RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Tue Apr 5 02:34:58 UTC 2016


Updated webrev again at

 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/
 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/spec
 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/specdiff

The only change is that SecureRandomInstantiateParameters, SecureRandomNextBytesParameters and SecureRandomReseedParameters are removed and only a single SecureRandomParameters is added. There seems no reason to introduce 3 marker interfaces.

Thanks
Max


> On Apr 1, 2016, at 7:34 PM, Wang Weijun <weijun.wang at oracle.com> wrote:
> 
> Hi All
> 
> Updated webrev at
> 
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/spec
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/specdiff
> 
> Spec changes:
> 
>  - More text in @implNote of DrbgParameters.java, which somehow matches the Minimal Documentation Requirements described in 11.1 of NIST SP 800-90Ar1.
> 
>  - DrbgParameters.instantiate(strength,cap,ps) throws NPE if cap is null
> 
>  - SecureRandom.java: no more @implSpec for new methods since impl is in SecureRandomSpi. Also, make the following word changes in all UOE cases:
> 
>    - * @throws UnsupportedOperationException if the implementation
>    - *         has not overridden this method.
>    + * @throws UnsupportedOperationException if the underlying provider
>    + *         implementation has not overridden this method.
> 
> "drbg" security property changes:
> 
>  - delimiter is now ",". Otherwise, "SHA-512/256" is ambiguous.
> 
>  - AbstractDrbg#toString and DrbgParameters$Instantiate#toString also use "," now.
> 
>  - default value is "", thus each aspect uses its own default as described in the comment.
> 
>  - examples
> 
> Code changes:
> 
>  - DRBG.java: more check for the "drbg" security property, one aspect cannot be set twice,
>    and strength must be positive
> 
>  - HashDrbg.java optimization
> 
>    * Use MessageDigest#digest(output,offset,length) instead of digest()+arraycopy.
>      (BTW, why is DigestException a checked exception?) --  a little useful
> 
>    * addBytes() now updates its first argument, therefore less round of adding -- very useful
> 
>    * store "new byte[1]" and "new byte[]{1}" as constants -- a little useful
> 
>  - MoreDrbgParameters: now including mech, so it can fully cover the "drbg" security property.  It still includes non-publicly configurable items like entropy source and nonce, that the DRBG (known-answer) Test Vectors require.
> 
> Thanks
> Max
> 



More information about the security-dev mailing list