private static void runForEachAlg(String mech, String alg) throws Exception { for (int strength : new int[]{-1, 0, 1, 223, 224, 192, 255, 256}) { for (Capability cp : Capability.values()) { for (byte[] pr : new byte[][]{null, new byte[]{}, "personal".getBytes()}) { SecureRandomParameters param = DrbgParameters.instantiation(strength, cp, pr); runForEachParam(mech, alg, param); } } } }
private static void runForEachAlg(String mech, String alg) throws Exception { for (int strength : new int[]{Integer.MIN_VALUE, -1, 0, 1, 223, 224, 192, 255, 256}) { for (Capability cp : Capability.values()) { for (byte[] pr : new byte[][]{null, new byte[]{}, "personal".getBytes()}) { SecureRandomParameters param = DrbgParameters.instantiation(strength, cp, pr); runForEachParam(mech, alg, param); } } } }
public static void main(String[] args) throws NoSuchAlgorithmException { Instantiation instantiation = DrbgParameters.instantiation(128, RESEED_ONLY, null); SecureRandom random = SecureRandom.getInstance("DRBG", instantiation); byte[] bytes = new byte[20]; random.nextBytes(bytes); for (byte b : bytes) { System.out.print(b + " "); } System.out.println(); }
public static void main(String args[]) throws Exception { byte[] p, np1, np2; // Capability Asserts.assertTrue(PR_AND_RESEED.supportsPredictionResistance()); Asserts.assertTrue(PR_AND_RESEED.supportsReseeding()); Asserts.assertFalse(RESEED_ONLY.supportsPredictionResistance()); Asserts.assertTrue(RESEED_ONLY.supportsReseeding()); Asserts.assertFalse(NONE.supportsPredictionResistance()); Asserts.assertFalse(NONE.supportsReseeding()); // Instantiation p = "Instantiation".getBytes(); DrbgParameters.Instantiation ins = DrbgParameters .instantiation(192, RESEED_ONLY, p); Asserts.assertTrue(ins.getStrength() == 192); Asserts.assertTrue(ins.getCapability() == RESEED_ONLY); np1 = ins.getPersonalizationString(); np2 = ins.getPersonalizationString(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = ins.getPersonalizationString(); Asserts.assertTrue(Arrays.equals(np1, np2)); ins = DrbgParameters.instantiation(-1, NONE, null); Asserts.assertNull(ins.getPersonalizationString()); iae(() -> DrbgParameters.instantiation(-2, NONE, null)); npe(() -> DrbgParameters.instantiation(-1, null, null)); // NextBytes p = "NextBytes".getBytes(); DrbgParameters.NextBytes nb = DrbgParameters .nextBytes(192, true, p); Asserts.assertTrue(nb.getStrength() == 192); Asserts.assertTrue(nb.getPredictionResistance()); np1 = nb.getAdditionalInput(); np2 = nb.getAdditionalInput(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = nb.getAdditionalInput(); Asserts.assertTrue(Arrays.equals(np1, np2)); iae(() -> DrbgParameters.nextBytes(-2, false, null)); // Reseed p = "Reseed".getBytes(); DrbgParameters.Reseed rs = DrbgParameters .reseed(true, p); Asserts.assertTrue(rs.getPredictionResistance()); np1 = rs.getAdditionalInput(); np2 = rs.getAdditionalInput(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = rs.getAdditionalInput(); Asserts.assertTrue(Arrays.equals(np1, np2)); }
private static boolean isValidDRBGParam(SecureRandomParameters param) { return (param instanceof DrbgParameters.Instantiation); }
public static void main(String[] args) throws Exception { byte[] result = new byte[10]; MyES es = new MyES(); // Set es as the default entropy source, overriding SeedGenerator. setDefaultSeeder(es); // Nothing happened yet es.checkUsage(0); SecureRandom sr; sr = SecureRandom.getInstance("DRBG"); // No entropy reading if only getInstance es.checkUsage(0); // Entropy is read at 1st nextBytes of the 1st DRBG sr.nextInt(); es.checkUsage(1); for (String mech : new String[]{"Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) { System.out.println("Testing " + mech + "..."); // DRBG with pr_false will never read entropy again no matter // if nextBytes or reseed is called. Security.setProperty("securerandom.drbg.config", mech); sr = SecureRandom.getInstance("DRBG"); sr.nextInt(); sr.reseed(); es.checkUsage(0); // DRBG with pr_true always read from default entropy, and // its nextBytes always reseed itself Security.setProperty("securerandom.drbg.config", mech + ",pr_and_reseed"); sr = SecureRandom.getInstance("DRBG"); sr.nextInt(); es.checkUsage(2); // one instantiate, one reseed sr.nextInt(); es.checkUsage(1); // one reseed in nextBytes sr.reseed(); es.checkUsage(1); // one reseed sr.nextBytes(result, DrbgParameters.nextBytes(-1, false, null)); es.checkUsage(0); // pr_false for this call sr.nextBytes(result, DrbgParameters.nextBytes(-1, true, null)); es.checkUsage(1); // pr_true for this call sr.reseed(DrbgParameters.reseed(true, null)); es.checkUsage(1); // reseed from es sr.reseed(DrbgParameters.reseed(false, null)); es.checkUsage(0); // reseed from AbstractDrbg.SeederHolder.seeder } }
public static void main(String[] args) throws Exception { check(null, "Hash_DRBG", "SHA-256", "reseed_only", ",128"); check("", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); check("sha-256", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); check("SHA-3"); check("hash_drbg", "Hash_DRBG", "SHA-256", "reseed_only", ",128"); check("hmac_drbg", "HMAC_DRBG", "SHA-256", "reseed_only", ",128"); check("ctr_drbg", "CTR_DRBG", "AES-", "reseed_only", ",128", "use_df"); // trying all permutations checkPermutations( Collections.emptyList(), Arrays.asList("hash_drbg","sha-512","Pr_and_Reseed","192"), "Hash_DRBG", "SHA-512", "pr_and_reseed", ",192"); check("Hash_DRBG,Hmac_DRBG"); check("SHA-224,SHA-256"); check("128,256"); check("none,reseed_only"); check("use_df,no_df"); check("Hash_DRBG,,SHA-256"); check(null, DrbgParameters.instantiation(112, PR_AND_RESEED, null), "Hash_DRBG", "SHA-256", "pr_and_reseed", ",112"); check(null, DrbgParameters.instantiation(256, PR_AND_RESEED, null), "Hash_DRBG", "SHA-256", "pr_and_reseed", ",256"); check(null, DrbgParameters.instantiation(384, PR_AND_RESEED, null)); check("sha-224", DrbgParameters.instantiation(112, PR_AND_RESEED, null), "Hash_DRBG", "SHA-224", "pr_and_reseed", ",112"); check("sha-224", DrbgParameters.instantiation(256, PR_AND_RESEED, null)); check("hash_drbg,sha-512,Pr_and_Reseed,192", DrbgParameters.instantiation(112, NONE, null), "Hash_DRBG", "SHA-512", "reseed_only", ",112"); check("hash_drbg,sha-512,Pr_and_Reseed,192", DrbgParameters.instantiation(-1, NONE, null), "Hash_DRBG", "SHA-512", "reseed_only", ",192"); // getInstance params can be stronger than definition check("hash_drbg,sha-256,None,112", DrbgParameters.instantiation(192, PR_AND_RESEED, null), "Hash_DRBG", "SHA-256", "pr_and_reseed", ",192"); check("hash_drbg,sha-224", new MoreDrbgParameters( null, null, "sha-512", null, false, DrbgParameters.instantiation(-1, NONE, null)), "Hash_DRBG", "SHA-512"); check("hash_drbg,sha-224", new MoreDrbgParameters( null, null, null, null, false, DrbgParameters.instantiation(-1, NONE, null)), "Hash_DRBG", "SHA-224"); check("hash_drbg", new MoreDrbgParameters( null, "hmac_drbg", null, null, false, DrbgParameters.instantiation(-1, NONE, null)), "HMAC_DRBG", "SHA-256"); check("hash_drbg,sha-224", new MoreDrbgParameters( null, null, "sha-3", null, false, DrbgParameters.instantiation(-1, NONE, null))); check("hash_drbg,sha-224", new MoreDrbgParameters( null, "Unknown_DRBG", null, null, false, DrbgParameters.instantiation(-1, NONE, null))); }
public static void main(String args[]) throws Exception { byte[] p, np1, np2; // Capability Asserts.assertTrue(PR_AND_RESEED.supportsPredictionResistance()); Asserts.assertTrue(PR_AND_RESEED.supportsReseeding()); Asserts.assertFalse(RESEED_ONLY.supportsPredictionResistance()); Asserts.assertTrue(RESEED_ONLY.supportsReseeding()); Asserts.assertFalse(NONE.supportsPredictionResistance()); Asserts.assertFalse(NONE.supportsReseeding()); // Instantiation p = "Instantiation".getBytes(); DrbgParameters.Instantiation ins = DrbgParameters .instantiation(192, RESEED_ONLY, p); Asserts.assertTrue(ins.getStrength() == 192); Asserts.assertTrue(ins.getCapability() == RESEED_ONLY); np1 = ins.getPersonalizationString(); np2 = ins.getPersonalizationString(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = ins.getPersonalizationString(); Asserts.assertTrue(Arrays.equals(np1, np2)); ins = DrbgParameters.instantiation(-1, NONE, null); Asserts.assertNull(ins.getPersonalizationString()); // NextBytes p = "NextBytes".getBytes(); DrbgParameters.NextBytes nb = DrbgParameters .nextBytes(192, true, p); Asserts.assertTrue(nb.getStrength() == 192); Asserts.assertTrue(nb.getPredictionResistance()); np1 = nb.getAdditionalInput(); np2 = nb.getAdditionalInput(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = nb.getAdditionalInput(); Asserts.assertTrue(Arrays.equals(np1, np2)); // Reseed p = "Reseed".getBytes(); DrbgParameters.Reseed rs = DrbgParameters .reseed(true, p); Asserts.assertTrue(rs.getPredictionResistance()); np1 = rs.getAdditionalInput(); np2 = rs.getAdditionalInput(); // Getter outputs have same content but not the same object Asserts.assertTrue(Arrays.equals(np1, p)); Asserts.assertTrue(Arrays.equals(np2, p)); Asserts.assertNE(np1, np2); // Changes to original input has no affect on object p[0] = 'X'; np2 = rs.getAdditionalInput(); Asserts.assertTrue(Arrays.equals(np1, np2)); }
/** * Creates a new {@code MoreDrbgParameters} object. * * @param es the {@link EntropySource} to use. If set to {@code null}, * a default entropy source will be used. * @param mech mech name. If set to {@code null}, the one in * securerandom.drbg.config is used. This argument is ignored * when passing to HashDrbg/HmacDrbg/CtrDrbg. * @param algorithm the requested algorithm to use. If set to {@code null}, * the algorithm will be decided by strength. * @param nonce the nonce to use. If set to {@code null}, * a nonce will be assigned. * @param usedf whether a derivation function should be used * @param config a {@link DrbgParameters.Instantiation} object */ public MoreDrbgParameters(EntropySource es, String mech, String algorithm, byte[] nonce, boolean usedf, DrbgParameters.Instantiation config) { this.mech = mech; this.algorithm = algorithm; this.es = es; this.nonce = (nonce == null) ? null : nonce.clone(); this.usedf = usedf; this.strength = config.getStrength(); this.capability = config.getCapability(); this.personalizationString = config.getPersonalizationString(); }
/** * Creates a new {@code MoreDrbgParameters} object. * * @param es the {@link EntropySource} to use. If set to {@code null}, * a default entropy source will be used. * @param mech mech name. If set to {@code null}, the one in * securerandom.drbg.config is used. This argument is ignored * when passing to HashDrbg/HmacDrbg/CtrDrbg. * @param algorithm the requested algorithm to use. If set to {@code null}, * the algorithm will be decided by strength. * @param nonce the nonce to use. If set to {@code null}, * a nonce will be assigned. * @param usedf whether a derivation function should be used * @param config a {@link DrbgParameters.Instantiation} object */ public MoreDrbgParameters(EntropySource es, String mech, String algorithm, byte[] nonce, boolean usedf, DrbgParameters.Instantiation config) { this.mech = mech; this.algorithm = algorithm; this.es = es; this.nonce = nonce; this.usedf = usedf; this.config = config; }