1. /*

  2.  * @(#)SecureRandom.java	1.32 01/11/29

  3.  *

  4.  * Copyright 2002 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.  

  8. package java.security;

  9. 

  10. import java.util.Enumeration;

  11. 

  12. /**

  13.  * <p>This class provides a cryptographically strong pseudo-random number

  14.  * generator (PRNG).

  15.  *

  16.  * <p>Like other algorithm-based classes in Java Security, SecureRandom 

  17.  * provides implementation-independent algorithms, whereby a caller 

  18.  * (application code) requests a particular PRNG algorithm

  19.  * and is handed back a SecureRandom object for that algorithm. It is

  20.  * also possible, if desired, to request a particular algorithm from a

  21.  * particular provider. See the <code>getInstance</code> methods.

  22.  *

  23.  * <p>Thus, there are two ways to request a SecureRandom object: by

  24.  * specifying either just an algorithm name, or both an algorithm name

  25.  * and a package provider.

  26.  *

  27.  * <ul>

  28.  *

  29.  * <li>If just an algorithm name is specified, as in:

  30.  * <pre>

  31.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  32.  * </pre>

  33.  * the system will determine if there is an implementation of the algorithm

  34.  * requested available in the environment, and if there is more than one, if

  35.  * there is a preferred one.<p>

  36.  * 

  37.  * <li>If both an algorithm name and a package provider are specified, as in:

  38.  * <pre>

  39.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");

  40.  * </pre>

  41.  * the system will determine if there is an implementation of the

  42.  * algorithm in the package requested, and throw an exception if there

  43.  * is not.

  44.  *

  45.  * </ul>

  46.  *

  47.  * <p>The SecureRandom implementation attempts to completely

  48.  * randomize the internal state of the generator itself unless

  49.  * the caller follows the call to a <code>getInstance</code> method

  50.  * with a call to the <code>setSeed</code> method:

  51.  * <pre>

  52.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  53.  *      random.setSeed(seed);

  54.  * </pre>

  55.  *

  56.  * <p>After the caller obtains the SecureRandom object from the

  57.  * <code>getInstance</code> call, it can call <code>nextBytes</code>

  58.  * to generate random bytes:

  59.  * <pre>

  60.  *      byte bytes[] = new byte[20];

  61.  *      random.nextBytes(bytes);

  62.  * </pre>

  63.  *

  64.  * <p>The caller may also invoke the <code>generateSeed</code> method

  65.  * to generate a given number of seed bytes (to seed other random number

  66.  * generators, for example):

  67.  * <pre>

  68.  *      byte seed[] = random.generateSeed(20);

  69.  * </pre>

  70.  *

  71.  * @see java.security.SecureRandomSpi

  72.  * @see java.util.Random

  73.  * 

  74.  * @version 1.32, 01/11/29

  75.  * @author Benjamin Renaud

  76.  * @author Josh Bloch 

  77.  */

  78. 

  79. public class SecureRandom extends java.util.Random {

  80. 

  81.     /**

  82.      * The provider.

  83.      *

  84.      * @serial

  85.      * @since JDK 1.2

  86.      */

  87.     private Provider provider = null;

  88.  

  89.     /**

  90.      * The provider implementation.

  91.      *

  92.      * @serial

  93.      * @since JDK 1.2

  94.      */

  95.     private SecureRandomSpi secureRandomSpi = null;

  96. 

  97.     // Seed Generator

  98.     private static SecureRandom seedGenerator = null;

  99. 

  100.     /**

  101.      * <p>By using this constructor, the caller obtains a SecureRandom object

  102.      * containing the implementation from the highest-priority installed

  103.      * provider that has a SecureRandom implementation.

  104.      * 

  105.      * <p>Note that this instance of SecureRandom has not been seeded.

  106.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  107.      * object.  If a call is not made to <code>setSeed</code>, the first call

  108.      * to the <code>nextBytes</code> method will force the SecureRandom object

  109.      * to seed itself.

  110.      *

  111.      * <p>This constructor is provided for backwards compatibility. 

  112.      * The caller is encouraged to use one of the alternative

  113.      * <code>getInstance</code> methods to obtain a SecureRandom object.

  114.      */

  115.     public SecureRandom() {

  116. 	/*

  117. 	 * This call to our superclass constructor will result in a call

  118. 	 * to our own <code>setSeed</code> method, which will return

  119. 	 * immediately when it is passed zero.

  120. 	 */

  121. 	super(0);

  122. 	String prng = getPrngAlgorithm();

  123. 	if (prng == null) {

  124. 	    // bummer, get the SUN implementation

  125. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  126. 	    this.provider = new sun.security.provider.Sun();

  127. 	} else {

  128. 	    try {

  129. 		SecureRandom random = SecureRandom.getInstance(prng);

  130. 		this.secureRandomSpi = random.getSecureRandomSpi();

  131. 		this.provider = random.getProvider();

  132. 	    } catch (NoSuchAlgorithmException nsae) {

  133. 		// never happens, because we made sure the algorithm exists

  134. 	    }

  135. 	}

  136.     }

  137. 

  138.     /**

  139.      * <p>By using this constructor, the caller obtains a SecureRandom object

  140.      * containing the implementation from the highest-priority installed

  141.      * provider that has a SecureRandom implementation. This constructor 

  142.      * uses a user-provided seed in

  143.      * preference to the self-seeding algorithm referred to in the empty

  144.      * constructor description. It may be preferable to the empty constructor

  145.      * if the caller has access to high-quality random bytes from some physical

  146.      * device (for example, a radiation detector or a noisy diode).

  147.      * 

  148.      * <p>This constructor is provided for backwards compatibility. 

  149.      * The caller is encouraged to use one of the alternative

  150.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  151.      * then to call the <code>setSeed</code> method to seed it.

  152.      * 

  153.      * @param seed the seed.

  154.      */

  155.     public SecureRandom(byte seed[]) {

  156. 	super(0);

  157. 	String prng = getPrngAlgorithm();

  158. 	if (prng == null) {

  159. 	    // bummer, get the SUN implementation

  160. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  161. 	    this.provider = new sun.security.provider.Sun();

  162. 	    this.secureRandomSpi.engineSetSeed(seed);

  163. 	} else {

  164. 	    try {

  165. 		SecureRandom random = getInstance(prng);

  166. 		this.secureRandomSpi = random.getSecureRandomSpi();

  167. 		this.provider = random.getProvider();

  168. 		this.secureRandomSpi.engineSetSeed(seed);

  169. 	    } catch (NoSuchAlgorithmException nsae) {

  170. 		// never happens, because we made sure the algorithm exists

  171. 	    }

  172. 	}

  173.     }

  174. 

  175.     /**

  176.      * Creates a SecureRandom object.

  177.      *

  178.      * @param secureRandomSpi the SecureRandom implementation.

  179.      * @param provider the provider.

  180.      */

  181.     protected SecureRandom(SecureRandomSpi secureRandomSpi,

  182. 			   Provider provider) {

  183. 	super(0);

  184. 	this.secureRandomSpi = secureRandomSpi;

  185. 	this.provider = provider;

  186.     }

  187. 

  188.     /**

  189.      * Generates a SecureRandom object that implements the specified

  190.      * Pseudo Random Number Generator (PRNG) algorithm. If the default

  191.      * provider package provides an implementation of the requested PRNG,

  192.      * an instance of SecureRandom containing that implementation is returned.

  193.      * If the PRNG is not available in the default 

  194.      * package, other packages are searched.

  195.      *

  196.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  197.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  198.      * object.  If a call is not made to <code>setSeed</code>, the first call

  199.      * to the <code>nextBytes</code> method will force the SecureRandom object

  200.      * to seed itself.

  201.      *

  202.      * @param algorithm the name of the PRNG algorithm.

  203.      * See Appendix A in the <a href=

  204.      * "../../../guide/security/CryptoSpec.html#AppA">

  205.      * Java Cryptography Architecture API Specification & Reference </a> 

  206.      * for information about standard PRNG algorithm names.

  207.      *

  208.      * @return the new SecureRandom object.

  209.      *

  210.      * @exception NoSuchAlgorithmException if the PRNG algorithm is

  211.      * not available in the caller's environment.

  212.      *

  213.      * @since JDK1.2

  214.      */

  215.     public static SecureRandom getInstance(String algorithm)

  216. 	throws NoSuchAlgorithmException {

  217. 	    try {

  218. 		Object[] objs = Security.getImpl(algorithm,

  219. 						 "SecureRandom",

  220. 						 null);

  221. 		return new SecureRandom((SecureRandomSpi)objs[0],

  222. 					(Provider)objs[1]);

  223. 	    } catch(NoSuchProviderException e) {

  224. 		throw new NoSuchAlgorithmException(algorithm + " not found");

  225. 	    }

  226.     }

  227. 

  228.     /**

  229.      * Generates a SecureRandom object for the specified PRNG

  230.      * algorithm, as supplied from the specified provider, if such a

  231.      * PRNG implementation is available from the provider.

  232.      *

  233.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  234.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  235.      * object.  If a call is not made to <code>setSeed</code>, the first call

  236.      * to the <code>nextBytes</code> method will force the SecureRandom object

  237.      * to seed itself.

  238.      *

  239.      * @param algorithm the name of the PRNG algorithm.

  240.      * See Appendix A in the <a href=

  241.      * "../../../guide/security/CryptoSpec.html#AppA">

  242.      * Java Cryptography Architecture API Specification & Reference </a> 

  243.      * for information about standard PRNG algorithm names.

  244.      *

  245.      * @param provider the name of the provider.

  246.      *

  247.      * @return the new SecureRandom object.

  248.      *

  249.      * @exception NoSuchAlgorithmException if the requested PRNG

  250.      * implementation is not available from the provider.

  251.      *

  252.      * @exception NoSuchProviderException if the provider has not been

  253.      * configured.

  254.      *

  255.      * @see Provider

  256.      *

  257.      * @since JDK1.2

  258.      */

  259.     public static SecureRandom getInstance(String algorithm, String provider)

  260. 	throws NoSuchAlgorithmException, NoSuchProviderException

  261.     {

  262. 	if (provider == null || provider.length() == 0)

  263. 	    throw new IllegalArgumentException("missing provider");

  264. 	Object[] objs = Security.getImpl(algorithm, "SecureRandom", provider);

  265. 	return new SecureRandom((SecureRandomSpi)objs[0], (Provider)objs[1]);

  266.     }

  267.  

  268.     /**

  269.      * Returns the SecureRandomSpi of this SecureRandom object.

  270.      */

  271.     SecureRandomSpi getSecureRandomSpi() {

  272. 	return secureRandomSpi;

  273.     }

  274. 

  275.     /**

  276.      * Returns the provider of this SecureRandom object.

  277.      *

  278.      * @return the provider of this SecureRandom object.

  279.      */

  280.     public final Provider getProvider() {

  281. 	return provider;

  282.     }

  283. 

  284.     /**

  285.      * Reseeds this random object. The given seed supplements, rather than

  286.      * replaces, the existing seed. Thus, repeated calls are guaranteed

  287.      * never to reduce randomness.

  288.      *

  289.      * @param seed the seed.

  290.      */

  291.     synchronized public void setSeed(byte[] seed) {

  292. 	secureRandomSpi.engineSetSeed(seed);

  293.     }

  294. 

  295.     /**

  296.      * Reseeds this random object, using the eight bytes contained 

  297.      * in the given <code>long seed</code>. The given seed supplements, 

  298.      * rather than replaces, the existing seed. Thus, repeated calls 

  299.      * are guaranteed never to reduce randomness. 

  300.      * 

  301.      * <p>This method is defined for compatibility with 

  302.      * <code>java.util.Random</code>.

  303.      *

  304.      * @param seed the seed.

  305.      */

  306.     public void setSeed(long seed) {

  307. 	/* 

  308. 	 * Ignore call from super constructor (as well as any other calls

  309. 	 * unfortunate enough to be passing 0).  It's critical that we

  310. 	 * ignore call from superclass constructor, as digest has not

  311. 	 * yet been initialized at that point.

  312. 	 */

  313. 	if (seed != 0)

  314. 	    secureRandomSpi.engineSetSeed(longToByteArray(seed));

  315.     }

  316. 

  317.     /**

  318.      * Generates a user-specified number of random bytes.  This method is

  319.      * used as the basis of all random entities returned by this class

  320.      * (except seed bytes).

  321.      * 

  322.      * @param bytes the array to be filled in with random bytes.

  323.      */

  324. 

  325.     synchronized public void nextBytes(byte[] bytes) {

  326. 	secureRandomSpi.engineNextBytes(bytes);

  327.     }

  328. 

  329.     /**

  330.      * Generates an integer containing the user-specified number of

  331.      * pseudo-random bits (right justified, with leading zeros).  This

  332.      * method overrides a <code>java.util.Random</code> method, and serves

  333.      * to provide a source of random bits to all of the methods inherited

  334.      * from that class (for example, <code>nextInt</code>,

  335.      * <code>nextLong</code>, and <code>nextFloat</code>).

  336.      *

  337.      * @param numBits number of pseudo-random bits to be generated, where

  338.      * 0 <= <code>numBits</code> <= 32.

  339.      */

  340.     final protected int next(int numBits) {

  341. 	int numBytes = (numBits+7)/8;

  342. 	byte b[] = new byte[numBytes];

  343. 	int next = 0;

  344.  

  345. 	nextBytes(b);

  346. 	for (int i=0; i<numBytes; i++)

  347. 	    next = (next << 8) + (b[i] & 0xFF);

  348.  

  349. 	return next >>> (numBytes*8 - numBits);

  350.     }

  351. 

  352.     /**

  353.      * Returns the given number of seed bytes, computed using the seed

  354.      * generation algorithm that this class uses to seed itself.  This

  355.      * call may be used to seed other random number generators.

  356.      *

  357.      * <p>This method is only included for backwards compatibility. 

  358.      * The caller is encouraged to use one of the alternative

  359.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  360.      * then call the <code>generateSeed</code> method to obtain seed bytes

  361.      * from that object.

  362.      *

  363.      * @param numBytes the number of seed bytes to generate.

  364.      * 

  365.      * @return the seed bytes.

  366.      */

  367.      public static byte[] getSeed(int numBytes) {

  368. 	if (seedGenerator == null)

  369. 	    seedGenerator = new SecureRandom();

  370. 	return seedGenerator.generateSeed(numBytes);

  371.      }

  372. 

  373.     /**

  374.      * Returns the given number of seed bytes, computed using the seed

  375.      * generation algorithm that this class uses to seed itself.  This

  376.      * call may be used to seed other random number generators.

  377.      *

  378.      * @param numBytes the number of seed bytes to generate.

  379.      * 

  380.      * @return the seed bytes.

  381.      */

  382.     public byte[] generateSeed(int numBytes) {

  383. 	return secureRandomSpi.engineGenerateSeed(numBytes);

  384.     }

  385. 

  386.     /**

  387.      * Helper function to convert a long into a byte array (least significant

  388.      * byte first).

  389.      */

  390.     private static byte[] longToByteArray(long l) {

  391. 	byte[] retVal = new byte[8];

  392. 

  393. 	for (int i=0; i<8; i++) {

  394. 	    retVal[i] = (byte) l;

  395. 	    l >>= 8;

  396. 	}

  397. 

  398. 	return retVal;

  399.     }

  400. 

  401.     /**

  402.      * Gets a default PRNG algorithm by looking through all registered

  403.      * providers. Returns the first PRNG algorithm of the first provider that

  404.      * has registered a SecureRandom implementation, or null if none of the

  405.      * registered providers supplies a SecureRandom implementation.

  406.      */

  407.     private static String getPrngAlgorithm() {

  408. 	Provider[] provs = Security.getProviders();

  409. 	for (int i=0; i<provs.length; i++) {

  410. 	    // search the provider's properties list for a property name

  411. 	    // that starts with "SecureRandom."

  412. 	    for (Enumeration e = provs[i].propertyNames();

  413. 		 e.hasMoreElements();) {

  414. 		String propName = (String)e.nextElement();

  415. 		if (propName.startsWith("SecureRandom.")) {

  416. 		    int index = propName.indexOf(".", 0);

  417. 		    return propName.substring(index+1);

  418. 		}

  419. 	    }

  420. 	}

  421. 	return null;

  422.     }

  423. 

  424.     // Declare serialVersionUID to be compatible with JDK1.1

  425.     static final long serialVersionUID = 4940670005562187L;

  426. 

  427.     // Retain unused values serialized from JDK1.1

  428.     /**

  429.      * @serial

  430.      */

  431.     private byte[] state;

  432.     /**

  433.      * @serial

  434.      */

  435.     private MessageDigest digest = null;

  436.     /**

  437.      * @serial

  438.      *

  439.      * We know that the MessageDigest class does not implement

  440.      * java.io.Serializable.  However, since this field is no longer

  441.      * used, it will always be NULL and won't affect the serialization

  442.      * of the SecureRandom class itself.

  443.      */

  444.     private byte[] randomBytes;

  445.     /**

  446.      * @serial

  447.      */

  448.     private int randomBytesUsed;

  449.     /**

  450.      * @serial

  451.      */

  452.     private long counter;

  453. }