View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.crypto.cipher;
20  
21  /**
22   * A cipher <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">mode of operation</a>
23   * directs a cipher algorithm how to convert data during the encryption or decryption process.  This enum represents
24   * all JDK-standard Cipher operation mode names as defined in
25   * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html">JDK Security Standard
26   * Names</a>, as well as a few more that are well-known and supported by other JCA Providers.
27   * <p/>
28   * This {@code enum} exists to provide Shiro end-users type-safety when declaring an operation mode.  This helps reduce
29   * error by providing a compile-time mechanism to specify a mode and guarantees a valid name that will be
30   * recognized by an underlying JCA Provider.
31   * <h2>Standard or Non-Standard?</h2>
32   * All modes listed specify whether they are a JDK standard mode or a non-standard mode.  Standard modes are included
33   * in all JDK distributions.  Non-standard modes can
34   * sometimes result in better performance or more secure output, but may not be available on the target JDK
35   * platform and rely on an external JCA Provider to be installed.  Some providers
36   * (like <a href="http://www.bouncycastle.org">Bouncy Castle</a>) may support these modes however.
37   *
38   * @see <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">Block Cipher Modes of Operation<a/>
39   * @since 1.0
40   */
41  public enum OperationMode {
42  
43      /**
44       * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29">
45       * Cipher-block Chaining</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS
46       * PUB 81</a>.
47       * <p/>
48       * This is a standard JDK operation mode and should be supported by all JDK environments.
49       */
50      CBC,
51  
52      /**
53       * <a href="http://en.wikipedia.org/wiki/CCM_mode">Counter with CBC-MAC</a> mode<b>*</b> - for block ciphers with
54       * 128 bit block-size only. See <a href="http://www.ietf.org/rfc/rfc3610.txt">RFC 3610</a> for AES Ciphers.
55       * This mode has essentially been replaced by the more-capable {@link #EAX EAX} mode.
56       * <p/>
57       * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
58       * ensure you have a JCA Provider that can support this cipher operation mode.
59       * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
60       */
61      CCM,
62  
63      /**
64       * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29">Cipher
65       * Feedback<a/> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
66       * <p/>
67       * This is a standard JDK operation mode and should be supported by all JDK environments.
68       */
69      CFB,
70  
71      /**
72       * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29">Counter Mode</a>, aka
73       * Integer Counter Mode (ICM) and Segmented Integer Counter (SIC).  Counter is a simplification of {@link #OFB OFB}
74       * and updates the input block as a counter.
75       * <p/>
76       * This is a standard JDK operation mode and should be supported by all JDK environments.
77       */
78      CTR,
79  
80      /**
81       * <a href="http://en.wikipedia.org/wiki/EAX_mode">EAX Mode</a><b>*</b>.  This is a patent-free but less-efficient
82       * alternative to {@link #OCB OCB} and has capabilities beyond what {@link #CCM CCM} can provide.
83       * <p/>
84       * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
85       * ensure you have a JCA Provider that can support this cipher operation mode.
86       * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
87       */
88      EAX,
89  
90      /**
91       * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29">Electronic
92       * Codebook</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
93       * ECB is the only mode that does <em>not</em> require an Initialization Vector, but because of this, can be seen
94       * as less secure than operation modes that require an IV.
95       * <p/>
96       * This is a standard JDK operation mode and should be supported by all JDK environments.
97       */
98      ECB,
99  
100     /**
101      * <a href="http://en.wikipedia.org/wiki/GCM_mode">Galois/Counter</a> mode<b>*</b> - for block ciphers with 128
102      * bit block-size only.
103      * <p/>
104      * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
105      * ensure you have a JCA Provider that can support this cipher operation mode.
106      * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
107      */
108     GCM,
109 
110     /**
111      * No mode.
112      * <p/>
113      * This is a standard JDK operation mode and should be supported by all JDK environments.
114      */
115     NONE,
116 
117     /**
118      * <a href="http://en.wikipedia.org/wiki/OCB_mode">Offset Codebook</a> mode<b>*</b>.  Parallel mode that provides
119      * both message privacy and authenticity in a single pass.  This is a very efficient mode, but is patent-encumbered.
120      * A less-efficient (two pass) alternative is available by using {@link #EAX EAX} mode.
121      * <p/>
122      * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations.  You must
123      * ensure you have a JCA Provider that can support this cipher operation mode.
124      * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
125      */
126     OCB,
127 
128     /**
129      * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29">Output
130      * Feedback</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
131      * <p/>
132      * This is a standard JDK operation mode and should be supported by all JDK environments.
133      */
134     OFB,
135 
136     /**
137      * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Propagating_cipher-block_chaining_.28PCBC.29">
138      * Propagating Cipher Block Chaining</a> mode, defined in <a href="http://web.mit.edu/kerberos/">Kerberos version 4<a/>.
139      * <p/>
140      * This is a standard JDK operation mode and should be supported by all JDK environments.
141      */
142     PCBC
143 }