1 /*
   2  * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package sun.security.provider;
  27 
  28 import sun.security.util.HexDumpEncoder;
  29 
  30 import java.util.Arrays;
  31 import java.util.Locale;
  32 
  33 public abstract class AbstractHashDrbg extends AbstractDrbg {
  34 
  35     private static final long serialVersionUID = 9L;
  36 
  37     protected int outLen;
  38     protected int seedLen;
  39 
  40     private static int alg2strength(String algorithm) {
  41         switch (algorithm.toUpperCase(Locale.ROOT)) {
  42             case "SHA-1":
  43                 return 128;
  44             case "SHA-224":
  45             case "SHA-512/224":
  46                 return 192;
  47             case "SHA-256":
  48             case "SHA-512/256":
  49             case "SHA-384":
  50             case "SHA-512":
  51                 return 256;
  52             default:
  53                 throw new IllegalArgumentException(algorithm +
  54                         " not supported in Hash_DBRG");
  55         }
  56     }
  57 
  58     protected void chooseAlgorithmAndStrength() {
  59         if (requestedAlgorithm != null) {
  60             algorithm = requestedAlgorithm.toUpperCase(Locale.ROOT);
  61             int supportedStrength = alg2strength(algorithm);
  62             if (requestedStrength >= 0) {
  63                 int tryStrength = getStandardStrength(requestedStrength);
  64                 if (tryStrength > supportedStrength) {
  65                     throw new IllegalArgumentException(
  66                             algorithm + " does not support strength " + requestedStrength);
  67                 }
  68                 this.strength = tryStrength;
  69             } else {
  70                 this.strength = defaultStrength > supportedStrength?
  71                         supportedStrength: defaultStrength;
  72             }
  73         } else {
  74             int tryStrength =
  75                     requestedStrength<0? defaultStrength: requestedStrength;
  76             tryStrength = getStandardStrength(tryStrength);
  77             // The default algorithm which is enough for all strengths.
  78             // Also described in comments of the "drbg" security property.
  79             algorithm = "SHA-256";
  80             this.strength = tryStrength;
  81         }
  82         switch (algorithm.toUpperCase(Locale.ROOT)) {
  83             case "SHA-1":
  84                 this.seedLen = 440/8;
  85                 this.outLen = 160/8;
  86                 break;
  87             case "SHA-224":
  88             case "SHA-512/224":
  89                 this.seedLen = 440/8;
  90                 this.outLen = 224/8;
  91                 break;
  92             case "SHA-256":
  93             case "SHA-512/256":
  94                 this.seedLen = 440/8;
  95                 this.outLen = 256/8;
  96                 break;
  97             case "SHA-384":
  98                 this.seedLen = 888/8;
  99                 this.outLen = 384/8;
 100                 break;
 101             case "SHA-512":
 102                 this.seedLen = 888/8;
 103                 this.outLen = 512/8;
 104                 break;
 105             default:
 106                 throw new IllegalArgumentException(algorithm +
 107                         " not supported in Hash_DBRG");
 108         }
 109         this.minLength = this.strength/8;
 110     }
 111 
 112     @Override
 113     public void instantiateAlgorithm(byte[] entropy) {
 114         byte[] seed = Arrays.copyOf(entropy, entropy.length + nonce.length +
 115                 (ps == null? 0: ps.length));
 116         System.arraycopy(nonce, 0, seed, entropy.length, nonce.length);
 117         if (ps != null) {
 118             System.arraycopy(ps, 0, seed, entropy.length + nonce.length,
 119                     ps.length);
 120         }
 121         hashReseedInternal(seed);
 122     }
 123 
 124     @Override
 125     protected void reseedAlgorithm(
 126             byte[] ei,
 127             byte[] additionalInput) {
 128         if (debug != null) {
 129             debug.println("reseedAlgorithm");
 130             debug.println(new HexDumpEncoder().encodeBuffer(ei));
 131             if (additionalInput != null) {
 132                 debug.println(new HexDumpEncoder().encodeBuffer(additionalInput));
 133             }
 134         }
 135         if (additionalInput != null) {
 136             ei = Arrays.copyOf(ei, ei.length + additionalInput.length);
 137             System.arraycopy(additionalInput, 0, ei,
 138                     ei.length - additionalInput.length, additionalInput.length);
 139         }
 140         hashReseedInternal(ei);
 141     }
 142 
 143     protected abstract void hashReseedInternal(byte[] seed);
 144 }