jdk Udiff test/java/security/SecureRandom/Serialize.java

test/java/security/SecureRandom/Serialize.java

rev 13987 : 8051408: NIST SP 800-90A SecureRandom implementations

@@ -29,18 +29,70 @@
 import java.security.*;
 import java.io.*;
 
 public class Serialize {
 
-    public static void main(String args[]) throws IOException {
+    public static void main(String args[]) throws Exception {
+        for (String alg: new String[]{
+                "SHA1PRNG", "DRBG", "Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) {
+            System.out.println("Testing " + alg);
 
-        FileOutputStream fos = new FileOutputStream("t.tmp");
-        ObjectOutputStream oos = new ObjectOutputStream(fos);
+            // Even unseeded object can be serialized and deserialized
+            SecureRandom s1 = getInstance(alg);
+            revive(s1).nextInt();
+            if (alg.contains("DRBG")) {
+                revive(s1).reseed();
+            }
+
+            // After seeded, deserialized object should emit same random data
+            s1 = getInstance(alg);
+            s1.nextInt();    // state set
+            SecureRandom s2 = revive(s1);
+            int n1 = s1.nextInt();
+            int n2 = s2.nextInt();
+            if (n1 != n2) {
+                throw new Exception();
+            }
 
-        SecureRandom secRandom = new SecureRandom();
+            // Or seeded with user-provided data
+            s1.setSeed(42);
+            s2.setSeed(42);
+            n1 = s1.nextInt();
+            n2 = s2.nextInt();
+            if (n1 != n2) {
+                throw new Exception();
+            }
+
+            // But not after automatic reseed
+            if (alg.contains("DRBG")) {
+                s1.reseed();
+                s2.reseed();
+                n1 = s1.nextInt();
+                n2 = s2.nextInt();
+                if (n1 == n2) {
+                    throw new Exception();
+                }
+            }
+        }
+    }
+
+    private static SecureRandom getInstance(String alg) throws Exception {
+        if (alg.equals("SHA1PRNG") || alg.equals("DRBG")) {
+            return SecureRandom.getInstance(alg);
+        } else {
+            String old = Security.getProperty("drbg");
+            try {
+                Security.setProperty("drbg", alg);
+                return SecureRandom.getInstance("DRBG");
+            } finally {
+                Security.setProperty("drbg", old);
+            }
+        }
+    }
 
-        // serialize and write out
-        oos.writeObject(secRandom);
-        oos.flush();
-        oos.close();
+    private static SecureRandom revive(SecureRandom sr) throws Exception {
+        ByteArrayOutputStream bout = new ByteArrayOutputStream();
+        new ObjectOutputStream(bout).writeObject(sr);
+        return (SecureRandom) new ObjectInputStream(
+                new ByteArrayInputStream(bout.toByteArray())).readObject();
     }
 }

< prev index next >