1 /*

     2  * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.

     3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

     4  *

     5  * This code is free software; you can redistribute it and/or modify it

     6  * under the terms of the GNU General Public License version 2 only, as

     7  * published by the Free Software Foundation.

     8  *

     9  * This code is distributed in the hope that it will be useful, but WITHOUT

    10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

    11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

    12  * version 2 for more details (a copy is included in the LICENSE file that

    13  * accompanied this code).

    14  *

    15  * You should have received a copy of the GNU General Public License version

    16  * 2 along with this work; if not, write to the Free Software Foundation,

    17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

    18  *

    19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

    20  * or visit www.oracle.com if you need additional information or have any

    21  * questions.

    22  */

    23 

    24 import sun.security.provider.AbstractDrbg;

    25 import sun.security.provider.EntropySource;

    26 

    27 import java.lang.reflect.Field;

    28 import java.lang.reflect.Modifier;

    29 import java.security.DrbgParameters;

    30 import java.security.SecureRandom;

    31 import java.security.Security;

    32 

    33 /**

    34  * @test

    35  * @bug 8051408

    36  * @modules java.base/sun.security.provider

    37  * @run main/othervm CommonSeeder

    38  * @summary check entropy reading of DRBGs

    39  */

    40 public class CommonSeeder {

    41 

    42     static class MyES implements EntropySource {

    43         int count = 100;

    44         int lastCount = 100;

    45 

    46         @Override

    47         public byte[] getEntropy(int minEntropy, int minLength,

    48                                  int maxLength, boolean pr) {

    49             count--;

    50             return new byte[minLength];

    51         }

    52 

    53         /**

    54          * Confirms genEntropy() has been called {@code less} times

    55          * since last check.

    56          */

    57         public void checkUsage(int less) throws Exception {

    58             if (lastCount != count + less) {

    59                 throw new Exception(String.format(

    60                         "lastCount = %d, count = %d, less = %d",

    61                         lastCount, count, less));

    62             }

    63             lastCount = count;

    64         }

    65     }

    66 

    67     public static void main(String[] args) throws Exception {

    68 

    69         byte[] result = new byte[10];

    70         MyES es = new MyES();

    71 

    72         // Set es as the default entropy source, overriding SeedGenerator.

    73         setDefaultSeeder(es);

    74 

    75         // Nothing happened yet

    76         es.checkUsage(0);

    77 

    78         SecureRandom sr;

    79         sr = SecureRandom.getInstance("DRBG");

    80 

    81         // No entropy reading if only getInstance

    82         es.checkUsage(0);

    83 

    84         // Entropy is read at 1st nextBytes of the 1st DRBG

    85         sr.nextInt();

    86         es.checkUsage(1);

    87 

    88         for (String mech : new String[]{"Hash_DRBG", "HMAC_DRBG", "CTR_DRBG"}) {

    89             System.out.println("Testing " + mech + "...");

    90 

    91             // DRBG with pr_false will never read entropy again no matter

    92             // if nextBytes or reseed is called.

    93 

    94             Security.setProperty("securerandom.drbg.config", mech);

    95             sr = SecureRandom.getInstance("DRBG");

    96             sr.nextInt();

    97             sr.reseed();

    98             es.checkUsage(0);

    99 

   100             // DRBG with pr_true always read from default entropy, and

   101             // its nextBytes always reseed itself

   102 

   103             Security.setProperty("securerandom.drbg.config",

   104                     mech + ",pr_and_reseed");

   105             sr = SecureRandom.getInstance("DRBG");

   106 

   107             sr.nextInt();

   108             es.checkUsage(2); // one instantiate, one reseed

   109             sr.nextInt();

   110             es.checkUsage(1); // one reseed in nextBytes

   111             sr.reseed();

   112             es.checkUsage(1); // one reseed

   113             sr.nextBytes(result, DrbgParameters.nextBytes(-1, false, null));

   114             es.checkUsage(0); // pr_false for this call

   115             sr.nextBytes(result, DrbgParameters.nextBytes(-1, true, null));

   116             es.checkUsage(1); // pr_true for this call

   117             sr.reseed(DrbgParameters.reseed(true, null));

   118             es.checkUsage(1); // reseed from es

   119             sr.reseed(DrbgParameters.reseed(false, null));

   120             es.checkUsage(0); // reseed from AbstractDrbg.SeederHolder.seeder

   121         }

   122     }

   123 

   124     static void setDefaultSeeder(EntropySource es) throws Exception {

   125         Field f = AbstractDrbg.class.getDeclaredField("defaultES");

   126         f.setAccessible(true);  // no more private

   127         Field f2 = Field.class.getDeclaredField("modifiers");

   128         f2.setAccessible(true);

   129         f2.setInt(f, f2.getInt(f) - Modifier.FINAL);    // no more final

   130         f.set(null, es);

   131     }

   132 }