001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements. See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership. The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License. You may obtain a copy of the License at
009 *
010 * http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied. See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019 package org.apache.shiro.crypto;
020
021 /**
022 * A cipher <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">mode of operation</a>
023 * directs a cipher algorithm how to convert data during the encryption or decryption process. This enum represents
024 * all JDK-standard Cipher operation mode names as defined in
025 * <a href="http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html">JDK Security Standard
026 * Names</a>, as well as a few more that are well-known and supported by other JCA Providers.
027 * <p/>
028 * This {@code enum} exists to provide Shiro end-users type-safety when declaring an operation mode. This helps reduce
029 * error by providing a compile-time mechanism to specify a mode and guarantees a valid name that will be
030 * recognized by an underlying JCA Provider.
031 * <h2>Standard or Non-Standard?</h2>
032 * All modes listed specify whether they are a JDK standard mode or a non-standard mode. Standard modes are included
033 * in all JDK distributions. Non-standard modes can
034 * sometimes result in better performance or more secure output, but may not be available on the target JDK
035 * platform and rely on an external JCA Provider to be installed. Some providers
036 * (like <a href="http://www.bouncycastle.org">Bouncy Castle</a>) may support these modes however.
037 *
038 * @author Les Hazlewood
039 * @see <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation">Block Cipher Modes of Operation<a/>
040 * @since 1.0
041 */
042 public enum OperationMode {
043
044 /**
045 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher-block_chaining_.28CBC.29">
046 * Cipher-block Chaining</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS
047 * PUB 81</a>.
048 * <p/>
049 * This is a standard JDK operation mode and should be supported by all JDK environments.
050 */
051 CBC,
052
053 /**
054 * <a href="http://en.wikipedia.org/wiki/CCM_mode">Counter with CBC-MAC</a> mode<b>*</b> - for block ciphers with
055 * 128 bit block-size only. See <a href="http://www.ietf.org/rfc/rfc3610.txt">RFC 3610</a> for AES Ciphers.
056 * This mode has essentially been replaced by the more-capable {@link #EAX EAX} mode.
057 * <p/>
058 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must
059 * ensure you have a JCA Provider that can support this cipher operation mode.
060 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
061 */
062 CCM,
063
064 /**
065 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Cipher_feedback_.28CFB.29">Cipher
066 * Feedback<a/> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
067 * <p/>
068 * This is a standard JDK operation mode and should be supported by all JDK environments.
069 */
070 CFB,
071
072 /**
073 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Counter_.28CTR.29">Counter Mode</a>, aka
074 * Integer Counter Mode (ICM) and Segmented Integer Counter (SIC). Counter is a simplification of {@link #OFB OFB}
075 * and updates the input block as a counter.
076 * <p/>
077 * This is a standard JDK operation mode and should be supported by all JDK environments.
078 */
079 CTR,
080
081 /**
082 * <a href="http://en.wikipedia.org/wiki/EAX_mode">EAX Mode</a><b>*</b>. This is a patent-free but less-effecient
083 * alternative to {@link #OCB OCB} and has capabilities beyond what {@link #CCM CCM} can provide.
084 * <p/>
085 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must
086 * ensure you have a JCA Provider that can support this cipher operation mode.
087 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
088 */
089 EAX,
090
091 /**
092 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Electronic_codebook_.28ECB.29">Electronic
093 * Codebook</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
094 * ECB is the only mode that does <em>not</em> require an Initialization Vector, but because of this, can be seen
095 * as less secure than operation modes that require an IV.
096 * <p/>
097 * This is a standard JDK operation mode and should be supported by all JDK environments.
098 */
099 ECB,
100
101 /**
102 * <a href="http://en.wikipedia.org/wiki/GCM_mode">Galois/Counter</a> mode<b>*</b> - for block ciphers with 128
103 * bit block-size only.
104 * <p/>
105 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must
106 * ensure you have a JCA Provider that can support this cipher operation mode.
107 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
108 */
109 GCM,
110
111 /**
112 * No mode.
113 * <p/>
114 * This is a standard JDK operation mode and should be supported by all JDK environments.
115 */
116 NONE,
117
118 /**
119 * <a href="http://en.wikipedia.org/wiki/OCB_mode">Offset Codebook</a> mode<b>*</b>. Parallel mode that provides
120 * both message privacy and authenticity in a single pass. This is a very efficient mode, but is patent-encumbered.
121 * A less-efficient (two pass) alternative is available by using {@link #EAX EAX} mode.
122 * <p/>
123 * <b>*THIS IS A NON-STANDARD MODE</b>. It is not guaranteed to be supported across JDK installations. You must
124 * ensure you have a JCA Provider that can support this cipher operation mode.
125 * <a href="http://www.bouncycastle.org">Bouncy Castle</a> <em>may</em> be one such provider.
126 */
127 OCB,
128
129 /**
130 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Output_feedback_.28OFB.29">Output
131 * Feedback</a> mode, defined in <a href="http://csrc.nist.gov/publications/fips/index.html">FIPS PUB 81</a>.
132 * <p/>
133 * This is a standard JDK operation mode and should be supported by all JDK environments.
134 */
135 OFB,
136
137 /**
138 * <a href="http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation#Propagating_cipher-block_chaining_.28PCBC.29">
139 * Propagating Cipher Block Chaining</a> mode, defined in <a href="http://web.mit.edu/kerberos/">Kerberos version 4<a/>.
140 * <p/>
141 * This is a standard JDK operation mode and should be supported by all JDK environments.
142 */
143 PCBC
144 }