+        return NULL;
+    }
+    uint32_t outputSize;
+
+    jbyte * key = env->GetByteArrayElements(keyArray, NULL);
+    int keySize = env->GetArrayLength(keyArray);
+
+    jbyte * data = env->GetByteArrayElements(dataArray, NULL);
+    int dataSize = env->GetArrayLength(dataArray);
+
+    HMAC(EVP_sha1(),
+        (unsigned char const *)key, keySize,
+        (unsigned char const *)data, dataSize,
+        output, &outputSize);
+
+    env->ReleaseByteArrayElements(keyArray, key, 0);
+    env->ReleaseByteArrayElements(dataArray, data, 0);
+
+    jbyteArray outputArray = env->NewByteArray(outputSize);
+    if (!output) {
+        jniThrowException(env, "java/lang/OutOfMemoryError", NULL);
+        free(output);
+        return NULL;
+    }    
+
+    jbyte * outputBytes = env->GetByteArrayElements(outputArray, NULL);
+    memcpy(outputBytes, output, outputSize);
+    env->ReleaseByteArrayElements(outputArray, outputBytes, 0);
+
+    free(output);
+
+    return outputArray;
+}
+
+/*
+ * JNI registration.
+ */
+static JNINativeMethod sMethods[] = {
+    /* name, signature, funcPtr */
+    { "native_compute_sha1_hmac", "([B[B)[B", (void*)native_compute_sha1_hmac },
+};
+
+extern "C" int register_javax_crypto_HmacSpi(JNIEnv* env)
+{
+    return jniRegisterNativeMethods(env, "javax/crypto/HmacSpi", sMethods, NELEM(sMethods));
+}
+
+
diff --git a/crypto/src/main/native/sub.mk b/crypto/src/main/native/sub.mk
new file mode 100644
index 0000000..e02f508
--- /dev/null
+++ b/crypto/src/main/native/sub.mk
@@ -0,0 +1,18 @@
+# This file is included by the top-level libcore Android.mk.
+# It's not a normal makefile, so we don't include CLEAR_VARS
+# or BUILD_*_LIBRARY.
+
+LOCAL_SRC_FILES := \
+	javax_crypto_HmacSpi.cpp
+
+LOCAL_C_INCLUDES += \
+	external/openssl/include
+
+# Any shared/static libs that are listed here must also
+# be listed in libs/nativehelper/Android.mk.
+# TODO: fix this requirement
+
+LOCAL_SHARED_LIBRARIES += \
+	libcrypto
+
+LOCAL_STATIC_LIBRARIES +=