001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.crypto; 020 021/** 022 * A cipher <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">mode of operation</a> 023 * directs a cipher algorithm how to convert data during the encryption or decryption process. This enum represents 024 * all JDK-standard Cipher operation mode names as defined in 025 * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html">JDK Security Standard 026 * Names</a>, as well as a few more that are well-known and supported by other JCA Providers. 027 * <p/> 028 * This {@code enum} exists to provide Shiro end-users type-safety when declaring an operation mode. This helps reduce 029 * error by providing a compile-time mechanism to specify a mode and guarantees a valid name that will be 030 * recognized by an underlying JCA Provider. 031 * <h2>Standard or Non-Standard?</h2> 032 * All modes listed specify whether they are a JDK standard mode or a non-standard mode. Standard modes are included 033 * in all JDK distributions. Non-standard modes can 034 * sometimes result in better performance or more secure output, but may not be available on the target JDK 035 * platform and rely on an external JCA Provider to be installed. Some providers 036 * (like <a href="http://www.bouncycastle.org">Bouncy Castle</a>) may support these modes however. 037 * 038 * @see <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">Block Cipher Modes of Operation<a/> 039 * @since 1.0 040 */ 041public enum OperationMode { 042 043 /** 044 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29"> 045 * Cipher-block Chaining</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS 046 * PUB 81</a>. 047 * <p/> 048 * This is a standard JDK operation mode and should be supported by all JDK environments. 049 */ 050 CBC, 051 052 /** 053 * <a href="http://en.wikipedia.org/wiki/CCM_mode">Counter with CBC-MAC</a> mode<b>*</b> - for block ciphers with 054 * 128 bit block-size only. See <a href="http://www.ietf.org/rfc/rfc3610.txt">RFC 3610</a> for AES Ciphers. 055 * This mode has essentially been replaced by the more-capable {@link #EAX EAX} mode. 056 * <p/> 057 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must 058 * ensure you have a JCA Provider that can support this cipher operation mode. 059 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider. 060 */ 061 CCM, 062 063 /** 064 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29">Cipher 065 * Feedback<a/> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>. 066 * <p/> 067 * This is a standard JDK operation mode and should be supported by all JDK environments. 068 */ 069 CFB, 070 071 /** 072 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29">Counter Mode</a>, aka 073 * Integer Counter Mode (ICM) and Segmented Integer Counter (SIC). Counter is a simplification of {@link #OFB OFB} 074 * and updates the input block as a counter. 075 * <p/> 076 * This is a standard JDK operation mode and should be supported by all JDK environments. 077 */ 078 CTR, 079 080 /** 081 * <a href="http://en.wikipedia.org/wiki/EAX_mode">EAX Mode</a><b>*</b>. This is a patent-free but less-effecient 082 * alternative to {@link #OCB OCB} and has capabilities beyond what {@link #CCM CCM} can provide. 083 * <p/> 084 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must 085 * ensure you have a JCA Provider that can support this cipher operation mode. 086 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider. 087 */ 088 EAX, 089 090 /** 091 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29">Electronic 092 * Codebook</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>. 093 * ECB is the only mode that does <em>not</em> require an Initialization Vector, but because of this, can be seen 094 * as less secure than operation modes that require an IV. 095 * <p/> 096 * This is a standard JDK operation mode and should be supported by all JDK environments. 097 */ 098 ECB, 099 100 /** 101 * <a href="http://en.wikipedia.org/wiki/GCM_mode">Galois/Counter</a> mode<b>*</b> - for block ciphers with 128 102 * bit block-size only. 103 * <p/> 104 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must 105 * ensure you have a JCA Provider that can support this cipher operation mode. 106 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider. 107 */ 108 GCM, 109 110 /** 111 * No mode. 112 * <p/> 113 * This is a standard JDK operation mode and should be supported by all JDK environments. 114 */ 115 NONE, 116 117 /** 118 * <a href="http://en.wikipedia.org/wiki/OCB_mode">Offset Codebook</a> mode<b>*</b>. Parallel mode that provides 119 * both message privacy and authenticity in a single pass. This is a very efficient mode, but is patent-encumbered. 120 * A less-efficient (two pass) alternative is available by using {@link #EAX EAX} mode. 121 * <p/> 122 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must 123 * ensure you have a JCA Provider that can support this cipher operation mode. 124 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider. 125 */ 126 OCB, 127 128 /** 129 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29">Output 130 * Feedback</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>. 131 * <p/> 132 * This is a standard JDK operation mode and should be supported by all JDK environments. 133 */ 134 OFB, 135 136 /** 137 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Propagating_cipher-block_chaining_.28PCBC.29"> 138 * Propagating Cipher Block Chaining</a> mode, defined in <a href="http://web.mit.edu/kerberos/">Kerberos version 4<a/>. 139 * <p/> 140 * This is a standard JDK operation mode and should be supported by all JDK environments. 141 */ 142 PCBC 143}