diff options
Diffstat (limited to 'libjava/classpath/gnu/javax/crypto/jce/prng')
5 files changed, 671 insertions, 0 deletions
diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java new file mode 100644 index 000000000..3816fb648 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/ARCFourRandomSpi.java @@ -0,0 +1,102 @@ +/* ARCFourRandomSpi.java -- + Copyright (C) 2002, 2003, 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.prng; + +import gnu.java.security.Registry; + +import gnu.java.security.jce.prng.SecureRandomAdapter; + +import gnu.java.security.prng.IRandom; +import gnu.java.security.prng.LimitReachedException; + +import gnu.javax.crypto.prng.ARCFour; +import gnu.javax.crypto.prng.PRNGFactory; + +import java.security.SecureRandomSpi; + +import java.util.HashMap; + +/** + * Implementation of the <i>Service Provider Interface</i> (<b>SPI</b>) for + * the ARCFOUR keystream generator. + */ +public class ARCFourRandomSpi + extends SecureRandomSpi +{ + /** Our underlying prng instance. */ + private IRandom adaptee; + /** Have we been initialized? */ + private boolean virgin; + + /** + * Default 0-arguments constructor. + */ + public ARCFourRandomSpi() + { + super(); + adaptee = PRNGFactory.getInstance(Registry.ARCFOUR_PRNG); + virgin = true; + } + + public byte[] engineGenerateSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + public void engineNextBytes(byte[] bytes) + { + if (virgin) + this.engineSetSeed(engineGenerateSeed(32)); + try + { + adaptee.nextBytes(bytes, 0, bytes.length); + } + catch (LimitReachedException ignored) + { + } + } + + public void engineSetSeed(byte[] seed) + { + HashMap attributes = new HashMap(); + attributes.put(ARCFour.ARCFOUR_KEY_MATERIAL, seed); + adaptee.init(attributes); + virgin = false; + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java new file mode 100644 index 000000000..9a893af9d --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/CSPRNGSpi.java @@ -0,0 +1,97 @@ +/* CSPRNGSpi.java -- + Copyright (C) 2004, 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.prng; + +import gnu.java.security.prng.IRandom; +import gnu.java.security.prng.LimitReachedException; +import gnu.java.security.jce.prng.SecureRandomAdapter; +import gnu.javax.crypto.prng.CSPRNG; + +import java.net.MalformedURLException; +import java.security.SecureRandomSpi; + +/** + * The implementation of the continuously-seeded SecureRandom <i>Service + * Provider Interface</i> (<b>SPI</b>) adapter. + */ +public class CSPRNGSpi + extends SecureRandomSpi +{ + private final IRandom adaptee; + private boolean virgin = true; + + public CSPRNGSpi() throws ClassNotFoundException, MalformedURLException, + NumberFormatException + { + super(); + + adaptee = CSPRNG.getSystemInstance(); + } + + protected byte[] engineGenerateSeed(final int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + protected void engineNextBytes(final byte[] buffer) + { + if (buffer == null) + throw new NullPointerException(); + if (virgin) + { + engineSetSeed(engineGenerateSeed(32)); + } + try + { + adaptee.nextBytes(buffer, 0, buffer.length); + } + catch (LimitReachedException lre) + { + throw new RuntimeException("random-number generator has been exhausted"); + } + } + + protected void engineSetSeed(final byte[] seed) + { + if (seed == null) + throw new NullPointerException(); + adaptee.addRandomBytes(seed, 0, seed.length); + virgin = false; + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java b/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java new file mode 100644 index 000000000..d2073b98d --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/FortunaImpl.java @@ -0,0 +1,100 @@ +/* FortunaImpl.java -- Fortuna SecureRandom adapter. + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.prng; + +import gnu.java.security.prng.LimitReachedException; + +import gnu.java.security.jce.prng.SecureRandomAdapter; + +import gnu.javax.crypto.prng.Fortuna; + +import java.security.SecureRandomSpi; +import java.util.Collections; + +public final class FortunaImpl + extends SecureRandomSpi +{ + private boolean virgin = true; + private final Fortuna adaptee; + + public FortunaImpl() + { + adaptee = new Fortuna(); + } + + protected void engineSetSeed(byte[] seed) + { + synchronized (adaptee) + { + if (virgin) + { + adaptee.init (Collections.singletonMap (Fortuna.SEED, seed)); + virgin = false; + } + else + { + adaptee.addRandomBytes (seed); + } + } + } + + protected void engineNextBytes(byte[] buffer) + { + synchronized (adaptee) + { + if (virgin) + { + this.engineSetSeed(engineGenerateSeed(32)); + } + try + { + adaptee.nextBytes(buffer); + } + catch (LimitReachedException shouldNotHappen) + { + throw new Error(shouldNotHappen); + } + } + } + + protected byte[] engineGenerateSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java new file mode 100644 index 000000000..bbd5d4768 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/ICMRandomSpi.java @@ -0,0 +1,206 @@ +/* ICMRandomSpi.java -- + Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.prng; + +import gnu.java.security.Configuration; +import gnu.java.security.Registry; +import gnu.java.security.jce.prng.SecureRandomAdapter; +import gnu.java.security.prng.LimitReachedException; +import gnu.javax.crypto.cipher.IBlockCipher; +import gnu.javax.crypto.prng.ICMGenerator; + +import java.math.BigInteger; +import java.security.SecureRandomSpi; +import java.util.HashMap; +import java.util.Random; +import java.util.logging.Logger; + +/** + * An <em>Adapter</em> class around {@link ICMGenerator} to allow using this + * algorithm as a JCE {@link java.security.SecureRandom}. + */ +public class ICMRandomSpi + extends SecureRandomSpi +{ + private static final Logger log = Logger.getLogger(ICMRandomSpi.class.getName()); + /** Class-wide prng to generate random material for the underlying prng. */ + private static final ICMGenerator prng; // blank final + static + { + prng = new ICMGenerator(); + resetLocalPRNG(); + } + + // error messages + private static final String MSG = "Exception while setting up an " + + Registry.ICM_PRNG + " SPI: "; + private static final String RETRY = "Retry..."; + private static final String LIMIT_REACHED_MSG = "Limit reached: "; + private static final String RESEED = "Re-seed..."; + /** Our underlying prng instance. */ + private ICMGenerator adaptee = new ICMGenerator(); + + // default 0-arguments constructor + + private static void resetLocalPRNG() + { + if (Configuration.DEBUG) + log.entering(ICMRandomSpi.class.getName(), "resetLocalPRNG"); + HashMap attributes = new HashMap(); + attributes.put(ICMGenerator.CIPHER, Registry.AES_CIPHER); + byte[] key = new byte[128 / 8]; // AES default key size + Random rand = new Random(System.currentTimeMillis()); + rand.nextBytes(key); + attributes.put(IBlockCipher.KEY_MATERIAL, key); + int aesBlockSize = 128 / 8; // AES block size in bytes + byte[] offset = new byte[aesBlockSize]; + rand.nextBytes(offset); + attributes.put(ICMGenerator.OFFSET, offset); + int ndxLen = 0; // the segment length + // choose a random value between 1 and aesBlockSize / 2 + int limit = aesBlockSize / 2; + while (ndxLen < 1 || ndxLen > limit) + ndxLen = rand.nextInt(limit + 1); + attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, Integer.valueOf(ndxLen)); + byte[] index = new byte[ndxLen]; + rand.nextBytes(index); + attributes.put(ICMGenerator.SEGMENT_INDEX, new BigInteger(1, index)); + prng.setup(attributes); + if (Configuration.DEBUG) + log.exiting(ICMRandomSpi.class.getName(), "resetLocalPRNG"); + } + + public byte[] engineGenerateSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + public void engineNextBytes(byte[] bytes) + { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineNextBytes"); + if (! adaptee.isInitialised()) + this.engineSetSeed(engineGenerateSeed(32)); + while (true) + { + try + { + adaptee.nextBytes(bytes, 0, bytes.length); + break; + } + catch (LimitReachedException x) + { // reseed the generator + if (Configuration.DEBUG) + { + log.fine(LIMIT_REACHED_MSG + String.valueOf(x)); + log.fine(RESEED); + } + resetLocalPRNG(); + } + } + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineNextBytes"); + } + + public void engineSetSeed(byte[] seed) + { + if (Configuration.DEBUG) + log.entering(this.getClass().getName(), "engineSetSeed"); + // compute the total number of random bytes required to setup adaptee + int materialLength = 0; + materialLength += 16; // key material size + materialLength += 16; // offset size + materialLength += 8; // index size == half of an AES block + byte[] material = new byte[materialLength]; + // use as much as possible bytes from the seed + int materialOffset = 0; + int materialLeft = material.length; + if (seed.length > 0) + { // copy some bytes into key and update indices + int lenToCopy = Math.min(materialLength, seed.length); + System.arraycopy(seed, 0, material, 0, lenToCopy); + materialOffset += lenToCopy; + materialLeft -= lenToCopy; + } + if (materialOffset > 0) // generate the rest + { + while (true) + { + try + { + prng.nextBytes(material, materialOffset, materialLeft); + break; + } + catch (IllegalStateException x) + { // should not happen + throw new InternalError(MSG + String.valueOf(x)); + } + catch (LimitReachedException x) + { + if (Configuration.DEBUG) + { + log.fine(MSG + String.valueOf(x)); + log.fine(RETRY); + } + } + } + } + // setup the underlying adaptee instance + HashMap attributes = new HashMap(); + // use AES cipher with 128-bit block size + attributes.put(ICMGenerator.CIPHER, Registry.AES_CIPHER); + // use an index the size of quarter of an AES block + attributes.put(ICMGenerator.SEGMENT_INDEX_LENGTH, Integer.valueOf(4)); + // specify the key + byte[] key = new byte[16]; + System.arraycopy(material, 0, key, 0, 16); + attributes.put(IBlockCipher.KEY_MATERIAL, key); + // specify the offset + byte[] offset = new byte[16]; + System.arraycopy(material, 16, offset, 0, 16); + attributes.put(ICMGenerator.OFFSET, offset); + // specify the index + byte[] index = new byte[4]; + System.arraycopy(material, 32, index, 0, 4); + attributes.put(ICMGenerator.SEGMENT_INDEX, new BigInteger(1, index)); + adaptee.init(attributes); + if (Configuration.DEBUG) + log.exiting(this.getClass().getName(), "engineSetSeed"); + } +} diff --git a/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java b/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java new file mode 100644 index 000000000..910e65c70 --- /dev/null +++ b/libjava/classpath/gnu/javax/crypto/jce/prng/UMacRandomSpi.java @@ -0,0 +1,166 @@ +/* UMacRandomSpi.java -- + Copyright (C) 2001, 2002, 2006 Free Software Foundation, Inc. + +This file is a part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +USA + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package gnu.javax.crypto.jce.prng; + +import gnu.java.security.Configuration; +import gnu.java.security.Registry; +import gnu.java.security.prng.LimitReachedException; +import gnu.java.security.jce.prng.SecureRandomAdapter; +import gnu.javax.crypto.cipher.IBlockCipher; +import gnu.javax.crypto.prng.UMacGenerator; + +import java.security.SecureRandomSpi; +import java.util.HashMap; +import java.util.Random; +import java.util.logging.Logger; + +/** + * An <em>Adapter</em> class around {@link UMacGenerator} to allow using this + * algorithm as a JCE {@link java.security.SecureRandom}. + */ +public class UMacRandomSpi + extends SecureRandomSpi +{ + private static final Logger log = Logger.getLogger(UMacRandomSpi.class.getName()); + + /** Class-wide prng to generate random material for the underlying prng. */ + private static final UMacGenerator prng; // blank final + static + { + prng = new UMacGenerator(); + resetLocalPRNG(); + } + // error messages + private static final String MSG = "Exception while setting up a " + + Registry.UMAC_PRNG + " SPI: "; + private static final String RETRY = "Retry..."; + /** Our underlying prng instance. */ + private UMacGenerator adaptee = new UMacGenerator(); + + // default 0-arguments constructor + + private static void resetLocalPRNG() + { + HashMap attributes = new HashMap(); + attributes.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); + byte[] key = new byte[128 / 8]; // AES default key size + Random rand = new Random(System.currentTimeMillis()); + rand.nextBytes(key); + attributes.put(IBlockCipher.KEY_MATERIAL, key); + int index = rand.nextInt() & 0xFF; + attributes.put(UMacGenerator.INDEX, Integer.valueOf(index)); + prng.setup(attributes); + } + + public byte[] engineGenerateSeed(int numBytes) + { + return SecureRandomAdapter.getSeed(numBytes); + } + + public void engineNextBytes(byte[] bytes) + { + if (! adaptee.isInitialised()) + engineSetSeed(engineGenerateSeed(32)); + while (true) + { + try + { + adaptee.nextBytes(bytes, 0, bytes.length); + break; + } + catch (LimitReachedException x) + { // reseed the generator + resetLocalPRNG(); + } + } + } + + public void engineSetSeed(byte[] seed) + { + // compute the total number of random bytes required to setup adaptee + int materialLength = 0; + materialLength += 16; // key material size + materialLength++; // index size + byte[] material = new byte[materialLength]; + // use as much as possible bytes from the seed + int materialOffset = 0; + int materialLeft = material.length; + if (seed.length > 0) + { // copy some bytes into key and update indices + int lenToCopy = Math.min(materialLength, seed.length); + System.arraycopy(seed, 0, material, 0, lenToCopy); + materialOffset += lenToCopy; + materialLeft -= lenToCopy; + } + if (materialOffset > 0) // generate the rest + { + while (true) + { + try + { + prng.nextBytes(material, materialOffset, materialLeft); + break; + } + catch (IllegalStateException x) // should not happen + { + throw new InternalError(MSG + String.valueOf(x)); + } + catch (LimitReachedException x) + { + if (Configuration.DEBUG) + { + log.fine(MSG + String.valueOf(x)); + log.fine(RETRY); + } + } + } + } + // setup the underlying adaptee instance + HashMap attributes = new HashMap(); + // use AES cipher with 128-bit block size + attributes.put(UMacGenerator.CIPHER, Registry.AES_CIPHER); + // specify the key + byte[] key = new byte[16]; + System.arraycopy(material, 0, key, 0, 16); + attributes.put(IBlockCipher.KEY_MATERIAL, key); + // use a 1-byte index + attributes.put(UMacGenerator.INDEX, Integer.valueOf(material[16] & 0xFF)); + adaptee.init(attributes); + } +} |