RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations
bradford.wetmore at oracle.com
Tue Apr 26 19:27:28 UTC 2016
On 4/25/2016 11:25 PM, Wang Weijun wrote:
>> On Apr 26, 2016, at 8:48 AM, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
>> but the runtime "Health Testing" I was talking about is in the diagram of Section 7, and details in section 11.3:
> I haven't touched this area yet.
> If you think it's necessary, I would like to add the test inside the static <clinit> block of AbstractDrbg$SeederHolder. The test will be on Hash_DRBG/SHA-256 and whatever mech/algorithm defined by securerandom.drbg.config (They are the same by default). The test will be in the same thread (otherwise I don't know how to report an error). If it fails, a RuntimeException will be thrown.
Please read over this section, but I *THINK* you are supposed to run a
known-answer test on each SecureRandom instance created, not just the
single one used as a seeder during <clinit>:
Known-answer tests shall be conducted on each DRBG function within
a boundary or sub-boundary prior to the first use of that DRBG
(e.g., during the power-on self-testing sequence).
Which may mean that you'll need a known-answer test for each
configuration type. Unless I'm interpreting this wrong.
> I can extract the test from CAVP, instantiate + reseed + generate with both non-null personalization string and additional input, and PR on. It won't take long.
> This is purely internal and automatic, maybe a new abstract method in AbstractDrbg is needed.
> Can we do this after the JEP?
That's fine with me, but the answer needs to be resolved (either work
completed or it will not be done) by FCS/GA.
> BTW, I probably will not be able to send out a new webrev today. Tomorrow is OK.
Tomorrow is fine, it will allow me to respond to your other Q's. ;)
More information about the security-dev