RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

Xuelei Fan xuelei.fan at oracle.com
Tue Apr 19 04:34:49 UTC 2016


Two minor comments about the spec.

1. DrbgParameters.Capability
The spec for each enum item is not very clear.  Please add more comments
about the meaning and behavior of each item.

2. DrbgParameters.Instantiate
Looks like this class would be better to an extendable individual class.
 Declare this class as "static final" may limit it extension.

Further more, if you add a public construct (the same as
DrbgParameters.instantiate()), this class may be not necessary to be
wrapped in DrbgParameters.

DrbgParameters {
    public static final class Instantiate
         implements SecureRandomParameters;
    public static Instantiate instantiate(int strength,
         Capability capability, byte[] personalizationString);
}

->
Public class DrbgInstantiateParameters {
    public DrbgInstantiateParameters(int, Capability, byte[]);
    ...
}

Similar comments to NextBytes and Reseed.

If classes Instantiate, NextBytes and Reseed are not wrapped in
DrbgParameters, you may not need DrbgParameters any more.

Otherwise, the spec looks fine to me.

Xuelei

On 4/15/2016 9:35 PM, Wang Weijun wrote:
> Hi All
> 
> Webrev updated again at
> 
> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/
> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/spec
> http://cr.openjdk.java.net/~weijun/8051408/webrev.10/specdiff
> 
> Changes since webrev.09:
> 
> 1. The first line in DrbgParameters:
> 
> - * This class specifies the parameters used by a DRBG.
> + * This class specifies the parameters used by a DRBG (Deterministic
> + * Random Bit Generator).
> 
> 2. Two new methods for DrbgParameters$Capability:
> 
>    public boolean supportsReseeding();
>    public boolean supportsPredictionResistance();
> 
> So you will be able to write
> 
>  drbg = SecureRandom.getInstance("DRBG");
> 
>  SecureRandomParameters params = drbg.getParameters();
>  if (params instanceof DrbgParameters.Instantiate) {
>      DrbgParameters.Instantiate ins = (DrbgParameters.Instantiate) params;
>      if (ins.getCapability().supportsReseeding()) {
>          drbg.reseed();
>      }
>  }
> 
> 3. More descriptive text in exception thrown.
> 
> Thanks
> Max
> 
> 
> 
>> On Apr 5, 2016, at 10:34 AM, Wang Weijun <weijun.wang at oracle.com> wrote:
>>
>> Updated webrev again at
>>
>> http://cr.openjdk.java.net/~weijun/8051408/webrev.09/
>> http://cr.openjdk.java.net/~weijun/8051408/webrev.09/spec
>> http://cr.openjdk.java.net/~weijun/8051408/webrev.09/specdiff
>>
>> The only change is that SecureRandomInstantiateParameters, SecureRandomNextBytesParameters and SecureRandomReseedParameters are removed and only a single SecureRandomParameters is added. There seems no reason to introduce 3 marker interfaces.
>>
>> Thanks
>> Max
> 



More information about the security-dev mailing list