Design and impl review: JEP 273: DRBG-Based SecureRandom Implementations

Sean Mullan sean.mullan at oracle.com
Mon Jan 4 22:59:16 UTC 2016


Here are some more comments on the API:

* EntropyInput:

   29  * An interface of a source of entropy input.

"interface" is implied, so you can just say "A source of entropy input." 
Also, I think this interface should be called "EntropySource". To me, 
"Input" means the byte array that is already populated, whereas "Source" 
produces those bytes. A sentence or two with more details in the 
description would also be helpful.

Do we want to allow the generated entropy input to be longer than the 
size requested (see section 7.1 of sp800-90Ar1)? Perhaps, a method such as:

     byte[] getFullEntropy(int length)

might be more suitable, and specify that a byte array longer than the 
specified length may be returned.

* EntropyNotAvailableException:

   37      * Creates one

Incomplete sentence.

In the class description, add an @see link to EntropyInput.getFullEntropy.

* SecureRandomParameters:

It seems a little odd to have a class with one parameter that can be 
optional, and then accepting null as a value in the ctor, which 
typically will only needed by subclasses. I think it would be nicer to 
avoid exposing that in the API. Have you considered defining this as an 
interface, with a static method that returns an instance with an 
EntropyInput, ex:

public interface SecureRandomParameters {

     EntropyInput getEntropyInput();

     static SecureRandomParameters of(EntropyInput);
}

--Sean

On 12/16/2015 02:20 AM, Wang Weijun wrote:
> Webrev updated:
>
>     http://cr.openjdk.java.net/~weijun/8051408/webrev.02/
>     http://cr.openjdk.java.net/~weijun/8051408/webrev.02/specdiff/java/security/package-summary.html
>
> Changes:
>
> 1. DrbgParameters has a Builder now
>
> 2. No more default implementation for reseed()
>
> 3. Synchronization is now inside implementation, on engineXXX() methods
>
> 4. engineConfigure() now throws InvalidAlgorithmParameterException instead of IllegalArgumentException
>
> 5. CtrDRBG uses up all input in engineSetSeed()
>
> Thanks
> Max



More information about the security-dev mailing list