001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.crypto;
020    
021    /**
022     * {@code CipherService} using the {@code Blowfish} cipher algorithm for all encryption, decryption, and key operations.
023     * <p/>
024     * The Blowfish algorithm can support key sizes between {@code 32} and {@code 448} bits<b>*</b>, inclusive.  However,
025     * modern cryptanalysis techniques render keys of 80 bits or less mostly worthless - use {@code 128} or more whenever
026     * possible.
027     * <p/>
028     * Note that this class retains the parent class's default {@link OperationMode#CFB CFB} mode of operation
029     * instead of the typical JDK default of {@link OperationMode#ECB ECB}.  {@code ECB} should not be used in
030     * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are
031     * considered necessary for strong encryption.  See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the
032     * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not
033     * used in this implementation.
034     * <p/>
035     * <b>*</b> Generating and using Blowfish key sizes greater than 128 require installation of the
036     * <a href="http://java.sun.com/javase/downloads/index.jsp">Java Cryptography Extension (JCE) Unlimited Strength
037     * Jurisdiction Policy files</a>.
038     *
039     * @author Les Hazlewood
040     * @since 1.0
041     */
042    public class BlowfishCipherService extends DefaultBlockCipherService {
043    
044        private static final String ALGORITHM_NAME = "Blowfish";
045        private static final int BLOCK_SIZE = 64;
046    
047        /**
048         * Creates a new {@link CipherService} instance using the {@code Blowfish} cipher algorithm with the following
049         * important cipher default attributes:
050         * <table>
051         * <tr>
052         * <th>Attribute</th>
053         * <th>Value</th>
054         * </tr>
055         * <tr>
056         * <td>{@link #setKeySize keySize}</td>
057         * <td>{@code 128} bits</td>
058         * </tr>
059         * <tr>
060         * <td>{@link #setBlockSize blockSize}</td>
061         * <td>{@code 64} bits (required for {@code Blowfish})</td>
062         * </tr>
063         * <tr>
064         * <td>{@link #setMode mode}</td>
065         * <td>{@link OperationMode#CFB CFB}<b>*</b></td>
066         * </tr>
067         * <tr>
068         * <td>{@link #setPaddingScheme paddingScheme}</td>
069         * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
070         * </tr>
071         * <tr>
072         * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
073         * <td>{@code 64} bits</td>
074         * </tr>
075         * <tr>
076         * <td>{@link #setGenerateInitializationVectors(boolean) generateInitializationVectors}</td>
077         * <td>{@code true}<b>**</b></td>
078         * </tr>
079         * </table>
080         * <p/>
081         * <b>*</b> The {@link OperationMode#CFB CFB} operation mode is used instead of the JDK default {@code ECB} to
082         * ensure strong encryption.  {@code ECB} should not be used in security-sensitive environments - see the
083         * {@link DefaultBlockCipherService DefaultBlockCipherService} class JavaDoc's &quot;Operation Mode&quot; section
084         * for more.
085         * <p/>
086         * <b>**</b>In conjunction with the default {@code CFB} operation mode, initialization vectors are generated by
087         * default to ensure strong encryption.  See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
088         */
089        public BlowfishCipherService() {
090            super(ALGORITHM_NAME);
091            setInitializationVectorSize(BLOCK_SIZE); //like most block ciphers, the IV size is the same as the block size
092        }
093    }