diff options
author | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-07-16 03:12:53 +0000 |
---|---|---|
committer | Raif S. Naffah <raif@swiftdsl.com.au> | 2006-07-16 03:12:53 +0000 |
commit | 2054c40d0b7ce454677d282e2be9944d623c24f8 (patch) | |
tree | f811535b68f67b942690ab8b28504afd5960004a | |
parent | dc55897c48d4bd4c001b29f34e698c0628d8a8bc (diff) | |
download | classpath-2054c40d0b7ce454677d282e2be9944d623c24f8.tar.gz |
2006-07-16 Raif S. Naffah <raif@swiftdsl.com.au>
* gnu/javax/crypto/kwa/TripleDESKeyWrap.java (rnd): New field.
(engineInit): If a SecureRandom was specified then use it.
(nextRandomBytes): New method.
(engineWrap): Use above method.
* gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java (prng): New field.
(getDefaultPRNG): New method.
* gnu/javax/crypto/kwa/AESKeyWrap.java (engineInit): Reset underlying AES.
* gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java (SOURCE_OF_RANDOMNESS):
New constant.
-rw-r--r-- | ChangeLog | 12 | ||||
-rw-r--r-- | gnu/javax/crypto/kwa/AESKeyWrap.java | 1 | ||||
-rw-r--r-- | gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java | 13 | ||||
-rw-r--r-- | gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java | 6 | ||||
-rw-r--r-- | gnu/javax/crypto/kwa/TripleDESKeyWrap.java | 21 |
5 files changed, 49 insertions, 4 deletions
@@ -1,5 +1,17 @@ 2006-07-16 Raif S. Naffah <raif@swiftdsl.com.au> + * gnu/javax/crypto/kwa/TripleDESKeyWrap.java (rnd): New field. + (engineInit): If a SecureRandom was specified then use it. + (nextRandomBytes): New method. + (engineWrap): Use above method. + * gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java (prng): New field. + (getDefaultPRNG): New method. + * gnu/javax/crypto/kwa/AESKeyWrap.java (engineInit): Reset underlying AES. + * gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java (SOURCE_OF_RANDOMNESS): + New constant. + +2006-07-16 Raif S. Naffah <raif@swiftdsl.com.au> + * gnu/javax/crypto/jce/params/BlockCipherParameters.java (engineGetParameterSpec): Should be able to return an IvParameterSpec. diff --git a/gnu/javax/crypto/kwa/AESKeyWrap.java b/gnu/javax/crypto/kwa/AESKeyWrap.java index dec74ff87..bb86c5477 100644 --- a/gnu/javax/crypto/kwa/AESKeyWrap.java +++ b/gnu/javax/crypto/kwa/AESKeyWrap.java @@ -82,6 +82,7 @@ public class AESKeyWrap cipherAttributes.put(IBlockCipher.CIPHER_BLOCK_SIZE, Integer.valueOf(16)); cipherAttributes.put(IBlockCipher.KEY_MATERIAL, attributes.get(KEY_ENCRYPTION_KEY_MATERIAL)); + aes.reset(); aes.init(cipherAttributes); byte[] initialValue = (byte[]) attributes.get(INITIAL_VALUE); iv = initialValue == null ? DEFAULT_IV : (byte[]) initialValue.clone(); diff --git a/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java b/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java index d6209fc27..206e01d13 100644 --- a/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java +++ b/gnu/javax/crypto/kwa/BaseKeyWrappingAlgorithm.java @@ -38,6 +38,8 @@ exception statement from your version. */ package gnu.javax.crypto.kwa; +import gnu.java.security.util.PRNG; + import java.security.InvalidKeyException; import java.util.Collections; import java.util.Map; @@ -53,6 +55,8 @@ public abstract class BaseKeyWrappingAlgorithm { /** The canonical name of the key wrapping algorithm. */ protected String name; + /** A source of randomness if/when needed by concrete implementations. */ + private PRNG prng; /** * Protected constructor. @@ -129,4 +133,13 @@ public abstract class BaseKeyWrappingAlgorithm protected abstract byte[] engineUnwrap(byte[] in, int inOffset, int length) throws KeyUnwrappingException; + + /** @return a strong pseudo-random number generator if/when needed. */ + protected PRNG getDefaultPRNG() + { + if (prng == null) + prng = PRNG.getInstance(); + + return prng; + } } diff --git a/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java b/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java index 7d98cfa4f..d9c2bed14 100644 --- a/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java +++ b/gnu/javax/crypto/kwa/IKeyWrappingAlgorithm.java @@ -39,6 +39,7 @@ exception statement from your version. */ package gnu.javax.crypto.kwa; import java.security.InvalidKeyException; +import java.security.SecureRandom; import java.util.Map; import javax.crypto.ShortBufferException; @@ -62,6 +63,11 @@ public interface IKeyWrappingAlgorithm * containing the initial integrity check register value. */ String INITIAL_VALUE = "gnu.crypto.kwa.iv"; + /** + * Property name of an optional {@link SecureRandom} instance to use. The + * default is to use a {@link gnu.java.security.util.PRNG} instance. + */ + String SOURCE_OF_RANDOMNESS = "gnu.crypto.kwa.prng"; /** * Returns the canonical name of this Key Wrapping Algorithm. diff --git a/gnu/javax/crypto/kwa/TripleDESKeyWrap.java b/gnu/javax/crypto/kwa/TripleDESKeyWrap.java index be3014cf0..71562bd75 100644 --- a/gnu/javax/crypto/kwa/TripleDESKeyWrap.java +++ b/gnu/javax/crypto/kwa/TripleDESKeyWrap.java @@ -40,7 +40,6 @@ package gnu.javax.crypto.kwa; import gnu.java.security.Registry; import gnu.java.security.hash.Sha160; -import gnu.java.security.util.PRNG; import gnu.javax.crypto.assembly.Assembly; import gnu.javax.crypto.assembly.Cascade; import gnu.javax.crypto.assembly.Direction; @@ -53,6 +52,7 @@ import gnu.javax.crypto.mode.IMode; import gnu.javax.crypto.mode.ModeFactory; import java.security.InvalidKeyException; +import java.security.SecureRandom; import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -82,7 +82,7 @@ public class TripleDESKeyWrap private HashMap asmAttributes = new HashMap(); private HashMap modeAttributes = new HashMap(); private Sha160 sha = new Sha160(); - private PRNG prng = PRNG.getInstance(); + private SecureRandom rnd; public TripleDESKeyWrap() { @@ -91,6 +91,7 @@ public class TripleDESKeyWrap protected void engineInit(Map attributes) throws InvalidKeyException { + rnd = (SecureRandom) attributes.get(IKeyWrappingAlgorithm.SOURCE_OF_RANDOMNESS); IMode des3CBC = ModeFactory.getInstance(Registry.CBC_MODE, new TripleDES(), 8); Stage des3CBCStage = Stage.getInstance(des3CBC, Direction.FORWARD); Cascade cascade = new Cascade(); @@ -103,7 +104,6 @@ public class TripleDESKeyWrap modeAttributes.put(IBlockCipher.KEY_MATERIAL, attributes.get(KEY_ENCRYPTION_KEY_MATERIAL)); -// modeAttributes.put(IMode.IV, DEFAULT_IV); asmAttributes.put(Assembly.DIRECTION, Direction.FORWARD); } @@ -148,7 +148,7 @@ public class TripleDESKeyWrap // 4. Generate 8 octets at random, call the result IV. byte[] IV = new byte[8]; - prng.nextBytes(IV); + nextRandomBytes(IV); // 5. Encrypt CEKICV in CBC mode using the key-encryption key. Use the // random value generated in the previous step as the initialization @@ -276,4 +276,17 @@ public class TripleDESKeyWrap // 9. Use CEK as a Triple-DES key. return CEK; } + + /** + * Fills the designated byte array with random data. + * + * @param buffer the byte array to fill with random data. + */ + private void nextRandomBytes(byte[] buffer) + { + if (rnd != null) + rnd.nextBytes(buffer); + else + getDefaultPRNG().nextBytes(buffer); + } } |