Skip navigation links

Oracle Fusion Middleware Crypto Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10668-03


oracle.security.crypto.fips
Class FIPS_140_2

java.lang.Object
  extended by oracle.security.crypto.fips.FIPS_140_2


public final class FIPS_140_2
extends java.lang.Object

Perfoms power-up and conditional self-tests, and manages error conditions, as mandated by the FIPS 140-2 specification.

When the crypto module is loaded, it is placed in the NOT_INITIALIZED state. When the power-up self-tests are begun, the state is set to TESTING. While the module is in either of these states, no cryptographic operations, including input or output, may be performed. User code attempting such actions will block until the power-up self-tests complete and the module is placed in either the READY state or one of several error states.

If any of the power-up self-tests fail, the module will be placed in an unrecoverable error state, and a ModuleStateException will be thrown. If all power-up self-tests complete successfully, the module state is set to READY and cryptographic operations may be performed.

The power-up self-tests may be invoked at any time by user code, if periodic re-testing is desired, via the selfTest(oracle.security.crypto.core.RandomBitsSource) method. If any of the power-up self-tests fails at a time subsequent to module load time, the module is set to an unrecoverable error state and a SelfTestException is thrown.

Conditional self-tests are run automatically during key pair generation and random number generation. If any of these tests fails, the module is set to a recoverable error state, and a SelfTestException is thrown. A recoverable error state may be cleared using the clearModuleState() method.

While the module is in an error state, if any attempt is made to perform a cryptographic operation, including input or output, a ModuleStateException is thrown.

Since:
3.0
See Also:
ModuleState, selfTest(oracle.security.crypto.core.RandomBitsSource), assertReadyState(), getModuleState(), clearModuleState()

Method Summary
static void assertReadyState()
          Checks that the crypto module is in the READY state.
static void clearModuleState()
          Resets the module state to NOT_INITIALIZED.
static boolean getAllowKeyExport()
          Returns true if the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returns false.
static ModuleState getModuleState()
          Returns a code indicating the current state of the cryptographic module.
static void powerUpSelfTest()
          Runs the full set of power-up self-tests if they have not yet been run; otherwise does nothing.
static void selfTest(RandomBitsSource rbs)
          Runs the full suite of power-up self-tests.
static void setAllowKeyExport(boolean value)
          Sets whether or not the plaintext export of private and symmetric key material is to be allowed for the Phaos Crypto module.
static void testKeyPair(DHPublicKey pubKey, DHPrivateKey privKey)
          Runs the Diffie-Hellman key generation pair-wise consistency test.
static void testKeyPair(DSAPublicKey pubKey, DSAPrivateKey privKey)
          Runs the DSA key-pair generation pair-wise consistency (sign/verify) test.
static void testKeyPair(RSAPublicKey pubKey, RSAPrivateKey privKey)
          Runs the RSA key-pair generation pair-wise consistency (encrypt/decrypt and sign/verify) tests.

 

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

 

Method Detail

getAllowKeyExport

public static boolean getAllowKeyExport()
Returns true if the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returns false.

This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.

The default value is false for the FIPS Approved edition of Phaos Crypto.

See Also:
setAllowKeyExport(boolean)

setAllowKeyExport

public static void setAllowKeyExport(boolean value)
Sets whether or not the plaintext export of private and symmetric key material is to be allowed for the Phaos Crypto module.

This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.

The default value is false for the FIPS Approved edition of Phaos Crypto.

Parameters:
value - true if the plaintext export of private and symmetric key material will be allowed for the Phaos Crypto module; otherwise false.
See Also:
getAllowKeyExport()

getModuleState

public static ModuleState getModuleState()
Returns a code indicating the current state of the cryptographic module. The module must be in the READY state before any cryptographic operation is performed.
Returns:
One of the state constants defined in the ModuleState class.

clearModuleState

public static void clearModuleState()
Resets the module state to NOT_INITIALIZED. This method will fail, and throw an exception, if the module is currently in an unrecoverable error state or is in the process of running the self-tests. Once the module state has been cleared, the power-up self-tests must be run before any cryptographic operations may be performed.

An unrecoverable error state is one reached as a result of failure of one of the power-up self-tests, whether run unconditionally at module load time or, optionally, by user code at any subsequent time.

A recoverable error state is one reached as a result of failure of one of the conditional self-tests. These include the testKeyPair methods and the continuous random number generation tests in the RNGTest class.

Throws:
ModuleStateException - If the module cannot be reset to the NOT_INITIALIZED state.

assertReadyState

public static void assertReadyState()
Checks that the crypto module is in the READY state. If it is not, an exception is thrown. The module must be in the READY state before any cryptographic operation is performed.
Throws:
ModuleStateException - If the module is not in the READY state.

powerUpSelfTest

public static void powerUpSelfTest()
Runs the full set of power-up self-tests if they have not yet been run; otherwise does nothing.
Throws:
SelfTestException - If any of the tests fail.
See Also:
selfTest(oracle.security.crypto.core.RandomBitsSource)

selfTest

public static void selfTest(RandomBitsSource rbs)
Runs the full suite of power-up self-tests. This method is automatically invoked unconditionally at module load time, and may be invoked optionally by user code at any time subsequently.

The self-tests are:

If any of the self-tests fails, an exception is thrown and the module is placed in an error state. See getModuleState().

Parameters:
rbs - The RNG to be used to generate random values during the DSA, RSA and ECDSA tests.
Throws:
SelfTestException - If any of the tests fail.

testKeyPair

public static void testKeyPair(DSAPublicKey pubKey,
                               DSAPrivateKey privKey)
Runs the DSA key-pair generation pair-wise consistency (sign/verify) test.

If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.

Parameters:
pubKey - The DSA public key to be tested.
privKey - The DSA private key to be tested.
Throws:
SelfTestException - If the test fails.

testKeyPair

public static void testKeyPair(RSAPublicKey pubKey,
                               RSAPrivateKey privKey)
Runs the RSA key-pair generation pair-wise consistency (encrypt/decrypt and sign/verify) tests.

If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.

Parameters:
pubKey - The RSA public key to be tested.
privKey - The RSA private key to be tested.
Throws:
SelfTestException - If the test fails.

testKeyPair

public static void testKeyPair(DHPublicKey pubKey,
                               DHPrivateKey privKey)
Runs the Diffie-Hellman key generation pair-wise consistency test. Not currently used by Phaos Crypto.

If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.

Parameters:
pubKey - The Diffie-Hellman public key to be tested.
privKey - The Diffie-Hellman private key to be tested.
Throws:
SelfTestException - If the test fails.

Skip navigation links

Oracle Fusion Middleware Crypto Java API Reference for Oracle Security Developer Tools
11g Release 1 (11.1.1)

E10668-03


Copyright © 2005, 2011 , Oracle. All rights reserved.