1 /*
2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.security.provider;
27
28 import java.security.AccessController;
29 import java.security.DrbgParameters;
30 import java.security.PrivilegedAction;
31 import java.security.SecureRandomParameters;
32 import java.security.SecureRandomSpi;
33 import java.security.Security;
34 import java.util.Locale;
35 import static java.security.DrbgParameters.Capability.*;
36
37 /**
38 * Implement the "SecureRandom.DRBG" algorithm.
39 */
40 public final class DRBG extends SecureRandomSpi {
41
42 private static final long serialVersionUID = 9L;
43
44 private final AbstractDrbg impl;
45
46 public DRBG(SecureRandomParameters params) {
47
48 // All parameters at unset status (null or -1).
49
50 // Configurable with security property "drbg"
51 String mech = null;
52 Boolean usedf = null;
53 String algorithm = null;
54
55 // Default instantiate parameters configurable with "drbg",
56 // and can be changed with params in getInstance("drbg", params)
57 int strength = -1;
58 DrbgParameters.Capability cap = null;
59 byte[] ps = null;
60
61 // Not configurable with public interfaces, but is a part of
62 // MoreDrbgParameters
63 EntropySource es = null;
64 byte[] nonce = null;
65
66 // Can be configured with a security property
67
68 String config = AccessController.doPrivileged((PrivilegedAction<String>)
69 () -> Security.getProperty("drbg"));
70
71 if (config != null && !config.isEmpty()) {
72 for (String part: config.split(",")) {
73 part = part.trim();
74 switch (part.toLowerCase(Locale.ROOT)) {
75 case "":
76 throw new IllegalArgumentException(
77 "aspect in drbg cannot be empty");
78 case "pr_and_reseed":
79 checkTwice(cap != null, "capability");
80 cap = PR_AND_RESEED;
81 break;
82 case "reseed_only":
83 checkTwice(cap != null, "capability");
84 cap = RESEED_ONLY;
85 break;
86 case "none":
87 checkTwice(cap != null, "capability");
88 cap = NONE;
89 break;
90 case "hash_drbg":
91 case "hmac_drbg":
92 case "ctr_drbg":
93 checkTwice(mech != null, "mechanism name");
94 mech = part;
95 break;
96 case "no_df":
97 checkTwice(usedf != null, "usedf flag");
98 usedf = false;
99 break;
100 case "use_df":
101 checkTwice(usedf != null, "usedf flag");
102 usedf = true;
103 break;
104 default:
105 // For all other parts of the property, it is
106 // either an algorithm name or a strength
107 try {
108 checkTwice(strength >= 0, "strength");
109 strength = Integer.parseInt(part);
110 if (strength < 0) {
111 throw new IllegalArgumentException(
112 "strength in drbg cannot be negative");
113 }
114 } catch (NumberFormatException e) {
115 checkTwice(algorithm != null, "algorithm name");
116 algorithm = part;
117 }
118 }
119 }
120 }
121
122 // Can be updated by params
123
124 if (params != null) {
125 if (params instanceof MoreDrbgParameters) {
126 MoreDrbgParameters m = (MoreDrbgParameters)params;
127 params = m.config;
128
129 // No need to check null for es and nonce, they are still null
130 es = m.es;
131 nonce = m.nonce;
132
133 if (m.mech != null) {
134 mech = m.mech;
135 }
136 if (m.algorithm != null) {
137 algorithm = m.algorithm;
138 }
139 usedf = m.usedf;
140 }
141 if (params instanceof DrbgParameters.Instantiate) {
142 DrbgParameters.Instantiate dp =
143 (DrbgParameters.Instantiate) params;
144
145 // ps is still null by now
146 ps = dp.getPersonalizationString();
147
148 if (dp.getStrength() != -1) {
149 strength = dp.getStrength();
150 }
151 cap = dp.getCapability();
152 } else {
153 throw new IllegalArgumentException("Unsupported params");
154 }
155 }
156
157 // Hardcoded defaults. The info below is duplicated in comments
158 // of the "drbg" security property in java.security.
159
160 if (cap == null) {
161 cap = NONE;
162 }
163 if (mech == null) {
164 mech = "Hash_DRBG";
165 }
166 if (usedf == null) {
167 usedf = true;
168 }
169
170 MoreDrbgParameters m = new MoreDrbgParameters(
171 es, mech, algorithm, nonce, usedf,
172 DrbgParameters.instantiate(strength, cap, ps));
173
174 switch (mech.toLowerCase(Locale.ROOT)) {
175 case "hash_drbg":
176 impl = new HashDrbg(m);
177 break;
178 case "hmac_drbg":
179 impl = new HmacDrbg(m);
180 break;
181 case "ctr_drbg":
182 impl = new CtrDrbg(m);
183 break;
184 default:
185 throw new IllegalArgumentException("Unsupported mech");
186 }
187 }
188
189 @Override
190 protected void engineSetSeed(byte[] seed) {
191 impl.engineSetSeed(seed);
192 }
193
194 @Override
195 protected void engineNextBytes(byte[] bytes) {
196 impl.engineNextBytes(bytes);
197 }
198
199 @Override
200 protected byte[] engineGenerateSeed(int numBytes) {
201 return impl.engineGenerateSeed(numBytes);
202 }
203
204 @Override
205 protected void engineNextBytes(
206 byte[] bytes, SecureRandomParameters params) {
207 impl.engineNextBytes(bytes, params);
208 }
209
210 @Override
211 protected void engineReseed(SecureRandomParameters params) {
212 impl.engineReseed(params);
213 }
214
215 @Override
216 protected SecureRandomParameters engineGetParameters() {
217 return impl.engineGetParameters();
218 }
219
220 @Override
221 public String toString() {
222 return impl.toString();
223 }
224
225 /**
226 * Ensures an aspect is not set more than once.
227 *
228 * @param flag true if set more than once
229 * @param name the name of aspect shown in IAE
230 * @throws IllegalArgumentException if it happens
231 */
232 private static void checkTwice(boolean flag, String name) {
233 if (flag) {
234 throw new IllegalArgumentException(name
235 + " cannot be provided more than once in drbg");
236 }
237 }
238 }