diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2013-05-09 08:34:22 +0400 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2013-05-09 08:34:22 +0400 |
| commit | 52dc49a781eb3c776cf3a7ee8a06da406353b021 (patch) | |
| tree | a6a117a9c1d15bfb586a4148b2fddb014d7acb4e | |
| parent | d0969ffb2bfe37f1152eb1a3a49aebe5ea6e170e (diff) | |
minor refactoring, changed BasicEntropySourceProvider to use generateSeed().
3 files changed, 35 insertions, 8 deletions
diff --git a/src/main/java/org/bouncycastle/crypto/prng/BasicEntropySourceProvider.java b/src/main/java/org/bouncycastle/crypto/prng/BasicEntropySourceProvider.java index 9a3a2d15..38527107 100644 --- a/src/main/java/org/bouncycastle/crypto/prng/BasicEntropySourceProvider.java +++ b/src/main/java/org/bouncycastle/crypto/prng/BasicEntropySourceProvider.java @@ -3,7 +3,7 @@ package org.bouncycastle.crypto.prng; import java.security.SecureRandom; /** - * An EntropySourceProvider where entropy generation is based on a SecureRandom. + * An EntropySourceProvider where entropy generation is based on a SecureRandom output using SecureRandom.generateSeed(). */ public class BasicEntropySourceProvider implements EntropySourceProvider @@ -41,11 +41,7 @@ public class BasicEntropySourceProvider public byte[] getEntropy() { - byte[] rv = new byte[bitsRequired / 8]; - - _sr.nextBytes(rv); - - return rv; + return _sr.generateSeed((bitsRequired + 7) / 8); } }; } diff --git a/src/main/java/org/bouncycastle/crypto/prng/HashSP800DRBG.java b/src/main/java/org/bouncycastle/crypto/prng/HashSP800DRBG.java index 45c87cd7..7d759e4e 100644 --- a/src/main/java/org/bouncycastle/crypto/prng/HashSP800DRBG.java +++ b/src/main/java/org/bouncycastle/crypto/prng/HashSP800DRBG.java @@ -52,6 +52,11 @@ public class HashSP800DRBG implements SP80090DRBG // 5. reseed_counter = 1.
// 6. Return V, C, and reseed_counter as the initial_working_state
+ if (personalisationString == null)
+ {
+ personalisationString = new byte[0];
+ }
+
byte[] entropy = entropySource.getEntropy();
byte[] seedMaterial = new byte[entropy.length + nonce.length + personalisationString.length];
diff --git a/src/main/java/org/bouncycastle/crypto/random/SP800SecureRandomBuilder.java b/src/main/java/org/bouncycastle/crypto/random/SP800SecureRandomBuilder.java index 6e7b50bb..10bd3505 100644 --- a/src/main/java/org/bouncycastle/crypto/random/SP800SecureRandomBuilder.java +++ b/src/main/java/org/bouncycastle/crypto/random/SP800SecureRandomBuilder.java @@ -58,7 +58,7 @@ public class SP800SecureRandomBuilder /** * Create a builder which makes creates the SecureRandom objects from a specified entropy source provider. * <p> - * <b>Note:</b> If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored. + * <b>Note:</b> If this constructor is used any calls to setSeed() in the resulting SecureRandom will be ignored. * </p> * @param entropySourceProvider a provider of EntropySource objects. */ @@ -68,6 +68,11 @@ public class SP800SecureRandomBuilder this.entropySourceProvider = entropySourceProvider; } + /** + * Set the personalization string for DRBG SecureRandoms created by this builder + * @param personalizationString the personalisation string for the underlying DRBG. + * @return the current builder. + */ public SP800SecureRandomBuilder setPersonalizationString(byte[] personalizationString) { this.personalizationString = personalizationString; @@ -75,6 +80,12 @@ public class SP800SecureRandomBuilder return this; } + /** + * Set the security strength required for DRBGs used in building SecureRandom objects. + * + * @param securityStrength the security strength (in bits) + * @return the current builder. + */ public SP800SecureRandomBuilder setSecurityStrength(int securityStrength) { this.securityStrength = securityStrength; @@ -82,6 +93,12 @@ public class SP800SecureRandomBuilder return this; } + /** + * Set the amount of entropy bits required for seeding and reseeding DRBGs used in building SecureRandom objects. + * + * @param entropyBitsRequired the number of bits of entropy to be requested from the entropy source on each seed/reseed. + * @return the current builder. + */ public SP800SecureRandomBuilder setEntropyBitsRequired(int entropyBitsRequired) { this.entropyBitsRequired = entropyBitsRequired; @@ -102,7 +119,16 @@ public class SP800SecureRandomBuilder return new SP800SecureRandom(random, entropySourceProvider.get(entropyBitsRequired), new HashDRBGProvider(digest, nonce, personalizationString, securityStrength), predictionResistant); } - public SP800SecureRandom build(BlockCipher cipher, int keySizeInBits, int seedLength, byte[] nonce, boolean predictionResistant) + /** + * Build a SecureRandom based on a SP 800-90A CTR DRBG. + * + * @param cipher the block cipher to base the DRBG on. + * @param keySizeInBits key size in bits to be used with the block cipher. + * @param nonce nonce value to use in DRBG construction. + * @param predictionResistant specify whether the underlying DRBG in the resulting SecureRandom should reseed on each request for bytes. + * @return a SecureRandom supported by a CTR DRBG. + */ + public SP800SecureRandom buildCTR(BlockCipher cipher, int keySizeInBits, byte[] nonce, boolean predictionResistant) { return new SP800SecureRandom(random, entropySourceProvider.get(entropyBitsRequired), new CTRDRBGProvider(cipher, keySizeInBits, nonce, personalizationString, securityStrength), predictionResistant); } |