|
Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10696-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
oracle.security.crypto.fips.FIPS_140_2
public final class FIPS_140_2
Perfoms power-up and conditional self-tests, and manages error conditions, as mandated by the FIPS 140-2 specification.
When the crypto module is loaded, it is placed in the NOT_INITIALIZED
state. When the power-up self-tests are begun, the state is set to TESTING
. While the module is in either of these states, no cryptographic operations, including input or output, may be performed. User code attempting such actions will block until the power-up self-tests complete and the module is placed in either the READY
state or one of several error states.
If any of the power-up self-tests fail, the module will be placed in an unrecoverable error state, and a ModuleStateException
will be thrown. If all power-up self-tests complete successfully, the module state is set to READY
and cryptographic operations may be performed.
The power-up self-tests may be invoked at any time by user code, if periodic re-testing is desired, via the selfTest(oracle.security.crypto.core.RandomBitsSource)
method. If any of the power-up self-tests fails at a time subsequent to module load time, the module is set to an unrecoverable error state and a SelfTestException
is thrown.
Conditional self-tests are run automatically during key pair generation and random number generation. If any of these tests fails, the module is set to a recoverable error state, and a SelfTestException
is thrown. A recoverable error state may be cleared using the clearModuleState()
method.
While the module is in an error state, if any attempt is made to perform a cryptographic operation, including input or output, a ModuleStateException
is thrown.
ModuleState
, selfTest(oracle.security.crypto.core.RandomBitsSource)
, assertReadyState()
, getModuleState()
, clearModuleState()
Method Summary | |
---|---|
static void |
assertReadyState() Checks that the crypto module is in the READY state. |
static void |
clearModuleState() Resets the module state to NOT_INITIALIZED . |
static boolean |
getAllowKeyExport() Returns true if the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returns false . |
static ModuleState |
getModuleState() Returns a code indicating the current state of the cryptographic module. |
static void |
powerUpSelfTest() Runs the full set of power-up self-tests if they have not yet been run; otherwise does nothing. |
static void |
selfTest(RandomBitsSource rbs) Runs the full suite of power-up self-tests. |
static void |
setAllowKeyExport(boolean value) Sets whether or not the plaintext export of private and symmetric key material is to be allowed for the Phaos Crypto module. |
static void |
testKeyPair(DHPublicKey pubKey, DHPrivateKey privKey) Runs the Diffie-Hellman key generation pair-wise consistency test. |
static void |
testKeyPair(DSAPublicKey pubKey, DSAPrivateKey privKey) Runs the DSA key-pair generation pair-wise consistency (sign/verify) test. |
static void |
testKeyPair(RSAPublicKey pubKey, RSAPrivateKey privKey) Runs the RSA key-pair generation pair-wise consistency (encrypt/decrypt and sign/verify) tests. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Method Detail |
---|
public static boolean getAllowKeyExport()
true
if the plaintext export of private and symmetric key material is allowed for the Phaos Crypto module; otherwise returns false
.
This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.
The default value is false
for the FIPS Approved edition of Phaos Crypto.
setAllowKeyExport(boolean)
public static void setAllowKeyExport(boolean value)
This value, in conjunction with the export flag for an individual key object, is used to determine whether the unencrypted key bytes may be obtained or output.
The default value is false
for the FIPS Approved edition of Phaos Crypto.
value
- true
if the plaintext export of private and symmetric key material will be allowed for the Phaos Crypto module; otherwise false
.getAllowKeyExport()
public static ModuleState getModuleState()
READY
state before any cryptographic operation is performed.ModuleState
class.public static void clearModuleState()
NOT_INITIALIZED
. This method will fail, and throw an exception, if the module is currently in an unrecoverable error state or is in the process of running the self-tests. Once the module state has been cleared, the power-up self-tests
must be run before any cryptographic operations may be performed.
An unrecoverable error state is one reached as a result of failure of one of the power-up self-tests, whether run unconditionally at module load time or, optionally, by user code at any subsequent time.
A recoverable error state is one reached as a result of failure of one of the conditional self-tests. These include the testKeyPair
methods and the continuous random number generation tests in the RNGTest
class.
ModuleStateException
- If the module cannot be reset to the NOT_INITIALIZED
state.public static void assertReadyState()
READY
state. If it is not, an exception is thrown. The module must be in the READY
state before any cryptographic operation is performed.ModuleStateException
- If the module is not in the READY
state.public static void powerUpSelfTest()
SelfTestException
- If any of the tests fail.selfTest(oracle.security.crypto.core.RandomBitsSource)
public static void selfTest(RandomBitsSource rbs)
The self-tests are:
If any of the self-tests fails, an exception is thrown and the module is placed in an error state. See getModuleState()
.
rbs
- The RNG to be used to generate random values during the DSA, RSA and ECDSA tests.SelfTestException
- If any of the tests fail.public static void testKeyPair(DSAPublicKey pubKey, DSAPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState
.
pubKey
- The DSA public key to be tested.privKey
- The DSA private key to be tested.SelfTestException
- If the test fails.public static void testKeyPair(RSAPublicKey pubKey, RSAPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState
.
pubKey
- The RSA public key to be tested.privKey
- The RSA private key to be tested.SelfTestException
- If the test fails.public static void testKeyPair(DHPublicKey pubKey, DHPrivateKey privKey)
If the test fails, an exception will be thrown and the module will be set to an error state. See getModuleState
.
pubKey
- The Diffie-Hellman public key to be tested.privKey
- The Diffie-Hellman private key to be tested.SelfTestException
- If the test fails.
|
Oracle Fusion Middleware Crypto FIPS Java API Reference for Oracle Security Developer Tools 11g Release 1 (11.1.1) E10696-03 |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |