1 /* 2 * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package java.security; 27 28 import java.util.*; 29 import java.util.regex.*; 30 31 import java.security.Provider.Service; 32 33 import sun.security.jca.*; 34 import sun.security.jca.GetInstance.Instance; 35 import sun.security.util.Debug; 36 37 /** 38 * This class provides a cryptographically strong random number 39 * generator (RNG). 40 * 41 * <p>A cryptographically strong random number 42 * minimally complies with the statistical random number generator tests 43 * specified in 44 * <a href="http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf"> 45 * <i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>, 46 * section 4.9.1. 47 * Additionally, {@code SecureRandom} must produce non-deterministic output. 48 * Therefore any seed material passed to a {@code SecureRandom} object must be 49 * unpredictable, and all {@code SecureRandom} output sequences must be 50 * cryptographically strong, as described in 51 * <a href="http://tools.ietf.org/html/rfc4086"> 52 * <i>RFC 4086: Randomness Requirements for Security</i></a>. 53 * 54 * <p> Many {@code SecureRandom} implementations are in the form of a pseudo-random 55 * number generator (PRNG, also known as deterministic random bits generator 56 * or DRBG), which means they use a deterministic algorithm 57 * to produce a pseudo-random sequence from a random seed. 58 * Other implementations may produce true random numbers, 59 * and yet others may use a combination of both techniques. 60 * 61 * <p>A caller obtains a {@code SecureRandom} instance via the 62 * no-argument constructor or one of the {@code getInstance} methods. 63 * For example: 64 * 65 * <blockquote><pre> 66 * SecureRandom r1 = new SecureRandom(); 67 * SecureRandom r2 = SecureRandom.getInstance("NativePRNG"); 68 * SecureRandom r3 = SecureRandom("DRBG", 69 * DrbgParameters.Instantiate(128, RESEED_ONLY, null)); 70 * </pre></blockquote> 71 * 72 * <p> The third statement above returns a {@code SecureRandom} object of the 73 * specific algorithm supporting the specific instantiate parameters. 74 * The effective instantiate parameters used in the instantiation must match 75 * this minimum request but is not necessarily the same. For example, 76 * even if the request does not require a certain feature, the actual 77 * instantiation can provide the feature. An implementation may lazily 78 * instantiate a {@code SecureRandom} until it's actually used, but the effective 79 * instantiate parameters must be determined at the beginning and returned by 80 * {@link #getParameters()} unchanged. 81 * 82 * <p> Typical callers of {@code SecureRandom} invoke the following methods 83 * to retrieve random bytes: 84 * 85 * <blockquote><pre> 86 * SecureRandom random = new SecureRandom(); 87 * byte[] bytes = new byte[20]; 88 * random.nextBytes(bytes); 89 * </pre></blockquote> 90 * 91 * <p> Callers may also invoke the {@link #generateSeed} method 92 * to generate a given number of seed bytes (to seed other random number 93 * generators, for example): 94 * 95 * <blockquote><pre> 96 * byte[] seed = random.generateSeed(20); 97 * </pre></blockquote> 98 * 99 * <p> A newly created PRNG {@code SecureRandom} object is not seeded (except if 100 * it is created by {@link #SecureRandom(byte[])}). The first call to 101 * {@code nextBytes} will force it to seed itself from an implementation- 102 * specific entropy source. This self-seeding will not occur if {@code setSeed} 103 * was previously called. 104 * 105 * <p> A {@code SecureRandom} can be reseeded at any time by calling the 106 * {@code reseed} or {@code setSeed} method. The {@code reseed} method 107 * reads entropy input from its entropy source to reseed itself. 108 * The {@code setSeed} method requires the caller to provide the seed. 109 * 110 * <p> Please note that {@code reseed} is not always supported. 111 * 112 * <p> Some {@code SecureRandom} implementations may accept a 113 * {@link SecureRandomParameters} parameter in its 114 * {@link #nextBytes(byte[], SecureRandomParameters)} and 115 * {@link #reseed(SecureRandomParameters)} methods to further 116 * control the behavior of the methods. 117 * 118 * <p> Note: Depending on the implementation, the {@code generateSeed}, 119 * {@code reseed} and {@code nextBytes} methods may block as entropy is being 120 * gathered, for example, if the entropy source is /dev/random on various 121 * Unix-like operating systems. 122 * 123 * @see java.security.SecureRandomSpi 124 * @see java.util.Random 125 * 126 * @author Benjamin Renaud 127 * @author Josh Bloch 128 */ 129 130 public class SecureRandom extends java.util.Random { 131 132 private static final Debug pdebug = 133 Debug.getInstance("provider", "Provider"); 134 private static final boolean skipDebug = 135 Debug.isOn("engine=") && !Debug.isOn("securerandom"); 136 137 /** 138 * The provider. 139 * 140 * @serial 141 * @since 1.2 142 */ 143 private Provider provider = null; 144 145 /** 146 * The provider implementation. 147 * 148 * @serial 149 * @since 1.2 150 */ 151 private SecureRandomSpi secureRandomSpi = null; 152 153 /* 154 * The algorithm name of null if unknown. 155 * 156 * @serial 157 * @since 1.5 158 */ 159 private String algorithm; 160 161 // Seed Generator 162 private static volatile SecureRandom seedGenerator; 163 164 /** 165 * Constructs a secure random number generator (RNG) implementing the 166 * default random number algorithm. 167 * 168 * <p> This constructor traverses the list of registered security Providers, 169 * starting with the most preferred Provider. 170 * A new {@code SecureRandom} object encapsulating the 171 * {@code SecureRandomSpi} implementation from the first 172 * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned. 173 * If none of the Providers support a RNG algorithm, 174 * then an implementation-specific default is returned. 175 * 176 * <p> Note that the list of registered providers may be retrieved via 177 * the {@link Security#getProviders() Security.getProviders()} method. 178 * 179 * <p> See the {@code SecureRandom} section in the <a href= 180 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 181 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 182 * for information about standard RNG algorithm names. 183 */ 184 public SecureRandom() { 185 /* 186 * This call to our superclass constructor will result in a call 187 * to our own {@code setSeed} method, which will return 188 * immediately when it is passed zero. 189 */ 190 super(0); 191 getDefaultPRNG(false, null); 192 } 193 194 /** 195 * Constructs a secure random number generator (RNG) implementing the 196 * default random number algorithm. 197 * The {@code SecureRandom} instance is seeded with the specified seed bytes. 198 * 199 * <p> This constructor traverses the list of registered security Providers, 200 * starting with the most preferred Provider. 201 * A new {@code SecureRandom} object encapsulating the 202 * {@code SecureRandomSpi} implementation from the first 203 * Provider that supports a {@code SecureRandom} (RNG) algorithm is returned. 204 * If none of the Providers support a RNG algorithm, 205 * then an implementation-specific default is returned. 206 * 207 * <p> Note that the list of registered providers may be retrieved via 208 * the {@link Security#getProviders() Security.getProviders()} method. 209 * 210 * <p> See the {@code SecureRandom} section in the <a href= 211 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 212 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 213 * for information about standard RNG algorithm names. 214 * 215 * @param seed the seed. 216 */ 217 public SecureRandom(byte[] seed) { 218 super(0); 219 getDefaultPRNG(true, seed); 220 } 221 222 private void getDefaultPRNG(boolean setSeed, byte[] seed) { 223 String prng = getPrngAlgorithm(); 224 if (prng == null) { 225 // bummer, get the SUN implementation 226 prng = "SHA1PRNG"; 227 this.secureRandomSpi = new sun.security.provider.SecureRandom(); 228 this.provider = Providers.getSunProvider(); 229 if (setSeed) { 230 this.setSeed(seed); 231 } 232 } else { 233 try { 234 SecureRandom random = SecureRandom.getInstance(prng); 235 this.secureRandomSpi = random.getSecureRandomSpi(); 236 this.provider = random.getProvider(); 237 if (setSeed) { 238 this.setSeed(seed); 239 } 240 } catch (NoSuchAlgorithmException nsae) { 241 // never happens, because we made sure the algorithm exists 242 throw new RuntimeException(nsae); 243 } 244 } 245 // JDK 1.1 based implementations subclass SecureRandom instead of 246 // SecureRandomSpi. They will also go through this code path because 247 // they must call a SecureRandom constructor as it is their superclass. 248 // If we are dealing with such an implementation, do not set the 249 // algorithm value as it would be inaccurate. 250 if (getClass() == SecureRandom.class) { 251 this.algorithm = prng; 252 } 253 } 254 255 /** 256 * Creates a {@code SecureRandom} object. 257 * 258 * @param secureRandomSpi the {@code SecureRandom} implementation. 259 * @param provider the provider. 260 */ 261 protected SecureRandom(SecureRandomSpi secureRandomSpi, 262 Provider provider) { 263 this(secureRandomSpi, provider, null); 264 } 265 266 private SecureRandom(SecureRandomSpi secureRandomSpi, Provider provider, 267 String algorithm) { 268 super(0); 269 this.secureRandomSpi = secureRandomSpi; 270 this.provider = provider; 271 this.algorithm = algorithm; 272 273 if (!skipDebug && pdebug != null) { 274 pdebug.println("SecureRandom." + algorithm + 275 " algorithm from: " + this.provider.getName()); 276 } 277 } 278 279 /** 280 * Returns a {@code SecureRandom} object that implements the specified 281 * Random Number Generator (RNG) algorithm. 282 * 283 * <p> This method traverses the list of registered security Providers, 284 * starting with the most preferred Provider. 285 * A new {@code SecureRandom} object encapsulating the 286 * {@code SecureRandomSpi} implementation from the first 287 * Provider that supports the specified algorithm is returned. 288 * 289 * <p> Note that the list of registered providers may be retrieved via 290 * the {@link Security#getProviders() Security.getProviders()} method. 291 * 292 * @implNote 293 * The JDK Reference Implementation additionally uses the 294 * {@code jdk.security.provider.preferred} 295 * {@link Security#getProperty(String) Security} property to determine 296 * the preferred provider order for the specified algorithm. This 297 * may be different than the order of providers returned by 298 * {@link Security#getProviders() Security.getProviders()}. 299 * 300 * @param algorithm the name of the RNG algorithm. 301 * See the {@code SecureRandom} section in the <a href= 302 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 303 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 304 * for information about standard RNG algorithm names. 305 * 306 * @return the new {@code SecureRandom} object. 307 * 308 * @exception NoSuchAlgorithmException if no Provider supports a 309 * {@code SecureRandomSpi} implementation for the 310 * specified algorithm. 311 * 312 * @see Provider 313 * 314 * @since 1.2 315 */ 316 public static SecureRandom getInstance(String algorithm) 317 throws NoSuchAlgorithmException { 318 Instance instance = GetInstance.getInstance("SecureRandom", 319 SecureRandomSpi.class, algorithm); 320 return new SecureRandom((SecureRandomSpi)instance.impl, 321 instance.provider, algorithm); 322 } 323 324 /** 325 * Returns a {@code SecureRandom} object that implements the specified 326 * Random Number Generator (RNG) algorithm. 327 * 328 * <p> A new {@code SecureRandom} object encapsulating the 329 * {@code SecureRandomSpi} implementation from the specified provider 330 * is returned. The specified provider must be registered 331 * in the security provider list. 332 * 333 * <p> Note that the list of registered providers may be retrieved via 334 * the {@link Security#getProviders() Security.getProviders()} method. 335 * 336 * @param algorithm the name of the RNG algorithm. 337 * See the {@code SecureRandom} section in the <a href= 338 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 339 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 340 * for information about standard RNG algorithm names. 341 * 342 * @param provider the name of the provider. 343 * 344 * @return the new {@code SecureRandom} object. 345 * 346 * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi} 347 * implementation for the specified algorithm is not 348 * available from the specified provider. 349 * 350 * @throws NoSuchProviderException if the specified provider is not 351 * registered in the security provider list. 352 * 353 * @throws IllegalArgumentException if the provider name is null 354 * or empty. 355 * 356 * @see Provider 357 * 358 * @since 1.2 359 */ 360 public static SecureRandom getInstance(String algorithm, String provider) 361 throws NoSuchAlgorithmException, NoSuchProviderException { 362 Instance instance = GetInstance.getInstance("SecureRandom", 363 SecureRandomSpi.class, algorithm, provider); 364 return new SecureRandom((SecureRandomSpi)instance.impl, 365 instance.provider, algorithm); 366 } 367 368 /** 369 * Returns a {@code SecureRandom} object that implements the specified 370 * Random Number Generator (RNG) algorithm. 371 * 372 * <p> A new {@code SecureRandom} object encapsulating the 373 * {@code SecureRandomSpi} implementation from the specified {@code Provider} 374 * object is returned. Note that the specified {@code Provider} object 375 * does not have to be registered in the provider list. 376 * 377 * @param algorithm the name of the RNG algorithm. 378 * See the {@code SecureRandom} section in the <a href= 379 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 380 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 381 * for information about standard RNG algorithm names. 382 * 383 * @param provider the provider. 384 * 385 * @return the new {@code SecureRandom} object. 386 * 387 * @throws NoSuchAlgorithmException if a {@code SecureRandomSpi} 388 * implementation for the specified algorithm is not available 389 * from the specified {@code Provider} object. 390 * 391 * @throws IllegalArgumentException if the specified provider is null. 392 * 393 * @see Provider 394 * 395 * @since 1.4 396 */ 397 public static SecureRandom getInstance(String algorithm, 398 Provider provider) throws NoSuchAlgorithmException { 399 Instance instance = GetInstance.getInstance("SecureRandom", 400 SecureRandomSpi.class, algorithm, provider); 401 return new SecureRandom((SecureRandomSpi)instance.impl, 402 instance.provider, algorithm); 403 } 404 405 /** 406 * Returns a {@code SecureRandom} object that implements the specified Random 407 * Number Generator (RNG) algorithm and supports the specified 408 * {@code SecureRandomParameters} request. 409 * 410 * <p> This method traverses the list of registered security Providers, 411 * starting with the most preferred Provider. 412 * A new {@code SecureRandom} object encapsulating the 413 * {@code SecureRandomSpi} implementation from the first 414 * Provider that supports the specified algorithm and the specified 415 * {@code SecureRandomParameters} is returned. 416 * 417 * <p> Note that the list of registered providers may be retrieved via 418 * the {@link Security#getProviders() Security.getProviders()} method. 419 * 420 * @implNote 421 * The JDK Reference Implementation additionally uses the 422 * {@code jdk.security.provider.preferred} property to determine 423 * the preferred provider order for the specified algorithm. This 424 * may be different than the order of providers returned by 425 * {@link Security#getProviders() Security.getProviders()}. 426 * 427 * @param algorithm the name of the RNG algorithm. 428 * See the {@code SecureRandom} section in the <a href= 429 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 430 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 431 * for information about standard RNG algorithm names. 432 * 433 * @param params the {@code SecureRandomParameters} 434 * the newly created {@code SecureRandom} object must support. 435 * 436 * @return the new {@code SecureRandom} object. 437 * 438 * @throws NoSuchAlgorithmException if no Provider supports a 439 * {@code SecureRandomSpi} implementation for the specified algorithm 440 * and parameters. 441 * 442 * @throws IllegalArgumentException if the specified params is null. 443 * 444 * @see Provider 445 * 446 * @since 9 447 */ 448 public static SecureRandom getInstance( 449 String algorithm, SecureRandomParameters params) 450 throws NoSuchAlgorithmException { 451 if (params == null) { 452 throw new IllegalArgumentException("params cannot be null"); 453 } 454 Instance instance = GetInstance.getInstance("SecureRandom", 455 SecureRandomSpi.class, algorithm, params); 456 SecureRandomSpi spi = (SecureRandomSpi) instance.impl; 457 SecureRandom r = new SecureRandom(spi, instance.provider, algorithm); 458 return r; 459 } 460 461 /** 462 * Returns a {@code SecureRandom} object that implements the specified Random 463 * Number Generator (RNG) algorithm and supports the specified 464 * {@code SecureRandomParameters} request. 465 * 466 * <p> A new {@code SecureRandom} object encapsulating the 467 * {@code SecureRandomSpi} implementation from the specified provider 468 * is returned. The specified provider must be registered 469 * in the security provider list. 470 * 471 * <p> Note that the list of registered providers may be retrieved via 472 * the {@link Security#getProviders() Security.getProviders()} method. 473 * 474 * @param algorithm the name of the RNG algorithm. 475 * See the {@code SecureRandom} section in the <a href= 476 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 477 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 478 * for information about standard RNG algorithm names. 479 * 480 * @param params the {@code SecureRandomParameters} 481 * the newly created {@code SecureRandom} object must support. 482 * 483 * @param provider the name of the provider. 484 * 485 * @return the new {@code SecureRandom} object. 486 * 487 * @throws NoSuchAlgorithmException if the specified provider does not 488 * support a {@code SecureRandomSpi} implementation for the specified 489 * algorithm and parameters. 490 * 491 * @throws NoSuchProviderException if the specified provider is not 492 * registered in the security provider list. 493 * 494 * @throws IllegalArgumentException if the provider name is null 495 * or empty, or params is null. 496 * 497 * @see Provider 498 * 499 * @since 9 500 */ 501 public static SecureRandom getInstance(String algorithm, 502 SecureRandomParameters params, String provider) 503 throws NoSuchAlgorithmException, NoSuchProviderException { 504 if (params == null) { 505 throw new IllegalArgumentException("params cannot be null"); 506 } 507 Instance instance = GetInstance.getInstance("SecureRandom", 508 SecureRandomSpi.class, algorithm, params, provider); 509 SecureRandomSpi spi = (SecureRandomSpi)instance.impl; 510 return new SecureRandom(spi, instance.provider, algorithm); 511 } 512 513 /** 514 * Returns a {@code SecureRandom} object that implements the specified Random 515 * Number Generator (RNG) algorithm and supports the specified 516 * {@code SecureRandomParameters} request. 517 * 518 * <p> A new {@code SecureRandom} object encapsulating the 519 * {@code SecureRandomSpi} implementation from the specified {@code Provider} 520 * object is returned. Note that the specified {@code Provider} object 521 * does not have to be registered in the provider list. 522 * 523 * @param algorithm the name of the RNG algorithm. 524 * See the {@code SecureRandom} section in the <a href= 525 * "{@docRoot}/../technotes/guides/security/StandardNames.html#SecureRandom"> 526 * Java Cryptography Architecture Standard Algorithm Name Documentation</a> 527 * for information about standard RNG algorithm names. 528 * 529 * @param params the {@code SecureRandomParameters} 530 * the newly created {@code SecureRandom} object must support. 531 * 532 * @param provider the provider. 533 * 534 * @return the new {@code SecureRandom} object. 535 * 536 * @throws NoSuchAlgorithmException if the specified provider does not 537 * support a {@code SecureRandomSpi} implementation for the specified 538 * algorithm and parameters. 539 * 540 * @throws IllegalArgumentException if the specified provider or params 541 * is null. 542 * 543 * @see Provider 544 * 545 * @since 9 546 */ 547 public static SecureRandom getInstance(String algorithm, 548 SecureRandomParameters params, Provider provider) 549 throws NoSuchAlgorithmException { 550 if (params == null) { 551 throw new IllegalArgumentException("params cannot be null"); 552 } 553 Instance instance = GetInstance.getInstance("SecureRandom", 554 SecureRandomSpi.class, algorithm, params, provider); 555 SecureRandomSpi spi = (SecureRandomSpi)instance.impl; 556 return new SecureRandom(spi, instance.provider, algorithm); 557 } 558 559 /** 560 * Returns the {@code SecureRandomSpi} of this {@code SecureRandom} object. 561 */ 562 SecureRandomSpi getSecureRandomSpi() { 563 return secureRandomSpi; 564 } 565 566 /** 567 * Returns the provider of this {@code SecureRandom} object. 568 * 569 * @return the provider of this {@code SecureRandom} object. 570 */ 571 public final Provider getProvider() { 572 return provider; 573 } 574 575 /** 576 * Returns the name of the algorithm implemented by this {@code SecureRandom} 577 * object. 578 * 579 * @return the name of the algorithm or {@code unknown} 580 * if the algorithm name cannot be determined. 581 * @since 1.5 582 */ 583 public String getAlgorithm() { 584 return Objects.toString(algorithm, "unknown"); 585 } 586 587 @Override 588 public String toString() { 589 return secureRandomSpi.toString(); 590 } 591 592 /** 593 * Returns the effective {@link SecureRandomParameters} that 594 * is actually used to instantiate this {@code SecureRandom}. 595 * <p> 596 * The returned value can be different from the 597 * {@code SecureRandomParameters} object passed into 598 * a {@code getInstance} method, but it cannot change during the lifetime 599 * of this {@code SecureRandom} object. 600 * <p> 601 * A caller can use the returned value to find out what features this 602 * {@code SecureRandom} supports. 603 * 604 * @return the parameters used in instantiation, or {@code null} if no 605 * parameters were used. 606 * 607 * @since 9 608 * @see SecureRandomSpi 609 */ 610 public SecureRandomParameters getParameters() { 611 return secureRandomSpi.engineGetParameters(); 612 } 613 614 /** 615 * Reseeds this random object with the given seed. The seed supplements, 616 * rather than replaces, the existing seed. Thus, repeated calls are 617 * guaranteed never to reduce randomness. 618 * <p> 619 * A PRNG {@code SecureRandom} will not seed itself automatically if {@code setSeed} 620 * is called before any {@code nextBytes} or {@code reseed} calls. 621 * The caller should make sure that the {@code seed} argument contains 622 * enough entropy for the security of this {@code SecureRandom}. 623 * 624 * @param seed the seed. 625 * 626 * @see #getSeed 627 */ 628 public synchronized void setSeed(byte[] seed) { 629 secureRandomSpi.engineSetSeed(seed); 630 } 631 632 /** 633 * Reseeds this random object, using the eight bytes contained 634 * in the given {@code long seed}. The given seed supplements, 635 * rather than replaces, the existing seed. Thus, repeated calls 636 * are guaranteed never to reduce randomness. 637 * 638 * <p>This method is defined for compatibility with 639 * {@code java.util.Random}. 640 * 641 * @param seed the seed. 642 * 643 * @see #getSeed 644 */ 645 @Override 646 public void setSeed(long seed) { 647 /* 648 * Ignore call from super constructor (as well as any other calls 649 * unfortunate enough to be passing 0). It's critical that we 650 * ignore call from superclass constructor, as digest has not 651 * yet been initialized at that point. 652 */ 653 if (seed != 0) { 654 setSeed(longToByteArray(seed)); 655 } 656 } 657 658 /** 659 * Generates a user-specified number of random bytes. 660 * 661 * @param bytes the array to be filled in with random bytes. 662 * 663 * @throws NullPointerException if {@code bytes} is null. 664 */ 665 @Override 666 public void nextBytes(byte[] bytes) { 667 secureRandomSpi.engineNextBytes( 668 Objects.requireNonNull(bytes)); 669 } 670 671 /** 672 * Generates a user-specified number of random bytes with 673 * additional parameters. 674 * 675 * @param bytes the array to be filled in with random bytes 676 * @param params additional parameters 677 * @throws NullPointerException if {@code bytes} is null 678 * @throws UnsupportedOperationException if the underlying provider 679 * implementation has not overridden this method. 680 * @throws IllegalArgumentException if {@code params} is {@code null}, 681 * unrecognizable or unsupported by this {@code SecureRandom} 682 * 683 * @since 9 684 */ 685 public synchronized void nextBytes( 686 byte[] bytes, SecureRandomParameters params) { 687 if (params == null) { 688 throw new IllegalArgumentException("params cannot be null"); 689 } 690 secureRandomSpi.engineNextBytes(Objects.requireNonNull(bytes), params); 691 } 692 693 /** 694 * Generates an integer containing the user-specified number of 695 * pseudo-random bits (right justified, with leading zeros). This 696 * method overrides a {@code java.util.Random} method, and serves 697 * to provide a source of random bits to all of the methods inherited 698 * from that class (for example, {@code nextInt}, 699 * {@code nextLong}, and {@code nextFloat}). 700 * 701 * @param numBits number of pseudo-random bits to be generated, where 702 * {@code 0 <= numBits <= 32}. 703 * 704 * @return an {@code int} containing the user-specified number 705 * of pseudo-random bits (right justified, with leading zeros). 706 */ 707 @Override 708 protected final int next(int numBits) { 709 int numBytes = (numBits+7)/8; 710 byte[] b = new byte[numBytes]; 711 int next = 0; 712 713 nextBytes(b); 714 for (int i = 0; i < numBytes; i++) { 715 next = (next << 8) + (b[i] & 0xFF); 716 } 717 718 return next >>> (numBytes*8 - numBits); 719 } 720 721 /** 722 * Returns the given number of seed bytes, computed using the seed 723 * generation algorithm that this class uses to seed itself. This 724 * call may be used to seed other random number generators. 725 * 726 * <p>This method is only included for backwards compatibility. 727 * The caller is encouraged to use one of the alternative 728 * {@code getInstance} methods to obtain a {@code SecureRandom} object, and 729 * then call the {@code generateSeed} method to obtain seed bytes 730 * from that object. 731 * 732 * @param numBytes the number of seed bytes to generate. 733 * 734 * @return the seed bytes. 735 * 736 * @see #setSeed 737 */ 738 public static byte[] getSeed(int numBytes) { 739 SecureRandom seedGen = seedGenerator; 740 if (seedGen == null) { 741 seedGen = new SecureRandom(); 742 seedGenerator = seedGen; 743 } 744 return seedGen.generateSeed(numBytes); 745 } 746 747 /** 748 * Returns the given number of seed bytes, computed using the seed 749 * generation algorithm that this class uses to seed itself. This 750 * call may be used to seed other random number generators. 751 * 752 * @param numBytes the number of seed bytes to generate. 753 * @throws IllegalArgumentException if {@code numBytes} is negative 754 * @return the seed bytes. 755 */ 756 public byte[] generateSeed(int numBytes) { 757 if (numBytes < 0) { 758 throw new IllegalArgumentException("numBytes cannot be negative"); 759 } 760 return secureRandomSpi.engineGenerateSeed(numBytes); 761 } 762 763 /** 764 * Helper function to convert a long into a byte array (least significant 765 * byte first). 766 */ 767 private static byte[] longToByteArray(long l) { 768 byte[] retVal = new byte[8]; 769 770 for (int i = 0; i < 8; i++) { 771 retVal[i] = (byte) l; 772 l >>= 8; 773 } 774 775 return retVal; 776 } 777 778 /** 779 * Gets a default PRNG algorithm by looking through all registered 780 * providers. Returns the first PRNG algorithm of the first provider that 781 * has registered a {@code SecureRandom} implementation, or null if none of the 782 * registered providers supplies a {@code SecureRandom} implementation. 783 */ 784 private static String getPrngAlgorithm() { 785 for (Provider p : Providers.getProviderList().providers()) { 786 for (Service s : p.getServices()) { 787 if (s.getType().equals("SecureRandom")) { 788 return s.getAlgorithm(); 789 } 790 } 791 } 792 return null; 793 } 794 795 /* 796 * Lazily initialize since Pattern.compile() is heavy. 797 * Effective Java (2nd Edition), Item 71. 798 */ 799 private static final class StrongPatternHolder { 800 /* 801 * Entries are alg:prov separated by , 802 * Allow for prepended/appended whitespace between entries. 803 * 804 * Capture groups: 805 * 1 - alg 806 * 2 - :prov (optional) 807 * 3 - prov (optional) 808 * 4 - ,nextEntry (optional) 809 * 5 - nextEntry (optional) 810 */ 811 private static Pattern pattern = 812 Pattern.compile( 813 "\\s*([\\S&&[^:,]]*)(\\:([\\S&&[^,]]*))?\\s*(\\,(.*))?"); 814 } 815 816 /** 817 * Returns a {@code SecureRandom} object that was selected by using 818 * the algorithms/providers specified in the {@code 819 * securerandom.strongAlgorithms} {@link Security} property. 820 * <p> 821 * Some situations require strong random values, such as when 822 * creating high-value/long-lived secrets like RSA public/private 823 * keys. To help guide applications in selecting a suitable strong 824 * {@code SecureRandom} implementation, Java distributions 825 * include a list of known strong {@code SecureRandom} 826 * implementations in the {@code securerandom.strongAlgorithms} 827 * Security property. 828 * <p> 829 * Every implementation of the Java platform is required to 830 * support at least one strong {@code SecureRandom} implementation. 831 * 832 * @return a strong {@code SecureRandom} implementation as indicated 833 * by the {@code securerandom.strongAlgorithms} Security property 834 * 835 * @throws NoSuchAlgorithmException if no algorithm is available 836 * 837 * @see Security#getProperty(String) 838 * 839 * @since 1.8 840 */ 841 public static SecureRandom getInstanceStrong() 842 throws NoSuchAlgorithmException { 843 844 String property = AccessController.doPrivileged( 845 new PrivilegedAction<>() { 846 @Override 847 public String run() { 848 return Security.getProperty( 849 "securerandom.strongAlgorithms"); 850 } 851 }); 852 853 if ((property == null) || (property.length() == 0)) { 854 throw new NoSuchAlgorithmException( 855 "Null/empty securerandom.strongAlgorithms Security Property"); 856 } 857 858 String remainder = property; 859 while (remainder != null) { 860 Matcher m; 861 if ((m = StrongPatternHolder.pattern.matcher( 862 remainder)).matches()) { 863 864 String alg = m.group(1); 865 String prov = m.group(3); 866 867 try { 868 if (prov == null) { 869 return SecureRandom.getInstance(alg); 870 } else { 871 return SecureRandom.getInstance(alg, prov); 872 } 873 } catch (NoSuchAlgorithmException | 874 NoSuchProviderException e) { 875 } 876 remainder = m.group(5); 877 } else { 878 remainder = null; 879 } 880 } 881 882 throw new NoSuchAlgorithmException( 883 "No strong SecureRandom impls available: " + property); 884 } 885 886 /** 887 * Reseeds this {@code SecureRandom} with entropy input read from its 888 * entropy source. 889 * 890 * @throws UnsupportedOperationException if the underlying provider 891 * implementation has not overridden this method. 892 * 893 * @since 9 894 */ 895 public synchronized void reseed() { 896 secureRandomSpi.engineReseed(null); 897 } 898 899 /** 900 * Reseeds this {@code SecureRandom} with entropy input read from its 901 * entropy source with additional parameters. 902 * <p> 903 * Note that entropy is obtained from an entropy source. While 904 * some data in {@code params} may contain entropy, its main usage is to 905 * provide diversity. 906 * 907 * @param params extra parameters 908 * @throws UnsupportedOperationException if the underlying provider 909 * implementation has not overridden this method. 910 * @throws IllegalArgumentException if {@code params} is {@code null}, 911 * unrecognizable or unsupported by this {@code SecureRandom} 912 * 913 * @since 9 914 */ 915 public synchronized void reseed(SecureRandomParameters params) { 916 if (params == null) { 917 throw new IllegalArgumentException("params cannot be null"); 918 } 919 secureRandomSpi.engineReseed(params); 920 } 921 922 // Declare serialVersionUID to be compatible with JDK1.1 923 static final long serialVersionUID = 4940670005562187L; 924 925 // Retain unused values serialized from JDK1.1 926 /** 927 * @serial 928 */ 929 private byte[] state; 930 /** 931 * @serial 932 */ 933 private MessageDigest digest = null; 934 /** 935 * @serial 936 * 937 * We know that the MessageDigest class does not implement 938 * java.io.Serializable. However, since this field is no longer 939 * used, it will always be NULL and won't affect the serialization 940 * of the {@code SecureRandom} class itself. 941 */ 942 private byte[] randomBytes; 943 /** 944 * @serial 945 */ 946 private int randomBytesUsed; 947 /** 948 * @serial 949 */ 950 private long counter; 951 }