com.rsa.jsafe.CryptoJ
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Object
This is the Crypto-J "master class." It keeps the version number and enables FIPS-related self-testing on a FIPS-validated version of the toolkit.
CryptoJ has methods to allow the user run the FIPS-required power-up self-tests on demand and get their status, methods to set and query the user role, and methods to get and set the library to fips or non-fips mode. These methods are not available on a non-fips library.
The FIPS version of CryptoJ executes power-up self-tests automatically
upon startup and conditional tests at runtime. Upon startup failure, the
the toolkit enters a FAILED state preventing further operation.
See Overview of Crypto-J for background and reference material on using and understanding Crypto-J.
Copyright © RSA Security Inc., 1997-2004. All rights reserved.
| Field Summary | |
static String |
CRYPTO_J_VERSION
The current version of Crypto-J. |
static int |
CRYPTO_OFFICER_ROLE
Denotes the Crypto Officer role. |
static int |
FAILED
Indicates that the toolkit failed verification; a powerup or a conditional self test has failed. |
static int |
FIPS_MODE
Indicates that the tookit is running in FIPS mode. |
static int |
FIPS_TESTING_MODE
Indicates that the toolkit is running in FIPS testing mode. |
static int |
NON_FIPS_MODE
Indicates that the toolkit is running in non-FIPS mode. |
static int |
NOT_INITIALIZED
Indicates that the tookit has not been verified |
static int |
OPERATIONAL
Indicates that the toolkit passed verification. |
static byte[] |
savedQBytes
saved Q bytes for testing a fips 186 random and acts as a flag |
static byte[] |
savedXKEYBytes
saved XKEY bytes for testing a fips 186 random and acts as a flag |
static int |
UNDER_SELF_TEST
Indicates that the toolkit is under self test |
static int |
USER_ROLE
Denotes the normal user role. |
| Method Summary | |
static void |
fips186RandomClearQ(SecureRandom random)
Resets the prime Q to its default value. |
static void |
fips186RandomClearXKEY(SecureRandom random)
Clears the the interal state of the random. |
static void |
fips186RandomSetQ(SecureRandom random,
byte[] qBytes)
Sets the prime Q to the given value. |
static void |
fips186RandomSetXKEY(SecureRandom random,
byte[] XKEYBytes)
Sets the internal seed of the random to the given value. |
static CryptoJ |
getInstance()
A factory method that gets a CryptoJ instance. |
static int |
getMode()
Returns the mode, either FIPS or NON-FIPS. |
static int |
getRole()
Returns the user role. |
static SecureRandom |
getSeeder()
Returns the global seed generator. |
static int |
getState()
Queries the toolkit execution state on a FIPS-validated toolkit. |
static boolean |
isFIPS140Compliant()
Indicates whether this toolkit is FIPS 140-2 compliant. |
static void |
main(String[] args)
This main method prints the version number on a non-FIPS toolkit and runs run any or all of the known answer tests used in power-up self-testing on a FIPS validated toolkit. |
static boolean |
runSelfTests()
Runs the FIPS 140 required power-up self-tests on demand. |
static boolean |
selfTestPassed()
Retrieves the results of last execution of the power-up self-tests. |
static void |
setMode(int newMode)
Sets the FIPS mode to newMode. |
static void |
setRole(int newRole)
Sets the user mode to |
| Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
public static final String CRYPTO_J_VERSION
public static final int NOT_INITIALIZED
public static final int UNDER_SELF_TEST
public static final int OPERATIONAL
public static final int FAILED
public static final int FIPS_MODE
public static final int NON_FIPS_MODE
public static final int FIPS_TESTING_MODE
public static final int CRYPTO_OFFICER_ROLE
public static final int USER_ROLE
public static byte[] savedQBytes
public static byte[] savedXKEYBytes
| Method Detail |
public static CryptoJ getInstance()
public static SecureRandom getSeeder()
This method is a convenience for users that may need to rely on autoseeding. It allows access to the library's shared seed generation object. Crypto-J keeps a globaly shared SecureRandom of the default provider from which it extracts seed bytes in order to seed other random number generators. These bytes are computed using the seed generation algorithm that this class of teh default provider uses to seed itself. The caller may add entropy to this object or trigger autoseeding at a time convenient to the application.
public static final boolean isFIPS140Compliant()
There is no enforcement of algorithm selection on FIPS_MODE,
the caller is resposible for choosing the proper algorithms.
true if this is a FIPS 140-2 compliant library; otherwise, false.getState(),
getMode(),
setMode(int),
getRole(),
setRole(int),
selfTestPassed(),
runSelfTests()public static int getState()
NOT_INITIALIZED,
UNDER_SELF_TEST, OPERATIONAL, or FAILED.isFIPS140Compliant()public static int getMode()
FIPS_MODE or NON_FIPS_MODE.isFIPS140Compliant(),
setMode(int)
public static void setMode(int newMode)
throws JSAFE_InvalidUseException
FIPS_MODE or NON_FIPS_MODE and the library
must be a FIPS validated library. There is no enforcement of algorithm selection on
FIPS_MODE, the caller is resposible for choosing the proper
algorithms.
newMode - The desired mode, FIPS_MODE or NON_FIPS_MODE
JSAFE_InvalidUseException - If newMode is not an allowed value
or the library is not a FIPS-compliant library.isFIPS140Compliant(),
getMode()public static int getRole()
USER_ROLE or CRYPTO_OFFICER_ROLE.isFIPS140Compliant(),
setRole(int)
public static void setRole(int newRole)
throws JSAFE_InvalidUseException
newRole.
For use with a FIPS-validated toolkit.
newRole - The desired role, USER_ROLE or CRYPTO_OFFICER_ROLE.
JSAFE_InvalidUseException - If newRode is not an allowed value
or the library is not a FIPS-compliant library.isFIPS140Compliant(),
getRole()public static boolean selfTestPassed()
true if all the self-tests passed; otherwise, false.isFIPS140Compliant()
public static boolean runSelfTests()
throws JSAFE_InvalidUseException
These tests consist of the algorithm known answer tests plus pairwise consisency checks on DSA and RSA key pair generation.
true if all the self-tests passed; otherwise, false.
JSAFE_InvalidUseExceptionisFIPS140Compliant(),
selfTestPassed()public static void fips186RandomClearQ(SecureRandom random)
This method is for use in CRYPTO_OFFICER_ROLE
when running the FIPS RNG validation suite.
random - a FIPS 186 random to testpublic static void fips186RandomSetQ(SecureRandom random, byte[] qBytes)
This method is for use in CRYPTO_OFFICER_ROLE
when running the FIPS RNG validation suite.
random - a FIPS 186 random to testqBytes - the value for Qpublic static void fips186RandomClearXKEY(SecureRandom random)
This method is for use in the CRYPTO_OFFICER_ROLE
when running the FIPS RNG validation suite.
random - a FIPS 186 random to testpublic static void fips186RandomSetXKEY(SecureRandom random, byte[] XKEYBytes)
This method is for use in CRYPTO_OFFICER_ROLE
when running the FIPS RNG validation suite. Neither the JCE
nor the JSAFE API provide a method to set the internal seed
of the random. This method allows a NIST RNG
validation test to set the initial test of the random in a
uniform fashion across the JSAFE and JCE API.
random - a FIPS 186 random to testXKEYBytes - array containing the XKEY bytes to save.public static void main(String[] args)
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||