> On Nov 21, 2015, at 8:59 AM, Wang Weijun <weijun.w...@oracle.com> wrote: > > That said, I re-read SP 800-90A again and seems there is a feature I haven't > supported yet. The full generate function is > > Generate_function (state_handle, requested_number_of_bits, > requested_security_strength, > prediction_resistance_request, additional_input): > > So requested_security_strength and prediction_resistance_request can be > specified for each generate call. I think this is useful if people want to > use a single SecureRandom object to generate different purposes of random > bits. CAVP does not include this case so I haven't noticed this at the > beginning.
Read again. For requested_security_strength, the function only needs to check if it is greater than the strength requested at getInstance() (or configure). If yes, fail with "I cannot do that", otherwise, the output will not be downgraded into a lower security strength. For prediction_resistance_request, if it's true, the call is equivalent to reseed(additional_input) plus nextBytes(bytes). Therefore even if a DRBG is created without prediction_resistance, the caller can just call reseed+nextBytes itself. There is no need to add a new nextBytes(bytes,params) method. Thanks Max
