2006-07-16 Raif S. Naffah <raif@swiftdsl.com.au>

* gnu/javax/crypto/kwa/TripleDESKeyWrap.java (rnd): New field. (engineInit): If a SecureRandom was specified then use it. (nextRandomBytes): New method. (engineWrap): Use above method. * gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java (prng): New field. (getDefaultPRNG): New method. * gnu/javax/crypto/kwa/AESKeyWrap.java (engineInit): Reset underlying AES. * gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java (SOURCE_OF_RANDOMNESS): New constant.
author: Raif S. Naffah <raif@swiftdsl.com.au> 2006-07-16 03:12:53 +0000
committer: Raif S. Naffah <raif@swiftdsl.com.au> 2006-07-16 03:12:53 +0000
commit: 2054c40d0b7ce454677d282e2be9944d623c24f8 (patch)
tree: f811535b68f67b942690ab8b28504afd5960004a
parent: dc55897c48d4bd4c001b29f34e698c0628d8a8bc (diff)
download: classpath-2054c40d0b7ce454677d282e2be9944d623c24f8.tar.gz
5 files changed, 49 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 4d6752b8c..265975cb4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,17 @@
 2006-07-16  Raif S. Naffah  <raif@swiftdsl.com.au>
 
+	* gnu/javax/crypto/kwa/TripleDESKeyWrap.java (rnd): New field.
+	(engineInit): If a SecureRandom was specified then use it.
+	(nextRandomBytes): New method.
+	(engineWrap): Use above method.
+	* gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java (prng): New field.
+	(getDefaultPRNG): New method.
+	* gnu/javax/crypto/kwa/AESKeyWrap.java (engineInit): Reset underlying AES.
+	* gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java (SOURCE_OF_RANDOMNESS):
+	New constant.
+
+2006-07-16  Raif S. Naffah  <raif@swiftdsl.com.au>
+
 	* gnu/javax/crypto/jce/params/BlockCipherParameters.java
 	(engineGetParameterSpec): Should be able to return an IvParameterSpec.
 
diff --git a/gnu/javax/crypto/kwa/AESKeyWrap.java b/gnu/javax/crypto/kwa/AESKeyWrap.java
index dec74ff87..bb86c5477 100644
--- a/gnu/javax/crypto/kwa/AESKeyWrap.java
+++ b/gnu/javax/crypto/kwa/AESKeyWrap.java
@@ -82,6 +82,7 @@ public class AESKeyWrap
     cipherAttributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(16));
     cipherAttributes.put(IBlockCipher.KEY_MATERIAL,
                          attributes.get(KEY_ENCRYPTION_KEY_MATERIAL));
+    aes.reset();
     aes.init(cipherAttributes);
     byte[] initialValue = (byte[]) attributes.get(INITIAL_VALUE);
     iv = initialValue == null ? DEFAULT_IV : (byte[]) initialValue.clone();
diff --git a/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java b/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java
index d6209fc27..206e01d13 100644
--- a/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java
+++ b/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java
@@ -38,6 +38,8 @@ exception statement from your version. */
 
 package gnu.javax.crypto.kwa;
 
+import gnu.java.security.util.PRNG;
+
 import java.security.InvalidKeyException;
 import java.util.Collections;
 import java.util.Map;
@@ -53,6 +55,8 @@ public abstract class BaseKeyWrappingAlgorithm
 {
   /** The canonical name of the key wrapping algorithm. */
   protected String name;
+  /** A source of randomness if/when needed by concrete implementations. */
+  private PRNG prng;
 
   /**
    * Protected constructor.
@@ -129,4 +133,13 @@ public abstract class BaseKeyWrappingAlgorithm
 
   protected abstract byte[] engineUnwrap(byte[] in, int inOffset, int length)
       throws KeyUnwrappingException;
+
+  /** @return a strong pseudo-random number generator if/when needed. */
+  protected PRNG getDefaultPRNG()
+  {
+    if (prng == null)
+      prng = PRNG.getInstance();
+
+    return prng;
+  }
 }
diff --git a/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java b/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java
index 7d98cfa4f..d9c2bed14 100644
--- a/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java
+++ b/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java
@@ -39,6 +39,7 @@ exception statement from your version. */
 package gnu.javax.crypto.kwa;
 
 import java.security.InvalidKeyException;
+import java.security.SecureRandom;
 import java.util.Map;
 
 import javax.crypto.ShortBufferException;
@@ -62,6 +63,11 @@ public interface IKeyWrappingAlgorithm
    * containing the initial integrity check register value.
    */
   String INITIAL_VALUE = "gnu.crypto.kwa.iv";
+  /**
+   * Property name of an optional {@link SecureRandom} instance to use. The
+   * default is to use a {@link gnu.java.security.util.PRNG} instance.
+   */
+  String SOURCE_OF_RANDOMNESS = "gnu.crypto.kwa.prng";
 
   /**
    * Returns the canonical name of this Key Wrapping Algorithm.
diff --git a/gnu/javax/crypto/kwa/TripleDESKeyWrap.java b/gnu/javax/crypto/kwa/TripleDESKeyWrap.java
index be3014cf0..71562bd75 100644
--- a/gnu/javax/crypto/kwa/TripleDESKeyWrap.java
+++ b/gnu/javax/crypto/kwa/TripleDESKeyWrap.java
@@ -40,7 +40,6 @@ package gnu.javax.crypto.kwa;
 
 import gnu.java.security.Registry;
 import gnu.java.security.hash.Sha160;
-import gnu.java.security.util.PRNG;
 import gnu.javax.crypto.assembly.Assembly;
 import gnu.javax.crypto.assembly.Cascade;
 import gnu.javax.crypto.assembly.Direction;
@@ -53,6 +52,7 @@ import gnu.javax.crypto.mode.IMode;
 import gnu.javax.crypto.mode.ModeFactory;
 
 import java.security.InvalidKeyException;
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.HashMap;
 import java.util.Map;
@@ -82,7 +82,7 @@ public class TripleDESKeyWrap
   private HashMap asmAttributes = new HashMap();
   private HashMap modeAttributes = new HashMap();
   private Sha160 sha = new Sha160();
-  private PRNG prng = PRNG.getInstance();
+  private SecureRandom rnd;
 
   public TripleDESKeyWrap()
   {
@@ -91,6 +91,7 @@ public class TripleDESKeyWrap
 
   protected void engineInit(Map attributes) throws InvalidKeyException
   {
+    rnd = (SecureRandom) attributes.get(IKeyWrappingAlgorithm.SOURCE_OF_RANDOMNESS);
     IMode des3CBC = ModeFactory.getInstance(Registry.CBC_MODE, new TripleDES(), 8);
     Stage des3CBCStage = Stage.getInstance(des3CBC, Direction.FORWARD);
     Cascade cascade = new Cascade();
@@ -103,7 +104,6 @@ public class TripleDESKeyWrap
 
     modeAttributes.put(IBlockCipher.KEY_MATERIAL,
                        attributes.get(KEY_ENCRYPTION_KEY_MATERIAL));
-//    modeAttributes.put(IMode.IV, DEFAULT_IV);
     asmAttributes.put(Assembly.DIRECTION, Direction.FORWARD);
   }
 
@@ -148,7 +148,7 @@ public class TripleDESKeyWrap
 
     // 4. Generate 8 octets at random, call the result IV.
     byte[] IV = new byte[8];
-    prng.nextBytes(IV);
+    nextRandomBytes(IV);
 
     // 5. Encrypt CEKICV in CBC mode using the key-encryption key.  Use the
     //    random value generated in the previous step as the initialization
@@ -276,4 +276,17 @@ public class TripleDESKeyWrap
     // 9. Use CEK as a Triple-DES key.
     return CEK;
   }
+  
+  /**
+   * Fills the designated byte array with random data.
+   * 
+   * @param buffer the byte array to fill with random data.
+   */
+  private void nextRandomBytes(byte[] buffer)
+  {
+    if (rnd != null)
+      rnd.nextBytes(buffer);
+    else
+      getDefaultPRNG().nextBytes(buffer);
+  }
 }
author	Raif S. Naffah <raif@swiftdsl.com.au>	2006-07-16 03:12:53 +0000
committer	Raif S. Naffah <raif@swiftdsl.com.au>	2006-07-16 03:12:53 +0000
commit	2054c40d0b7ce454677d282e2be9944d623c24f8 (patch)
tree	f811535b68f67b942690ab8b28504afd5960004a
parent	dc55897c48d4bd4c001b29f34e698c0628d8a8bc (diff)
download	classpath-2054c40d0b7ce454677d282e2be9944d623c24f8.tar.gz