jdk-sandbox: src/java.base/share/classes/sun/security/provider/CtrDrbg.java@9d92ff04a29c (annotated)

37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	1	/*
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	2	* Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	4	*
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	10	*
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	15	* accompanied this code).
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	16	*
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	20	*
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	23	* questions.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	24	*/
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	25
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	26	package sun.security.provider;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	27
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	28	import javax.crypto.Cipher;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	29	import javax.crypto.NoSuchPaddingException;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	30	import javax.crypto.spec.SecretKeySpec;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	31	import java.security.*;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	32	import java.util.Arrays;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	33	import java.util.Locale;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	34
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	35	public class CtrDrbg extends AbstractDrbg {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	36
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	37	private static final int AES_LIMIT;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	38
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	39	static {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	40	try {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	41	AES_LIMIT = Cipher.getMaxAllowedKeyLength("AES");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	42	} catch (Exception e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	43	// should not happen
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	44	throw new AssertionError("Cannot detect AES", e);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	45	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	46	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	47
38853 971a7101da5b 8157308: Make AbstractDrbg non-Serializable weijun parents: 38462 diff changeset	48	private Cipher cipher;
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	49
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	50	private String cipherAlg;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	51	private String keyAlg;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	52
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	53	private int ctrLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	54	private int blockLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	55	private int keyLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	56	private int seedLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	57
38853 971a7101da5b 8157308: Make AbstractDrbg non-Serializable weijun parents: 38462 diff changeset	58	private byte[] v;
971a7101da5b 8157308: Make AbstractDrbg non-Serializable weijun parents: 38462 diff changeset	59	private byte[] k;
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	60
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	61	public CtrDrbg(SecureRandomParameters params) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	62	mechName = "CTR_DRBG";
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	63	configure(params);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	64	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	65
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	66	private static int alg2strength(String algorithm) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	67	switch (algorithm.toUpperCase(Locale.ROOT)) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	68	case "AES-128":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	69	return 128;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	70	case "AES-192":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	71	return 192;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	72	case "AES-256":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	73	return 256;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	74	default:
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	75	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	76	" not supported in CTR_DBRG");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	77	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	78	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	79
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	80	@Override
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	81	protected void chooseAlgorithmAndStrength() {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	82	if (requestedAlgorithm != null) {
42929 032d90a24440 6972386: issues with String.toLowerCase/toUpperCase xuelei parents: 39481 diff changeset	83	algorithm = requestedAlgorithm.toUpperCase(Locale.ROOT);
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	84	int supportedStrength = alg2strength(algorithm);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	85	if (requestedInstantiationSecurityStrength >= 0) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	86	int tryStrength = getStandardStrength(
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	87	requestedInstantiationSecurityStrength);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	88	if (tryStrength > supportedStrength) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	89	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	90	" does not support strength " +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	91	requestedInstantiationSecurityStrength);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	92	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	93	this.securityStrength = tryStrength;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	94	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	95	this.securityStrength = (DEFAULT_STRENGTH > supportedStrength) ?
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	96	supportedStrength : DEFAULT_STRENGTH;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	97	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	98	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	99	int tryStrength = (requestedInstantiationSecurityStrength < 0) ?
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	100	DEFAULT_STRENGTH : requestedInstantiationSecurityStrength;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	101	tryStrength = getStandardStrength(tryStrength);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	102	// Default algorithm, use AES-128 if AES-256 is not available.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	103	// Remember to sync with "securerandom.drbg.config" in java.security
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	104	if (tryStrength <= 128 && AES_LIMIT < 256) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	105	algorithm = "AES-128";
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	106	} else if (AES_LIMIT >= 256) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	107	algorithm = "AES-256";
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	108	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	109	throw new IllegalArgumentException("unsupported strength " +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	110	requestedInstantiationSecurityStrength);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	111	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	112	this.securityStrength = tryStrength;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	113	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	114	switch (algorithm.toUpperCase(Locale.ROOT)) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	115	case "AES-128":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	116	case "AES-192":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	117	case "AES-256":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	118	this.keyAlg = "AES";
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	119	this.cipherAlg = "AES/ECB/NoPadding";
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	120	switch (algorithm) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	121	case "AES-128":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	122	this.keyLen = 128 / 8;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	123	break;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	124	case "AES-192":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	125	this.keyLen = 192 / 8;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	126	if (AES_LIMIT < 192) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	127	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	128	" not available (because policy) in CTR_DBRG");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	129	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	130	break;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	131	case "AES-256":
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	132	this.keyLen = 256 / 8;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	133	if (AES_LIMIT < 256) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	134	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	135	" not available (because policy) in CTR_DBRG");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	136	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	137	break;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	138	default:
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	139	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	140	" not supported in CTR_DBRG");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	141	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	142	this.blockLen = 128 / 8;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	143	break;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	144	default:
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	145	throw new IllegalArgumentException(algorithm +
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	146	" not supported in CTR_DBRG");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	147	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	148	this.seedLen = this.blockLen + this.keyLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	149	this.ctrLen = this.blockLen; // TODO
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	150	if (usedf) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	151	this.minLength = this.securityStrength / 8;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	152	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	153	this.minLength = this.maxLength =
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	154	this.maxPersonalizationStringLength =
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	155	this.maxAdditionalInputLength = seedLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	156	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	157	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	158
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	159	/**
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	160	* This call, used by the constructors, instantiates the digest.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	161	*/
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	162	@Override
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	163	protected void initEngine() {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	164	try {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	165	/*
38853 971a7101da5b 8157308: Make AbstractDrbg non-Serializable weijun parents: 38462 diff changeset	166	* Use the local SunJCE implementation to avoid native
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	167	* performance overhead.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	168	*/
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	169	cipher = Cipher.getInstance(cipherAlg, "SunJCE");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	170	} catch (NoSuchProviderException \| NoSuchAlgorithmException
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	171	\| NoSuchPaddingException e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	172	// Fallback to any available.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	173	try {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	174	cipher = Cipher.getInstance(cipherAlg);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	175	} catch (NoSuchAlgorithmException \| NoSuchPaddingException exc) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	176	throw new InternalError(
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	177	"internal error: " + cipherAlg + " not available.", exc);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	178	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	179	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	180	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	181
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	182	private void status() {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	183	if (debug != null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	184	debug.println(this, "Key = " + hex(k));
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	185	debug.println(this, "V = " + hex(v));
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	186	debug.println(this, "reseed counter = " + reseedCounter);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	187	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	188	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	189
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	190	// 800-90Ar1 10.2.1.2. CTR_DRBG_Update
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	191	private void update(byte[] input) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	192	if (input.length != seedLen) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	193	// Should not happen
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	194	throw new IllegalArgumentException("input length not seedLen: "
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	195	+ input.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	196	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	197	try {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	198
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	199	int m = (seedLen + blockLen - 1) / blockLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	200	byte[] temp = new byte[m * blockLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	201
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	202	// Step 1. temp = Null.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	203
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	204	// Step 2. Loop
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	205	for (int i = 0; i < m; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	206	// Step 2.1. Increment
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	207	addOne(v, ctrLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	208	// Step 2.2. Block_Encrypt
37896 cd841af7dcd0 8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG weijun parents: 37895 diff changeset	209	cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	210	// Step 2.3. Encrypt into right position, no need to cat
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	211	cipher.doFinal(v, 0, blockLen, temp, i * blockLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	212	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	213
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	214	// Step 3. Truncate
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	215	temp = Arrays.copyOf(temp, seedLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	216
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	217	// Step 4: Add
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	218	for (int i = 0; i < seedLen; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	219	temp[i] ^= input[i];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	220	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	221
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	222	// Step 5: leftmost
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	223	k = Arrays.copyOf(temp, keyLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	224
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	225	// Step 6: rightmost
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	226	v = Arrays.copyOfRange(temp, seedLen - blockLen, seedLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	227
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	228	// Step 7. Return
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	229	} catch (GeneralSecurityException e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	230	throw new InternalError(e);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	231	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	232	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	233
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	234	@Override
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	235	protected void instantiateAlgorithm(byte[] ei) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	236	if (debug != null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	237	debug.println(this, "instantiate");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	238	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	239	byte[] more;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	240	if (usedf) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	241	// 800-90Ar1 10.2.1.3.2 Step 1-2. cat bytes
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	242	if (personalizationString == null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	243	more = nonce;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	244	} else {
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	245	if (nonce.length + personalizationString.length < 0) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	246	// Length must be represented as a 32 bit integer in df()
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	247	throw new IllegalArgumentException(
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	248	"nonce plus personalization string is too long");
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	249	}
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	250	more = Arrays.copyOf(
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	251	nonce, nonce.length + personalizationString.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	252	System.arraycopy(personalizationString, 0, more, nonce.length,
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	253	personalizationString.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	254	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	255	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	256	// 800-90Ar1 10.2.1.3.1
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	257	// Step 1-2, no need to expand personalizationString, we only XOR
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	258	// with shorter length
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	259	more = personalizationString;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	260	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	261	reseedAlgorithm(ei, more);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	262	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	263
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	264	/**
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	265	* Block_cipher_df in 10.3.2
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	266	*
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	267	* @param input the input string
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	268	* @return the output block (always of seedLen)
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	269	*/
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	270	private byte[] df(byte[] input) {
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	271	// 800-90Ar1 10.3.2
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	272	// 2. L = len (input_string)/8
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	273	int l = input.length;
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	274	// 3. N = number_of_bits_to_return/8
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	275	int n = seedLen;
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	276	// 4. S = L \|\| N \|\| input_string \|\| 0x80
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	277	byte[] ln = new byte[8];
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	278	ln[0] = (byte)(l >> 24);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	279	ln[1] = (byte)(l >> 16);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	280	ln[2] = (byte)(l >> 8);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	281	ln[3] = (byte)(l);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	282	ln[4] = (byte)(n >> 24);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	283	ln[5] = (byte)(n >> 16);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	284	ln[6] = (byte)(n >> 8);
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	285	ln[7] = (byte)(n);
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	286
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	287	// 5. Zero padding of S
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	288	// Not necessary, see bcc
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	289
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	290	// 8. K = leftmost (0x00010203...1D1E1F, keylen).
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	291	byte[] k = new byte[keyLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	292	for (int i = 0; i < k.length; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	293	k[i] = (byte)i;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	294	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	295
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	296	// 6. temp = the Null String
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	297	byte[] temp = new byte[seedLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	298
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	299	// 7. i = 0
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	300	for (int i = 0; i * blockLen < temp.length; i++) {
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	301	// 9.1 IV = i \|\| 0^(outlen - len (i)). outLen is blockLen
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	302	byte[] iv = new byte[blockLen];
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	303	iv[0] = (byte)(i >> 24);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	304	iv[1] = (byte)(i >> 16);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	305	iv[2] = (byte)(i >> 8);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	306	iv[3] = (byte)(i);
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	307
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	308	int tailLen = temp.length - blockLen*i;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	309	if (tailLen > blockLen) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	310	tailLen = blockLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	311	}
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	312	// 9.2 temp = temp \|\| BCC (K, (IV \|\| S)).
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	313	System.arraycopy(bcc(k, iv, ln, input, new byte[]{(byte)0x80}),
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	314	0, temp, blockLen*i, tailLen);
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	315	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	316
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	317	// 10. K = leftmost(temp, keylen)
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	318	k = Arrays.copyOf(temp, keyLen);
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	319
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	320	// 11. x = select(temp, keylen+1, keylen+outlen)
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	321	byte[] x = Arrays.copyOfRange(temp, keyLen, temp.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	322
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	323	// 12. temp = the Null string
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	324	// No need to clean up, temp will be overwritten
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	325
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	326	for (int i = 0; i * blockLen < seedLen; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	327	try {
37896 cd841af7dcd0 8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG weijun parents: 37895 diff changeset	328	cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	329	int tailLen = temp.length - blockLen*i;
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	330	// 14. requested_bits = leftmost(temp, nuumber_of_bits_to_return)
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	331	if (tailLen > blockLen) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	332	tailLen = blockLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	333	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	334	x = cipher.doFinal(x);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	335	System.arraycopy(x, 0, temp, blockLen * i, tailLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	336	} catch (GeneralSecurityException e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	337	throw new InternalError(e);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	338	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	339	}
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	340
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	341	// 15. Return
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	342	return temp;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	343	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	344
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	345	/**
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	346	* Block_Encrypt in 10.3.3
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	347	*
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	348	* @param k the key
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	349	* @param data after concatenated, the data to be operated upon. This is
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	350	* a series of byte[], each with an arbitrary length. Note
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	351	* that the full length is not necessarily a multiple of
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	352	* outlen. XOR with zero is no-op.
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	353	* @return the result
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	354	*/
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	355	private byte[] bcc(byte[] k, byte[]... data) {
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	356	byte[] chain = new byte[blockLen];
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	357	int n1 = 0; // index in data
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	358	int n2 = 0; // index in data[n1]
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	359	// pack blockLen of bytes into chain from data[][], again and again
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	360	while (n1 < data.length) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	361	int j;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	362	out: for (j = 0; j < blockLen; j++) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	363	while (n2 >= data[n1].length) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	364	n1++;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	365	if (n1 >= data.length) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	366	break out;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	367	}
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	368	n2 = 0;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	369	}
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	370	chain[j] ^= data[n1][n2];
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	371	n2++;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	372	}
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	373	if (j == 0) { // all data happens to be consumed in the last loop
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	374	break;
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	375	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	376	try {
37896 cd841af7dcd0 8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG weijun parents: 37895 diff changeset	377	cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	378	chain = cipher.doFinal(chain);
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	379	} catch (GeneralSecurityException e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	380	throw new InternalError(e);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	381	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	382	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	383	return chain;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	384	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	385
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	386	@Override
37895 f59fdd7fb4fb 8156501: DRBG not synchronized at reseeding weijun parents: 37796 diff changeset	387	protected synchronized void reseedAlgorithm(
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	388	byte[] ei,
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	389	byte[] additionalInput) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	390	if (usedf) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	391	// 800-90Ar1 10.2.1.3.2 Instantiate.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	392	// 800-90Ar1 10.2.1.4.2 Reseed.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	393
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	394	// Step 1: cat bytes
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	395	if (additionalInput != null) {
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	396	if (ei.length + additionalInput.length < 0) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	397	// Length must be represented as a 32 bit integer in df()
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	398	throw new IllegalArgumentException(
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	399	"entropy plus additional input is too long");
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	400	}
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	401	byte[] temp = Arrays.copyOf(
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	402	ei, ei.length + additionalInput.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	403	System.arraycopy(additionalInput, 0, temp, ei.length,
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	404	additionalInput.length);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	405	ei = temp;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	406	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	407	// Step 2. df (seed_material, seedlen).
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	408	ei = df(ei);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	409	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	410	// 800-90Ar1 10.2.1.3.1 Instantiate
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	411	// 800-90Ar1 10.2.1.4.1 Reseed
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	412	// Step 1-2. Needless
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	413	// Step 3. seed_material = entropy_input XOR more
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	414	if (additionalInput != null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	415	// additionalInput.length <= seedLen
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	416	for (int i = 0; i < additionalInput.length; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	417	ei[i] ^= additionalInput[i];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	418	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	419	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	420	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	421
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	422	if (v == null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	423	// 800-90Ar1 10.2.1.3.2 Instantiate. Step 3-4
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	424	// 800-90Ar1 10.2.1.3.1 Instantiate. Step 4-5
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	425	k = new byte[keyLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	426	v = new byte[blockLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	427	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	428	//status();
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	429
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	430	// 800-90Ar1 10.2.1.3.1 Instantiate. Step 6
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	431	// 800-90Ar1 10.2.1.3.2 Instantiate. Step 5
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	432	// 800-90Ar1 10.2.1.4.1 Reseed. Step 4
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	433	// 800-90Ar1 10.2.1.4.2 Reseed. Step 3
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	434	update(ei);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	435	// 800-90Ar1 10.2.1.3.1 Instantiate. Step 7
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	436	// 800-90Ar1 10.2.1.3.2 Instantiate. Step 6
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	437	// 800-90Ar1 10.2.1.4.1 Reseed. Step 5
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	438	// 800-90Ar1 10.2.1.4.2 Reseed. Step 4
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	439	reseedCounter = 1;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	440	//status();
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	441
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	442	// Whatever step. Return
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	443	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	444
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	445	/**
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	446	* Add one to data, only touch the last len bytes.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	447	*/
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	448	private static void addOne(byte[] data, int len) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	449	for (int i = 0; i < len; i++) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	450	data[data.length - 1 - i]++;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	451	if (data[data.length - 1 - i] != 0) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	452	break;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	453	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	454	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	455	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	456
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	457	@Override
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	458	public synchronized void generateAlgorithm(
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	459	byte[] result, byte[] additionalInput) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	460
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	461	if (debug != null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	462	debug.println(this, "generateAlgorithm");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	463	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	464
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	465	// 800-90Ar1 10.2.1.5.1 Generate
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	466	// 800-90Ar1 10.2.1.5.2 Generate
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	467
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	468	// Step 1: Check reseed_counter. Will not fail. Already checked in
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	469	// AbstractDrbg#engineNextBytes.
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	470
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	471	if (additionalInput != null) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	472	if (usedf) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	473	// 10.2.1.5.2 Step 2.1
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	474	additionalInput = df(additionalInput);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	475	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	476	// 10.2.1.5.1 Step 2.1-2.2
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	477	additionalInput = Arrays.copyOf(additionalInput, seedLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	478	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	479	// 10.2.1.5.1 Step 2.3
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	480	// 10.2.1.5.2 Step 2.2
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	481	update(additionalInput);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	482	} else {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	483	// 10.2.1.5.1 Step 2 Else
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	484	// 10.2.1.5.2 Step 2 Else
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	485	additionalInput = new byte[seedLen];
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	486	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	487
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	488	// Step 3. temp = Null
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	489	int pos = 0;
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	490	int len = result.length;
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	491
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	492	// Step 4. Loop
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	493	while (len > 0) {
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	494	// Step 4.1. Increment
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	495	addOne(v, ctrLen);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	496	try {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	497	// Step 4.2. Encrypt
37896 cd841af7dcd0 8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG weijun parents: 37895 diff changeset	498	cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(k, keyAlg));
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	499	byte[] out = cipher.doFinal(v);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	500
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	501	// Step 4.3 and 5. Cat bytes and leftmost
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	502	System.arraycopy(out, 0, result, pos,
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	503	(len > blockLen) ? blockLen : len);
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	504	} catch (GeneralSecurityException e) {
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	505	throw new InternalError(e);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	506	}
39481 63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	507	len -= blockLen;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	508	if (len <= 0) {
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	509	// shortcut, so that pos needn't be updated
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	510	break;
63ceb7ef04d4 8158589: Possible integer overflow issues for DRBG weijun parents: 38853 diff changeset	511	}
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	512	pos += blockLen;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	513	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	514
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	515	// Step 6. Update
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	516	update(additionalInput);
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	517
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	518	// Step 7. reseed_counter++
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	519	reseedCounter++;
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	520
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	521	//status();
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	522
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	523	// Step 8. Return
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	524	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	525
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	526	@Override
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	527	public String toString() {
38462 e3d8ddb3512c 8157544: Typo in CtrDrbg::toString weijun parents: 37896 diff changeset	528	return super.toString() + ","
37796 256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	529	+ (usedf ? "use_df" : "no_df");
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	530	}
256c45c4af5d 8051408: NIST SP 800-90A SecureRandom implementations weijun parents: diff changeset	531	}

author	weijun
	Wed, 01 Aug 2018 13:35:08 +0800
changeset 51272	9d92ff04a29c
parent 47216	71c04702a3d5
permissions	-rw-r--r--