1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module hunt.shiro.crypto.AesCipherService; 20 21 import hunt.shiro.crypto.DefaultBlockCipherService; 22 23 /** 24 * {@code CipherService} using the {@code AES} cipher algorithm for all encryption, decryption, and key operations. 25 * <p/> 26 * The AES algorithm can support key sizes of {@code 128}, {@code 192} and {@code 256} bits<b>*</b>. This implementation 27 * defaults to 128 bits. 28 * <p/> 29 * Note that this class retains the parent class's default {@link OperationMode#CBC CBC} mode of operation 30 * instead of the typical JDK default of {@link OperationMode#ECB ECB}. {@code ECB} should not be used in 31 * security-sensitive environments because {@code ECB} does not allow for initialization vectors, which are 32 * considered necessary for strong encryption. See the {@link DefaultBlockCipherService parent class}'s JavaDoc and the 33 * {@link JcaCipherService JcaCipherService} JavaDoc for more on why the JDK default should not be used and is not 34 * used in this implementation. 35 * <p/> 36 * <b>*</b> Generating and using AES key sizes greater than 128 require installation of the 37 * <a href="http://java.sun.com/javase/downloads/index.jsp">Java Cryptography Extension (JCE) Unlimited Strength 38 * Jurisdiction Policy files</a>. 39 * 40 * @since 1.0 41 */ 42 class AesCipherService : DefaultBlockCipherService { 43 44 private enum string ALGORITHM_NAME = "AES"; 45 46 /** 47 * Creates a new {@link CipherService} instance using the {@code AES} cipher algorithm with the following 48 * important cipher default attributes: 49 * <table> 50 * <tr> 51 * <th>Attribute</th> 52 * <th>Value</th> 53 * </tr> 54 * <tr> 55 * <td>{@link #setKeySize keySize}</td> 56 * <td>{@code 128} bits</td> 57 * </tr> 58 * <tr> 59 * <td>{@link #setBlockSize blockSize}</td> 60 * <td>{@code 128} bits (required for {@code AES}</td> 61 * </tr> 62 * <tr> 63 * <td>{@link #setMode mode}</td> 64 * <td>{@link OperationMode#CBC CBC}<b>*</b></td> 65 * </tr> 66 * <tr> 67 * <td>{@link #setPaddingScheme paddingScheme}</td> 68 * <td>{@link PaddingScheme#PKCS5 PKCS5}</td> 69 * </tr> 70 * <tr> 71 * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td> 72 * <td>{@code 128} bits</td> 73 * </tr> 74 * <tr> 75 * <td>{@link #setGenerateInitializationVectors(boolean) generateInitializationVectors}</td> 76 * <td>{@code true}<b>**</b></td> 77 * </tr> 78 * </table> 79 * <p/> 80 * <b>*</b> The {@link OperationMode#CBC CBC} operation mode is used instead of the JDK default {@code ECB} to 81 * ensure strong encryption. {@code ECB} should not be used in security-sensitive environments - see the 82 * {@link DefaultBlockCipherService DefaultBlockCipherService} class JavaDoc's "Operation Mode" section 83 * for more. 84 * <p/> 85 * <b>**</b>In conjunction with the default {@code CBC} operation mode, initialization vectors are generated by 86 * default to ensure strong encryption. See the {@link JcaCipherService JcaCipherService} class JavaDoc for more. 87 */ 88 this() { 89 super(ALGORITHM_NAME); 90 } 91 92 }