Back to index...

	/*
	* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
	*
	* This code is free software; you can redistribute it and/or modify it
	* under the terms of the GNU General Public License version 2 only, as
	* published by the Free Software Foundation. Oracle designates this
	* particular file as subject to the "Classpath" exception as provided
	* by Oracle in the LICENSE file that accompanied this code.
	*
	* This code is distributed in the hope that it will be useful, but WITHOUT
	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	* version 2 for more details (a copy is included in the LICENSE file that
	* accompanied this code).
	*
	* You should have received a copy of the GNU General Public License version
	* 2 along with this work; if not, write to the Free Software Foundation,
	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
	*
	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
	* or visit www.oracle.com if you need additional information or have any
	* questions.
	*/

	package sun.security.provider;

	import java.io.IOException;
	import java.security.AccessController;
	import java.security.DrbgParameters;
	import java.security.PrivilegedAction;
	import java.security.SecureRandomParameters;
	import java.security.SecureRandomSpi;
	import java.security.Security;
	import java.util.Locale;
	import static java.security.DrbgParameters.Capability.*;

	/**
	* Implement the "SecureRandom.DRBG" algorithm.
	*
	* About the default "securerandom.drbg.config" value:
	*
	* The default value in java.security is set to "". This is because
	* the default values of different aspects are dependent (For example,
	* strength depends on algorithm) and if we write a full string there
	* it will be difficult to modify one and keep all others legal.
	*
	* When changing default values, touch all places including:
	*
	* 1. comments of the security property in java.security
	* 2. Default mech, cap, usedf set in this class
	* 3. Default algorithm set in final implementation of each mech
	* 4. Default strength set in AbstractDrbg, but the effective
	* value can be smaller if an algorithm does not support it.
	*
	* The default value is also mentioned in the @implNote part of
	* {@link DrbgParameters} class.
	*/
	public final class DRBG extends SecureRandomSpi {

	private static final String PROP_NAME = "securerandom.drbg.config";

	private static final long serialVersionUID = 9L;

	private transient AbstractDrbg impl;

	/**
	* @serial
	*/
	private final MoreDrbgParameters mdp;

	public DRBG(SecureRandomParameters params) {

	// All parameters at unset status (null or -1).

	// Configurable with the "securerandom.drbg.config" security property
	String mech = null;
	Boolean usedf = null;
	String algorithm = null;

	// Default instantiate parameters also configurable with
	// "securerandom.drbg.config", and can be changed with params
	// in getInstance("drbg", params)
	int strength = -1;
	DrbgParameters.Capability cap = null;
	byte[] ps = null;

	// Not configurable with public interfaces, but is a part of
	// MoreDrbgParameters
	EntropySource es = null;
	byte[] nonce = null;

	// Can be configured with a security property

	String config = AccessController.doPrivileged((PrivilegedAction<String>)
	() -> Security.getProperty(PROP_NAME));

	if (config != null && !config.isEmpty()) {
	for (String part : config.split(",")) {
	part = part.trim();
	switch (part.toLowerCase(Locale.ROOT)) {
	case "":
	throw new IllegalArgumentException(
	"aspect in " + PROP_NAME + " cannot be empty");
	case "pr_and_reseed":
	checkTwice(cap != null, "capability");
	cap = PR_AND_RESEED;
	break;
	case "reseed_only":
	checkTwice(cap != null, "capability");
	cap = RESEED_ONLY;
	break;
	case "none":
	checkTwice(cap != null, "capability");
	cap = NONE;
	break;
	case "hash_drbg":
	case "hmac_drbg":
	case "ctr_drbg":
	checkTwice(mech != null, "mechanism name");
	mech = part;
	break;
	case "no_df":
	checkTwice(usedf != null, "usedf flag");
	usedf = false;
	break;
	case "use_df":
	checkTwice(usedf != null, "usedf flag");
	usedf = true;
	break;
	default:
	// For all other parts of the property, it is
	// either an algorithm name or a strength
	try {
	int tmp = Integer.parseInt(part);
	if (tmp < 0) {
	throw new IllegalArgumentException(
	"strength in " + PROP_NAME +
	" cannot be negative: " + part);
	}
	checkTwice(strength >= 0, "strength");
	strength = tmp;
	} catch (NumberFormatException e) {
	checkTwice(algorithm != null, "algorithm name");
	algorithm = part;
	}
	}
	}
	}

	// Can be updated by params

	if (params != null) {
	// MoreDrbgParameters is used for testing.
	if (params instanceof MoreDrbgParameters) {
	MoreDrbgParameters m = (MoreDrbgParameters) params;
	params = DrbgParameters.instantiation(m.strength,
	m.capability, m.personalizationString);

	// No need to check null for es and nonce, they are still null
	es = m.es;
	nonce = m.nonce;

	if (m.mech != null) {
	mech = m.mech;
	}
	if (m.algorithm != null) {
	algorithm = m.algorithm;
	}
	usedf = m.usedf;
	}
	if (params instanceof DrbgParameters.Instantiation) {
	DrbgParameters.Instantiation dp =
	(DrbgParameters.Instantiation) params;

	// ps is still null by now
	ps = dp.getPersonalizationString();

	int tmp = dp.getStrength();
	if (tmp != -1) {
	strength = tmp;
	}
	cap = dp.getCapability();
	} else {
	throw new IllegalArgumentException("Unsupported params: "
	+ params.getClass());
	}
	}

	// Hardcoded defaults.
	// Remember to sync with "securerandom.drbg.config" in java.security.

	if (cap == null) {
	cap = NONE;
	}
	if (mech == null) {
	mech = "Hash_DRBG";
	}
	if (usedf == null) {
	usedf = true;
	}

	mdp = new MoreDrbgParameters(
	es, mech, algorithm, nonce, usedf,
	DrbgParameters.instantiation(strength, cap, ps));

	createImpl();
	}

	private void createImpl() {
	switch (mdp.mech.toLowerCase(Locale.ROOT)) {
	case "hash_drbg":
	impl = new HashDrbg(mdp);
	break;
	case "hmac_drbg":
	impl = new HmacDrbg(mdp);
	break;
	case "ctr_drbg":
	impl = new CtrDrbg(mdp);
	break;
	default:
	throw new IllegalArgumentException("Unsupported mech: " + mdp.mech);
	}
	}

	@Override
	protected void engineSetSeed(byte[] seed) {
	impl.engineSetSeed(seed);
	}

	@Override
	protected void engineNextBytes(byte[] bytes) {
	impl.engineNextBytes(bytes);
	}

	@Override
	protected byte[] engineGenerateSeed(int numBytes) {
	return impl.engineGenerateSeed(numBytes);
	}

	@Override
	protected void engineNextBytes(
	byte[] bytes, SecureRandomParameters params) {
	impl.engineNextBytes(bytes, params);
	}

	@Override
	protected void engineReseed(SecureRandomParameters params) {
	impl.engineReseed(params);
	}

	@Override
	protected SecureRandomParameters engineGetParameters() {
	return impl.engineGetParameters();
	}

	@Override
	public String toString() {
	return impl.toString();
	}

	/**
	* Ensures an aspect is not set more than once.
	*
	* @param flag true if set more than once
	* @param name the name of aspect shown in IAE
	* @throws IllegalArgumentException if it happens
	*/
	private static void checkTwice(boolean flag, String name) {
	if (flag) {
	throw new IllegalArgumentException(name
	+ " cannot be provided more than once in " + PROP_NAME);
	}
	}

	private void readObject(java.io.ObjectInputStream s)
	throws IOException, ClassNotFoundException {
	s.defaultReadObject();
	if (mdp.mech == null) {
	throw new IllegalArgumentException("Input data is corrupted");
	}
	createImpl();
	}
	}

Back to index...