| 
 | Oracle Security Developer Tools Crypto Java API Reference 11g (11.1.1) E10668-02 | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||
java.lang.Object
   oracle.security.crypto.fips.FIPS_140_2
oracle.security.crypto.fips.FIPS_140_2
public final class FIPS_140_2
Perfoms power-up and conditional self-tests, and manages error conditions, as mandated by the FIPS 140-2 specification.
When the crypto module is loaded, it is placed in the NOT_INITIALIZED state. When the power-up self-tests are begun, the state is set to TESTING. While the module is in either of these states, no cryptographic operations, including input or output, may be performed. User code attempting such actions will block until the power-up self-tests complete and the module is placed in either the READY state or one of several error states.
If any of the power-up self-tests fail, the module will be placed in an unrecoverable error state, and a ModuleStateException will be thrown. If all power-up self-tests complete successfully, the module state is set to READY and cryptographic operations may be performed.
The power-up self-tests may be invoked at any time by user code, if periodic re-testing is desired, via the selfTest(oracle.security.crypto.core.RandomBitsSource) method. If any of the power-up self-tests fails at a time subsequent to module load time, the module is set to an unrecoverable error state and a SelfTestException is thrown.
Conditional self-tests are run automatically during key pair generation and random number generation. If any of these tests fails, the module is set to a recoverable error state, and a SelfTestException is thrown. A recoverable error state may be cleared using the clearModuleState() method.
While the module is in an error state, if any attempt is made to perform a cryptographic operation, including input or output, a ModuleStateException is thrown.
ModuleState, selfTest(oracle.security.crypto.core.RandomBitsSource), assertReadyState(), getModuleState(), clearModuleState()| Method Summary | |
|---|---|
| static void | assertReadyState()Checks that the crypto module is in the READYstate. | 
| static void | clearModuleState()Resets the module state to NOT_INITIALIZED. | 
| static boolean | getAllowKeyExport()Returns trueif the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returnsfalse. | 
| static ModuleState | getModuleState()Returns a code indicating the current state of the cryptographic module. | 
| static void | powerUpSelfTest()Runs the full set of power-up self-tests if they have not yet been run; otherwise does nothing. | 
| static void | selfTest(RandomBitsSource rbs)Runs the full suite of power-up self-tests. | 
| static void | setAllowKeyExport(boolean value)Sets whether or not the plaintext export of private and symmetric key material is to be allowed for the Phaos Crypto module. | 
| static void | testKeyPair(DHPublicKey pubKey, DHPrivateKey privKey)Runs the Diffie-Hellman key generation pair-wise consistency test. | 
| static void | testKeyPair(DSAPublicKey pubKey, DSAPrivateKey privKey)Runs the DSA key-pair generation pair-wise consistency (sign/verify) test. | 
| static void | testKeyPair(RSAPublicKey pubKey, RSAPrivateKey privKey)Runs the RSA key-pair generation pair-wise consistency (encrypt/decrypt and sign/verify) tests. | 
| Methods inherited from class java.lang.Object | 
|---|
| clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait | 
| Method Detail | 
|---|
public static boolean getAllowKeyExport()
true if the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returns false.
This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.
The default value is false for the FIPS Approved edition of Phaos Crypto.
setAllowKeyExport(boolean)public static void setAllowKeyExport(boolean value)
This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.
The default value is false for the FIPS Approved edition of Phaos Crypto.
value - true if the plaintext export of private and symmetric key material will be allowed for the Phaos Crypto module; otherwise false.getAllowKeyExport()public static ModuleState getModuleState()
READY state before any cryptographic operation is performed.ModuleState class.public static void clearModuleState()
NOT_INITIALIZED. This method will fail, and throw an exception, if the module is currently in an unrecoverable error state or is in the process of running the self-tests. Once the module state has been cleared, the power-up self-tests must be run before any cryptographic operations may be performed.
An unrecoverable error state is one reached as a result of failure of one of the power-up self-tests, whether run unconditionally at module load time or, optionally, by user code at any subsequent time.
A recoverable error state is one reached as a result of failure of one of the conditional self-tests. These include the testKeyPair methods and the continuous random number generation tests in the RNGTest class.
ModuleStateException - If the module cannot be reset to the NOT_INITIALIZED state.public static void assertReadyState()
READY state. If it is not, an exception is thrown. The module must be in the READY state before any cryptographic operation is performed.ModuleStateException - If the module is not in the READY state.public static void powerUpSelfTest()
SelfTestException - If any of the tests fail.selfTest(oracle.security.crypto.core.RandomBitsSource)public static void selfTest(RandomBitsSource rbs)
The self-tests are:
If any of the self-tests fails, an exception is thrown and the module is placed in an error state. See getModuleState().
rbs - The RNG to be used to generate random values during the DSA, RSA and ECDSA tests.SelfTestException - If any of the tests fail.
public static void testKeyPair(DSAPublicKey pubKey,
                               DSAPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.
pubKey - The DSA public key to be tested.privKey - The DSA private key to be tested.SelfTestException - If the test fails.
public static void testKeyPair(RSAPublicKey pubKey,
                               RSAPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.
pubKey - The RSA public key to be tested.privKey - The RSA private key to be tested.SelfTestException - If the test fails.
public static void testKeyPair(DHPublicKey pubKey,
                               DHPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState.
pubKey - The Diffie-Hellman public key to be tested.privKey - The Diffie-Hellman private key to be tested.SelfTestException - If the test fails.| 
 | Oracle Security Developer Tools Crypto Java API Reference 11g (11.1.1) E10668-02 | ||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | ||||||||