hello there, this patch (except for gnu/java/security/key/dss/DSSKeyPairGenerator) replaces the new SecureRandom() occurrences with the use of an instance field (or in two cases where the class has only static methods, with a class field) set to an instance of a default PRNG (a seeded MDGenerator).
Casey's concerns of using the PRNG Singleton originally used in GNU
Crypto have been hopefully addressed by the use of local instances.
the DSSKeyPairGenerator class in addition (i know it should have been a
separate patch) adds a new (boolean) parameter to the generator used
during its setup: STRICT_DEFAULTS. by default this is false, for
backward compatibility. it's added to allow fulfilling a JCE
requirement of throwing an exception when default parameters are
requested but not available.
the ChangeLog entry follows:
2006-02-02 Raif S. Naffah <[EMAIL PROTECTED]>
* gnu/javax/crypto/sasl/srp/SRPServer.java (prng): New field.
(getDefaultPRNG): New method.
(parseO): Use method above.
* gnu/javax/crypto/sasl/srp/SRPClient.java (prng): New field.
(getDefaultPRNG): New method.
(createO): Use method above.
* gnu/javax/crypto/sasl/srp/KDF.java (prng): New class field.
(nextByte): Use above field.
* gnu/javax/crypto/pad/PKCS1_V1_5.java (selfTest): Use PRNG instance.
* gnu/java/security/sig/rsa/RSA.java: New class field.
(newR): Use above field
* gnu/java/security/sig/rsa/EME_PKCS1_V1_5.java (prng): New field.
(encode): Use field.above.
* gnu/java/security/key/dss/FIPS186.java (prng): New field.
(getDefaultPRNG): new method.
(nextRandomBytes): Use above method.
* gnu/java/security/key/rsa/RSAKeyPairGenerator.java: Likewise.
* gnu/java/security/sig/BaseSignature.java: Likewise.
* gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java: Likewise.
* gnu/javax/crypto/key/dh/RFC2631.java: Likewise.
* gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java: Likewise.
* gnu/javax/crypto/key/BaseKeyAgreementParty.java: Likewise.
* gnu/java/security/key/dss/DSSKeyPairGenerator.java (prng): New field.
(getDefaultPRNG): new method.
(nextRandomBytes): Use above method.
(STRICT_DEFAULTS): new class field.
(USE_DEFAULTS): more documentation to clarify behavior.
(setup): amended to handle new attribute.
ok to commit?
cheers;
rsn
Index: DSSKeyPairGenerator.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/key/dss/DSSKeyPairGenerator.java,v
retrieving revision 1.1
diff -u -r1.1 DSSKeyPairGenerator.java
--- DSSKeyPairGenerator.java 26 Jan 2006 02:25:10 -0000 1.1
+++ DSSKeyPairGenerator.java 2 Feb 2006 09:03:37 -0000
@@ -41,6 +41,7 @@
import gnu.java.security.Registry;
import gnu.java.security.hash.Sha160;
import gnu.java.security.key.IKeyPairGenerator;
+import gnu.java.security.util.PRNG;
import java.io.PrintWriter;
import java.math.BigInteger;
@@ -88,10 +89,55 @@
/** Property name of the length (Integer) of the modulus (p) of a DSS key. */
public static final String MODULUS_LENGTH = "gnu.crypto.dss.L";
- /** Property name of the Boolean indicating wether or not to use defaults. */
+ /**
+ * Property name of the Boolean indicating wether or not to use default pre-
+ * computed values of <code>p</code>, <code>q</code> and <code>g</code> for
+ * a given modulus length. The ultimate behaviour of this generator with
+ * regard to using pre-computed parameter sets will depend on the value of
+ * this property and of the following one [EMAIL PROTECTED] #STRICT_DEFAULTS}:
+ *
+ * <ol>
+ * <li>If this property is [EMAIL PROTECTED] Boolean#FALSE} then this generator
+ * will accept being setup for generating parameters for any modulus length
+ * provided the modulus length is between <code>512</code> and
+ * <code>1024</code>, and is of the form <code>512 + 64 * n</code>. In
+ * addition, a new paramter set will always be generated; i.e. no pre-
+ * computed values are used.</li>
+ *
+ * <li>If this property is [EMAIL PROTECTED] Boolean#TRUE} and the value of
+ * [EMAIL PROTECTED] #STRICT_DEFAULTS} is also [EMAIL PROTECTED] Boolean#TRUE} then this generator
+ * will only accept being setup for generating parameters for modulus
+ * lengths of <code>512</code>, <code>768</code> and <code>1024</code>. Any
+ * other value, of the modulus length, even if between <code>512</code> and
+ * <code>1024</code>, and of the form <code>512 + 64 * n</code>, will cause
+ * an [EMAIL PROTECTED] IllegalArgumentException} to be thrown. When those modulus
+ * length (<code>512</code>, <code>768</code>, and <code>1024</code>) are
+ * specified, the paramter set is always the same.</li>
+ *
+ * <li>Finally, if this property is [EMAIL PROTECTED] Boolean#TRUE} and the value of
+ * [EMAIL PROTECTED] #STRICT_DEFAULTS} is [EMAIL PROTECTED] Boolean#FALSE} then this generator
+ * will behave as in point 1 above, except that it will use pre-computed
+ * values when possible; i.e. the modulus length is one of <code>512</code>,
+ * <code>768</code>, or <code>1024</code>.</li>
+ * </ol>
+ *
+ * The default value of this property is [EMAIL PROTECTED] Boolean#TRUE}.
+ */
public static final String USE_DEFAULTS = "gnu.crypto.dss.use.defaults";
/**
+ * Property name of the Boolean indicating wether or not to generate new
+ * parameters, even if the modulus length <i>L</i> is not one of the pre-
+ * computed defaults (value [EMAIL PROTECTED] Boolean#FALSE}), or throw an exception
+ * (value [EMAIL PROTECTED] Boolean#TRUE}) -- the exception in this case is an
+ * [EMAIL PROTECTED] IllegalArgumentException}. The default value for this property is
+ * [EMAIL PROTECTED] Boolean#FALSE}. The ultimate behaviour of this generator will
+ * depend on the values of this and [EMAIL PROTECTED] #USE_DEFAULTS} properties -- see
+ * [EMAIL PROTECTED] #USE_DEFAULTS} for more information.
+ */
+ public static final String STRICT_DEFAULTS = "gnu.crypto.dss.strict.defaults";
+
+ /**
* Property name of an optional [EMAIL PROTECTED] SecureRandom} instance to use. The
* default is to use a classloader singleton from [EMAIL PROTECTED] PRNG}.
*/
@@ -181,6 +227,9 @@
private BigInteger XKEY;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -222,6 +271,10 @@
useDefaults = Boolean.TRUE;
}
+ Boolean strictDefaults = (Boolean) attributes.get(STRICT_DEFAULTS);
+ if (strictDefaults == null)
+ strictDefaults = Boolean.FALSE;
+
// are we given a set of DSA params or we shall use/generate our own?
DSAParameterSpec params = (DSAParameterSpec) attributes.get(DSS_PARAMETERS);
if (params != null)
@@ -250,9 +303,16 @@
g = KEY_PARAMS_1024.getG();
break;
default:
- p = null;
- q = null;
- g = null;
+ if (strictDefaults.equals(Boolean.TRUE))
+ throw new IllegalArgumentException(
+ "Does not provide default parameters for " + L
+ + "-bit modulus length");
+ else
+ {
+ p = null;
+ q = null;
+ g = null;
+ }
}
}
else
@@ -353,8 +413,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: FIPS186.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/key/dss/FIPS186.java,v
retrieving revision 1.1
diff -u -r1.1 FIPS186.java
--- FIPS186.java 26 Jan 2006 02:25:10 -0000 1.1
+++ FIPS186.java 2 Feb 2006 09:09:21 -0000
@@ -39,6 +39,7 @@
package gnu.java.security.key.dss;
import gnu.java.security.hash.Sha160;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Prime2;
import java.math.BigInteger;
@@ -87,6 +88,9 @@
/** The optional [EMAIL PROTECTED] SecureRandom} instance to use. */
private SecureRandom rnd = null;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -126,7 +130,7 @@
*
* The algorithm used to find these primes is as described in FIPS-186,
* section 2.2: GENERATION OF PRIMES. This prime generation scheme starts by
- * using the [EMAIL PROTECTED] gnu.crypto.hash.Sha160} and a user supplied <i>SEED</i>
+ * using the [EMAIL PROTECTED] Sha160} and a user supplied <i>SEED</i>
* to construct a prime, <code>q</code>, in the range 2<sup>159</sup> < q
* < 2<sup>160</sup>. Once this is accomplished, the same <i>SEED</i>
* value is used to construct an <code>X</code> in the range <code>2<sup>L-1
@@ -279,8 +283,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: RSAKeyPairGenerator.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/key/rsa/RSAKeyPairGenerator.java,v
retrieving revision 1.1
diff -u -r1.1 RSAKeyPairGenerator.java
--- RSAKeyPairGenerator.java 26 Jan 2006 02:25:11 -0000 1.1
+++ RSAKeyPairGenerator.java 2 Feb 2006 09:10:19 -0000
@@ -40,6 +40,7 @@
import gnu.java.security.Registry;
import gnu.java.security.key.IKeyPairGenerator;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Prime2;
import java.math.BigInteger;
@@ -109,6 +110,9 @@
/** The optional [EMAIL PROTECTED] SecureRandom} instance to use. */
private SecureRandom rnd = null;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -229,8 +233,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: EME_PKCS1_V1_5.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/sig/rsa/EME_PKCS1_V1_5.java,v
retrieving revision 1.1
diff -u -r1.1 EME_PKCS1_V1_5.java
--- EME_PKCS1_V1_5.java 26 Jan 2006 02:25:11 -0000 1.1
+++ EME_PKCS1_V1_5.java 2 Feb 2006 09:10:56 -0000
@@ -40,9 +40,9 @@
import gnu.java.security.prng.IRandom;
import gnu.java.security.prng.LimitReachedException;
+import gnu.java.security.util.PRNG;
import java.io.ByteArrayOutputStream;
-import java.security.SecureRandom;
import java.security.interfaces.RSAKey;
import java.util.Random;
@@ -70,6 +70,9 @@
private ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ /** Our default source of randomness. */
+ private PRNG prng = PRNG.getInstance();
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -128,8 +131,7 @@
final byte[] PS = new byte[k - M.length - 3];
// FIXME. This should be configurable, somehow.
- SecureRandom rnd = new SecureRandom ();
- rnd.nextBytes(PS);
+ prng.nextBytes(PS);
int i = 0;
for (; i < PS.length; i++)
{
@@ -300,6 +302,5 @@
baos.reset();
return result;
-
}
}
Index: RSA.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/sig/rsa/RSA.java,v
retrieving revision 1.1
diff -u -r1.1 RSA.java
--- RSA.java 26 Jan 2006 02:25:11 -0000 1.1
+++ RSA.java 2 Feb 2006 09:11:27 -0000
@@ -39,12 +39,11 @@
package gnu.java.security.sig.rsa;
import gnu.java.security.Properties;
-import gnu.java.security.key.rsa.GnuRSAKey;
+import gnu.java.security.util.PRNG;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
@@ -79,6 +78,9 @@
private static final BigInteger ONE = BigInteger.ONE;
+ /** Our default source of randomness. */
+ private static final PRNG prng = PRNG.getInstance();
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -340,16 +342,15 @@
final int upper = (N.bitLength() + 7) / 8;
final int lower = upper / 2;
final byte[] bl = new byte[1];
- SecureRandom rnd = new SecureRandom ();
int b;
do
{
- rnd.nextBytes(bl);
+ prng.nextBytes(bl);
b = bl[0] & 0xFF;
}
while (b < lower || b > upper);
final byte[] buffer = new byte[b]; // 256-bit MPI
- rnd.nextBytes(buffer);
+ prng.nextBytes(buffer);
return new BigInteger(1, buffer);
}
}
Index: BaseSignature.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/java/security/sig/BaseSignature.java,v
retrieving revision 1.1
diff -u -r1.1 BaseSignature.java
--- BaseSignature.java 26 Jan 2006 02:25:11 -0000 1.1
+++ BaseSignature.java 2 Feb 2006 09:12:49 -0000
@@ -41,10 +41,10 @@
import gnu.java.security.hash.IMessageDigest;
import gnu.java.security.prng.IRandom;
import gnu.java.security.prng.LimitReachedException;
+import gnu.java.security.util.PRNG;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.SecureRandom;
import java.util.Map;
import java.util.Random;
@@ -76,6 +76,9 @@
/** The optional [EMAIL PROTECTED] IRandom} instance to use. */
private IRandom irnd;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -224,9 +227,7 @@
}
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
}
private void setup(Map attributes)
@@ -244,4 +245,12 @@
irnd = (IRandom) obj;
}
}
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
+ }
}
Index: PRNG.java
===================================================================
RCS file: PRNG.java
diff -N PRNG.java
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ PRNG.java 1 Jan 1970 00:00:00 -0000
@@ -0,0 +1,156 @@
+/* PRNG.java -- A Utility methods for default source of randomness
+ Copyright (C) 2006 Free Software Foundation, Inc.
+
+This file is part of GNU Classpath.
+
+GNU Classpath is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2, or (at your option)
+any later version.
+
+GNU Classpath is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+General Public License for more details.
+
+You should have received a copy of the GNU General Public License
+along with GNU Classpath; see the file COPYING. If not, write to the
+Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+02110-1301 USA.
+
+Linking this library statically or dynamically with other modules is
+making a combined work based on this library. Thus, the terms and
+conditions of the GNU General Public License cover the whole
+combination.
+
+As a special exception, the copyright holders of this library give you
+permission to link this library with independent modules to produce an
+executable, regardless of the license terms of these independent
+modules, and to copy and distribute the resulting executable under
+terms of your choice, provided that you also meet, for each linked
+independent module, the terms and conditions of the license of that
+module. An independent module is a module which is not derived from
+or based on this library. If you modify this library, you may extend
+this exception to your version of the library, but you are not
+obligated to do so. If you do not wish to do so, delete this
+exception statement from your version. */
+
+
+package gnu.java.security.util;
+
+import java.util.HashMap;
+
+import gnu.java.security.prng.IRandom;
+import gnu.java.security.prng.LimitReachedException;
+import gnu.java.security.prng.MDGenerator;
+
+/**
+ * A useful hash-based (SHA) pseudo-random number generator used
+ * throughout this library.
+ *
+ * @see MDGenerator
+ */
+public class PRNG
+{
+ // Constans and fields
+ // --------------------------------------------------------------------------
+
+ /** The underlying [EMAIL PROTECTED] IRandom}. */
+ private IRandom delegate;
+
+ // Constructor(s)
+ // --------------------------------------------------------------------------
+
+ /**
+ * Private constructor to enforce using the Factory method.
+ *
+ * @param delegate
+ * the undelying [EMAIL PROTECTED] IRandom} object used.
+ */
+ private PRNG(IRandom delegate)
+ {
+ super();
+
+ this.delegate = delegate;
+ }
+
+ // Class methods
+ // --------------------------------------------------------------------------
+
+ public static final PRNG getInstance()
+ {
+ IRandom delegate = new MDGenerator();
+ try
+ {
+ HashMap map = new HashMap();
+ // initialise it with a seed
+ long t = System.currentTimeMillis();
+ byte[] seed = new byte[] {
+ (byte) (t >>> 56), (byte) (t >>> 48),
+ (byte) (t >>> 40), (byte) (t >>> 32),
+ (byte) (t >>> 24), (byte) (t >>> 16),
+ (byte) (t >>> 8), (byte) t};
+ map.put(MDGenerator.SEEED, seed);
+ delegate.init(map); // default is to use SHA-1 hash
+ }
+ catch (Exception x)
+ {
+ throw new ExceptionInInitializerError(x);
+ }
+
+ return new PRNG(delegate);
+ }
+
+ // Instance methods
+ // --------------------------------------------------------------------------
+
+ /**
+ * Completely fills the designated <code>buffer</code> with random data
+ * generated by the underlying delegate.
+ *
+ * @param buffer
+ * the place holder of random bytes generated by the underlying
+ * delegate. On output, the contents of <code>buffer</code> are
+ * replaced with pseudo-random data, iff the <code>buffer</code>
+ * size is not zero.
+ */
+ public void nextBytes(byte[] buffer)
+ {
+ nextBytes(buffer, 0, buffer.length);
+ }
+
+ /**
+ * Fills the designated <code>buffer</code>, starting from byte at position
+ * <code>offset</code> with, at most, <code>length</code> bytes of random
+ * data generated by the underlying delegate.
+ *
+ * @see IRandom#nextBytes
+ */
+ public void nextBytes(byte[] buffer, int offset, int length)
+ {
+ try
+ {
+ delegate.nextBytes(buffer, offset, length);
+ }
+ catch (LimitReachedException x) // re-initialise with a seed
+ {
+ try
+ {
+ HashMap map = new HashMap();
+ long t = System.currentTimeMillis();
+ byte[] seed = new byte[] {
+ (byte)(t >>> 56), (byte)(t >>> 48),
+ (byte)(t >>> 40), (byte)(t >>> 32),
+ (byte)(t >>> 24), (byte)(t >>> 16),
+ (byte)(t >>> 8), (byte) t };
+ map.put(MDGenerator.SEEED, seed);
+ delegate.init(map); // default is to use SHA-1 hash
+ delegate.nextBytes(buffer, offset, length);
+ }
+ catch (Exception y)
+ {
+ throw new ExceptionInInitializerError(y);
+ }
+ }
+ }
+}
Index: GnuDHKeyPairGenerator.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/key/dh/GnuDHKeyPairGenerator.java,v
retrieving revision 1.1
diff -u -r1.1 GnuDHKeyPairGenerator.java
--- GnuDHKeyPairGenerator.java 26 Jan 2006 02:25:09 -0000 1.1
+++ GnuDHKeyPairGenerator.java 2 Feb 2006 09:15:40 -0000
@@ -41,6 +41,7 @@
import gnu.java.security.Registry;
import gnu.java.security.hash.Sha160;
import gnu.java.security.key.IKeyPairGenerator;
+import gnu.java.security.util.PRNG;
import java.io.PrintWriter;
import java.math.BigInteger;
@@ -133,6 +134,9 @@
private BigInteger g;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -247,8 +251,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: RFC2631.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/key/dh/RFC2631.java,v
retrieving revision 1.1
diff -u -r1.1 RFC2631.java
--- RFC2631.java 26 Jan 2006 02:25:09 -0000 1.1
+++ RFC2631.java 2 Feb 2006 09:16:13 -0000
@@ -39,6 +39,7 @@
package gnu.javax.crypto.key.dh;
import gnu.java.security.hash.Sha160;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Prime2;
import java.math.BigInteger;
@@ -87,6 +88,9 @@
/** The optional [EMAIL PROTECTED] SecureRandom} instance to use. */
private SecureRandom rnd = null;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -238,8 +242,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: SRPKeyPairGenerator.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/key/srp6/SRPKeyPairGenerator.java,v
retrieving revision 1.1
diff -u -r1.1 SRPKeyPairGenerator.java
--- SRPKeyPairGenerator.java 26 Jan 2006 02:25:09 -0000 1.1
+++ SRPKeyPairGenerator.java 2 Feb 2006 09:16:58 -0000
@@ -40,6 +40,7 @@
import gnu.java.security.Registry;
import gnu.java.security.key.IKeyPairGenerator;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Prime2;
import java.io.PrintWriter;
@@ -126,6 +127,9 @@
/** The user's verifier MPI. */
private BigInteger v;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -334,8 +338,14 @@
rnd.nextBytes(buffer);
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
Index: BaseKeyAgreementParty.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/key/BaseKeyAgreementParty.java,v
retrieving revision 1.1
diff -u -r1.1 BaseKeyAgreementParty.java
--- BaseKeyAgreementParty.java 26 Jan 2006 02:25:09 -0000 1.1
+++ BaseKeyAgreementParty.java 2 Feb 2006 09:17:33 -0000
@@ -40,6 +40,7 @@
import gnu.java.security.prng.IRandom;
import gnu.java.security.prng.LimitReachedException;
+import gnu.java.security.util.PRNG;
import java.math.BigInteger;
import java.security.SecureRandom;
@@ -75,6 +76,9 @@
/** The optional [EMAIL PROTECTED] IRandom} instance to use. */
protected IRandom irnd = null;
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -187,12 +191,18 @@
catch (LimitReachedException lre)
{
irnd = null;
- new SecureRandom ().nextBytes(buffer);
+ getDefaultPRNG().nextBytes(buffer);
}
}
else
- {
- new SecureRandom ().nextBytes(buffer);
- }
+ getDefaultPRNG().nextBytes(buffer);
+ }
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
}
}
\ No newline at end of file
Index: PKCS1_V1_5.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/pad/PKCS1_V1_5.java,v
retrieving revision 1.1
diff -u -r1.1 PKCS1_V1_5.java
--- PKCS1_V1_5.java 26 Jan 2006 02:25:09 -0000 1.1
+++ PKCS1_V1_5.java 2 Feb 2006 09:18:23 -0000
@@ -40,10 +40,10 @@
import gnu.java.security.Registry;
import gnu.java.security.sig.rsa.EME_PKCS1_V1_5;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Util;
import java.io.PrintWriter;
-import java.util.Random;
/**
* <p>A padding algorithm implementation of the EME-PKCS1-V1.5 encoding/decoding
@@ -143,7 +143,7 @@
{
final int[] mLen = new int[] { 16, 20, 32, 48, 64 };
final byte[] M = new byte[mLen[mLen.length - 1]];
- new Random ().nextBytes(M);
+ PRNG.getInstance().nextBytes(M);
final byte[] EM = new byte[1024];
byte[] p;
int bs, i, j;
Index: KDF.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/sasl/srp/KDF.java,v
retrieving revision 1.1
diff -u -r1.1 KDF.java
--- KDF.java 26 Jan 2006 02:25:10 -0000 1.1
+++ KDF.java 2 Feb 2006 09:19:11 -0000
@@ -40,11 +40,11 @@
import gnu.java.security.Registry;
import gnu.java.security.prng.LimitReachedException;
+import gnu.java.security.util.PRNG;
import gnu.javax.crypto.cipher.IBlockCipher;
import gnu.javax.crypto.prng.UMacGenerator;
import java.util.HashMap;
-import java.util.Random;
/**
* <p>The SASL-SRP KDF implementation, which is also used, depending on how it
@@ -60,6 +60,11 @@
private static final int AES_KEY_SIZE = 16; // default key size for the AES
+ private static final byte[] buffer = new byte[1];
+
+ /** Our default source of randomness. */
+ private static final PRNG prng = PRNG.getInstance();
+
/** The shared secret K to use. */
// private byte[] keyMaterial;
/** The underlying UMAC Generator instance. */
@@ -117,11 +122,18 @@
else
{
keyMaterial = new byte[AES_BLOCK_SIZE];
- ndx = new Random ().nextInt (256); // XXX does this need to be secure?
+ while (ndx < 1 || ndx > 255)
+ ndx = (byte) nextByte();
}
return new KDF(keyMaterial, ndx);
}
+ private static synchronized final int nextByte()
+ {
+ prng.nextBytes(buffer);
+ return (buffer[0] & 0xFF);
+ }
+
// Instance methods
// -------------------------------------------------------------------------
Index: SRPClient.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/sasl/srp/SRPClient.java,v
retrieving revision 1.1
diff -u -r1.1 SRPClient.java
--- SRPClient.java 26 Jan 2006 02:25:10 -0000 1.1
+++ SRPClient.java 2 Feb 2006 09:19:55 -0000
@@ -40,6 +40,7 @@
import gnu.java.security.Registry;
import gnu.java.security.hash.MD5;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Util;
import gnu.javax.crypto.key.IKeyAgreementParty;
@@ -65,7 +66,6 @@
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
@@ -160,6 +160,9 @@
private IKeyAgreementParty clientHandler = KeyAgreementFactory.getPartyAInstance(Registry.SRP_SASL_KA);
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -563,7 +566,8 @@
// if session re-use generate new 16-byte nonce
if (sid.length != 0)
{
- cn = new SecureRandom ().generateSeed (16);
+ cn = new byte[16];
+ getDefaultPRNG().nextBytes(cn);
}
else
{
@@ -1091,7 +1095,7 @@
final int blockSize = cipher.defaultBlockSize();
// 3. generate random iv
cIV = new byte[blockSize];
- new SecureRandom ().nextBytes(cIV);
+ getDefaultPRNG().nextBytes(cIV);
}
srp = SRP.instance(mdName);
@@ -1196,4 +1200,12 @@
outCipher));
}
}
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
+ }
}
\ No newline at end of file
Index: SRPServer.java
===================================================================
RCS file: /cvsroot/classpath/classpath/gnu/javax/crypto/sasl/srp/SRPServer.java,v
retrieving revision 1.1
diff -u -r1.1 SRPServer.java
--- SRPServer.java 26 Jan 2006 02:25:10 -0000 1.1
+++ SRPServer.java 2 Feb 2006 09:20:34 -0000
@@ -39,6 +39,7 @@
package gnu.javax.crypto.sasl.srp;
import gnu.java.security.Registry;
+import gnu.java.security.util.PRNG;
import gnu.java.security.util.Util;
import gnu.javax.crypto.assembly.Direction;
@@ -61,7 +62,6 @@
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
-import java.security.SecureRandom;
import java.util.Arrays;
import java.util.HashMap;
import java.util.StringTokenizer;
@@ -148,6 +148,9 @@
private IKeyAgreementParty serverHandler = KeyAgreementFactory.getPartyBInstance(Registry.SRP_SASL_KA);
+ /** Our default source of randomness. */
+ private PRNG prng = null;
+
// Constructor(s)
// -------------------------------------------------------------------------
@@ -593,7 +596,7 @@
{
sn = new byte[16];
}
- new SecureRandom ().nextBytes(sn);
+ getDefaultPRNG().nextBytes(sn);
setupSecurityServices(false);
@@ -1072,9 +1075,7 @@
sIV = new byte[blockSize];
if (blockSize > 0)
- {
- new SecureRandom ().nextBytes(sIV);
- }
+ getDefaultPRNG().nextBytes(sIV);
}
private void setupSecurityServices(final boolean newSession)
@@ -1144,4 +1145,12 @@
outCipher));
}
}
+
+ private PRNG getDefaultPRNG()
+ {
+ if (prng == null)
+ prng = PRNG.getInstance();
+
+ return prng;
+ }
}
\ No newline at end of file
pgpJ6FcKmBj3w.pgp
Description: PGP signature
