001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.crypto;
020    
021    /**
022     * A cipher <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">mode of operation</a>
023     * directs a cipher algorithm how to convert data during the encryption or decryption process.  This enum represents
024     * all JDK-standard Cipher operation mode names as defined in
025     * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html">JDK Security Standard
026     * Names</a>, as well as a few more that are well-known and supported by other JCA Providers.
027     * <p/>
028     * This {@code enum} exists to provide Shiro end-users type-safety when declaring an operation mode.  This helps reduce
029     * error by providing a compile-time mechanism to specify a mode and guarantees a valid name that will be
030     * recognized by an underlying JCA Provider.
031     * <h2>Standard or Non-Standard?</h2>
032     * All modes listed specify whether they are a JDK standard mode or a non-standard mode.  Standard modes are included
033     * in all JDK distributions.  Non-standard modes can
034     * sometimes result in better performance or more secure output, but may not be available on the target JDK
035     * platform and rely on an external JCA Provider to be installed.  Some providers
036     * (like <a href="http://www.bouncycastle.org">Bouncy Castle</a>) may support these modes however.
037     *
038     * @see <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">Block Cipher Modes of Operation<a/>
039     * @since 1.0
040     */
041    public enum OperationMode {
042    
043        /**
044         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29">
045         * Cipher-block Chaining</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS
046         * PUB 81</a>.
047         * <p/>
048         * This is a standard JDK operation mode and should be supported by all JDK environments.
049         */
050        CBC,
051    
052        /**
053         * <a href="http://en.wikipedia.org/wiki/CCM_mode">Counter with CBC-MAC</a> mode<b>*</b> - for block ciphers with
054         * 128 bit block-size only. See <a href="http://www.ietf.org/rfc/rfc3610.txt">RFC 3610</a> for AES Ciphers.
055         * This mode has essentially been replaced by the more-capable {@link #EAX EAX} mode.
056         * <p/>
057         * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
058         * ensure you have a JCA Provider that can support this cipher operation mode.
059         * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
060         */
061        CCM,
062    
063        /**
064         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29">Cipher
065         * Feedback<a/> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
066         * <p/>
067         * This is a standard JDK operation mode and should be supported by all JDK environments.
068         */
069        CFB,
070    
071        /**
072         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29">Counter Mode</a>, aka
073         * Integer Counter Mode (ICM) and Segmented Integer Counter (SIC).  Counter is a simplification of {@link #OFB OFB}
074         * and updates the input block as a counter.
075         * <p/>
076         * This is a standard JDK operation mode and should be supported by all JDK environments.
077         */
078        CTR,
079    
080        /**
081         * <a href="http://en.wikipedia.org/wiki/EAX_mode">EAX Mode</a><b>*</b>.  This is a patent-free but less-effecient
082         * alternative to {@link #OCB OCB} and has capabilities beyond what {@link #CCM CCM} can provide.
083         * <p/>
084         * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
085         * ensure you have a JCA Provider that can support this cipher operation mode.
086         * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
087         */
088        EAX,
089    
090        /**
091         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29">Electronic
092         * Codebook</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
093         * ECB is the only mode that does <em>not</em> require an Initialization Vector, but because of this, can be seen
094         * as less secure than operation modes that require an IV.
095         * <p/>
096         * This is a standard JDK operation mode and should be supported by all JDK environments.
097         */
098        ECB,
099    
100        /**
101         * <a href="http://en.wikipedia.org/wiki/GCM_mode">Galois/Counter</a> mode<b>*</b> - for block ciphers with 128
102         * bit block-size only.
103         * <p/>
104         * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
105         * ensure you have a JCA Provider that can support this cipher operation mode.
106         * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
107         */
108        GCM,
109    
110        /**
111         * No mode.
112         * <p/>
113         * This is a standard JDK operation mode and should be supported by all JDK environments.
114         */
115        NONE,
116    
117        /**
118         * <a href="http://en.wikipedia.org/wiki/OCB_mode">Offset Codebook</a> mode<b>*</b>.  Parallel mode that provides
119         * both message privacy and authenticity in a single pass.  This is a very efficient mode, but is patent-encumbered.
120         * A less-efficient (two pass) alternative is available by using {@link #EAX EAX} mode.
121         * <p/>
122         * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
123         * ensure you have a JCA Provider that can support this cipher operation mode.
124         * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
125         */
126        OCB,
127    
128        /**
129         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29">Output
130         * Feedback</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
131         * <p/>
132         * This is a standard JDK operation mode and should be supported by all JDK environments.
133         */
134        OFB,
135    
136        /**
137         * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Propagating_cipher-block_chaining_.28PCBC.29">
138         * Propagating Cipher Block Chaining</a> mode, defined in <a href="http://web.mit.edu/kerberos/">Kerberos version 4<a/>.
139         * <p/>
140         * This is a standard JDK operation mode and should be supported by all JDK environments.
141         */
142        PCBC
143    }