Design and impl review: JEP 273: DRBG-Based SecureRandom Implementations

Wang Weijun weijun.wang at oracle.com
Wed Jan 6 05:08:09 UTC 2016


> On Jan 6, 2016, at 12:01 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> If you think getFullEntropy is sufficient, then let's just keep the one method.

I thought about this more and we can actually do

/**
 * An interface of a source of entropy input.
 * <p>
 * This interface has 2 methods returning byte arrays containing entropy.
 * The result of {@link #getFullEntropy} contains full entropy and that of
 * {@link #getEntropy} contains the request amount of entropy but might not
 * be full. The default implementation of the methods inside this interface
 * are dependent on each other. An implementation must implement at least
 * one of them to be useful.
 *
 * @since 1.9
 */
public interface EntropyInput {
    /**
     * Fills a byte array with full entropy.
     * <p>
     * This method might block and/or fail.
     *
     * @implSpec The default implementation calls {@link #getEntropy}
     * to return a byte array which might not have full entropy, and then
     * calls the hashdf conditioning function defined in NIST SP 800-90Ar1
     * 10.3.1 to condense it into an array with full entropy.
     *
     * @param entropy the byte array with filled entropy.
     * @throws EntropyNotAvailableException if not enough entropy is available.
     */
    default void getFullEntropy(byte[] entropy) {
        byte[] raw = getEntropy(entropy.length);
        if (raw.length != entropy.length) {
            try {
                MessageDigest md = MessageDigest.getInstance("SHA-256", "SUN");
                raw = HashDrbg.hashDf(md, md.getDigestLength(),
                        entropy.length, raw);
            } catch (Exception e) {
                throw new InternalError(e);
            }
        }
        System.arraycopy(raw, 0, entropy, 0, raw.length);
    }

    /**
     * Returns a byte array with at least length*8 bits of entropy.
     * <p>
     * This method might block and/or fail.
     *
     * @implSpec The default implementation calls {@link #getFullEntropy}
     * to return a byte array which has full entropy.
     *
     * @param length the minimum size of entropy requested in bytes
     * @return a byte array containing entropy
     * @throws EntropyNotAvailableException if not enough entropy is available.
     */
    default byte[] getEntropy(int length) {
        byte[] result = new byte[length];
        getFullEntropy(result);
        return result;
    }
}


More information about the security-dev mailing list