Design and impl review: JEP 273: DRBG-Based SecureRandom Implementations
Wang Weijun
weijun.wang at oracle.com
Tue Jan 5 01:17:43 UTC 2016
> On Jan 5, 2016, at 6:59 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Here are some more comments on the API:
>
> * EntropyInput:
>
> 29 * An interface of a source of entropy input.
>
> "interface" is implied, so you can just say "A source of entropy input." Also, I think this interface should be called "EntropySource". To me, "Input" means the byte array that is already populated, whereas "Source" produces those bytes. A sentence or two with more details in the description would also be helpful.
Well, as defined in Section 4 of SP 800-90Ar1, "Entropy Source" means real random source based on a physical device. What we need here is the "Randomness Source" or "Source of entropy input" (section 2 of 800-90B).
Shall we call it RandomnessSource?
>
> Do we want to allow the generated entropy input to be longer than the size requested (see section 7.1 of sp800-90Ar1)? Perhaps, a method such as:
>
> byte[] getFullEntropy(int length)
>
> might be more suitable, and specify that a byte array longer than the specified length may be returned.
This should be named getEntropy(), because full means every bit of the output contains one bit of entropy.
Such a method is OK for most cases, but except for one, CtrDRBG with no derivation function, where the entropy input must be full. Therefore a getFullEntropy() is needed anyway so I just use it everywhere. I also thought that every random source should have a conditioning module to convert non-full entropy bytes to full ones.
If this is not true, 2 methods are needed:
byte[] getEntropy(int length);
void getFullEntropy(byte[] entropy);
Detailed descriptions will be added on when and which is used.
And I don't think we need to provide any conditioning codes.
>
> * EntropyNotAvailableException:
>
> 37 * Creates one
>
> Incomplete sentence.
Will fix it.
>
> In the class description, add an @see link to EntropyInput.getFullEntropy.
>
> * SecureRandomParameters:
>
> It seems a little odd to have a class with one parameter that can be optional, and then accepting null as a value in the ctor, which typically will only needed by subclasses. I think it would be nicer to avoid exposing that in the API. Have you considered defining this as an interface, with a static method that returns an instance with an EntropyInput, ex:
>
> public interface SecureRandomParameters {
>
> EntropyInput getEntropyInput();
>
> static SecureRandomParameters of(EntropyInput);
> }
OK.
Thanks
Max
>
> --Sean
>
> On 12/16/2015 02:20 AM, Wang Weijun wrote:
>> Webrev updated:
>>
>> http://cr.openjdk.java.net/~weijun/8051408/webrev.02/
>> http://cr.openjdk.java.net/~weijun/8051408/webrev.02/specdiff/java/security/package-summary.html
>>
>> Changes:
>>
>> 1. DrbgParameters has a Builder now
>>
>> 2. No more default implementation for reseed()
>>
>> 3. Synchronization is now inside implementation, on engineXXX() methods
>>
>> 4. engineConfigure() now throws InvalidAlgorithmParameterException instead of IllegalArgumentException
>>
>> 5. CtrDRBG uses up all input in engineSetSeed()
>>
>> Thanks
>> Max
More information about the security-dev
mailing list