1. /*

  2.  * @(#)SecureRandom.java	1.36 00/02/02

  3.  *

  4.  * Copyright 1996-2000 Sun Microsystems, Inc. All Rights Reserved.

  5.  * 

  6.  * This software is the proprietary information of Sun Microsystems, Inc.  

  7.  * Use is subject to license terms.

  8.  * 

  9.  */

  10.  

  11. package java.security;

  12. 

  13. import java.util.Enumeration;

  14. 

  15. /**

  16.  * <p>This class provides a cryptographically strong pseudo-random number

  17.  * generator (PRNG).

  18.  *

  19.  * <p>Like other algorithm-based classes in Java Security, SecureRandom 

  20.  * provides implementation-independent algorithms, whereby a caller 

  21.  * (application code) requests a particular PRNG algorithm

  22.  * and is handed back a SecureRandom object for that algorithm. It is

  23.  * also possible, if desired, to request a particular algorithm from a

  24.  * particular provider. See the <code>getInstance</code> methods.

  25.  *

  26.  * <p>Thus, there are two ways to request a SecureRandom object: by

  27.  * specifying either just an algorithm name, or both an algorithm name

  28.  * and a package provider.

  29.  *

  30.  * <ul>

  31.  *

  32.  * <li>If just an algorithm name is specified, as in:

  33.  * <pre>

  34.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  35.  * </pre>

  36.  * the system will determine if there is an implementation of the algorithm

  37.  * requested available in the environment, and if there is more than one, if

  38.  * there is a preferred one.<p>

  39.  * 

  40.  * <li>If both an algorithm name and a package provider are specified, as in:

  41.  * <pre>

  42.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");

  43.  * </pre>

  44.  * the system will determine if there is an implementation of the

  45.  * algorithm in the package requested, and throw an exception if there

  46.  * is not.

  47.  *

  48.  * </ul>

  49.  *

  50.  * <p>The SecureRandom implementation attempts to completely

  51.  * randomize the internal state of the generator itself unless

  52.  * the caller follows the call to a <code>getInstance</code> method

  53.  * with a call to the <code>setSeed</code> method:

  54.  * <pre>

  55.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  56.  *      random.setSeed(seed);

  57.  * </pre>

  58.  *

  59.  * <p>After the caller obtains the SecureRandom object from the

  60.  * <code>getInstance</code> call, it can call <code>nextBytes</code>

  61.  * to generate random bytes:

  62.  * <pre>

  63.  *      byte bytes[] = new byte[20];

  64.  *      random.nextBytes(bytes);

  65.  * </pre>

  66.  *

  67.  * <p>The caller may also invoke the <code>generateSeed</code> method

  68.  * to generate a given number of seed bytes (to seed other random number

  69.  * generators, for example):

  70.  * <pre>

  71.  *      byte seed[] = random.generateSeed(20);

  72.  * </pre>

  73.  *

  74.  * @see java.security.SecureRandomSpi

  75.  * @see java.util.Random

  76.  * 

  77.  * @version 1.36, 02/02/00

  78.  * @author Benjamin Renaud

  79.  * @author Josh Bloch 

  80.  */

  81. 

  82. public class SecureRandom extends java.util.Random {

  83. 

  84.     /**

  85.      * The provider.

  86.      *

  87.      * @serial

  88.      * @since 1.2

  89.      */

  90.     private Provider provider = null;

  91.  

  92.     /**

  93.      * The provider implementation.

  94.      *

  95.      * @serial

  96.      * @since 1.2

  97.      */

  98.     private SecureRandomSpi secureRandomSpi = null;

  99. 

  100.     // Seed Generator

  101.     private static SecureRandom seedGenerator = null;

  102. 

  103.     /**

  104.      * <p>By using this constructor, the caller obtains a SecureRandom object

  105.      * containing the implementation from the highest-priority installed

  106.      * provider that has a SecureRandom implementation.

  107.      * 

  108.      * <p>Note that this instance of SecureRandom has not been seeded.

  109.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  110.      * object.  If a call is not made to <code>setSeed</code>, the first call

  111.      * to the <code>nextBytes</code> method will force the SecureRandom object

  112.      * to seed itself.

  113.      *

  114.      * <p>This constructor is provided for backwards compatibility. 

  115.      * The caller is encouraged to use one of the alternative

  116.      * <code>getInstance</code> methods to obtain a SecureRandom object.

  117.      */

  118.     public SecureRandom() {

  119. 	/*

  120. 	 * This call to our superclass constructor will result in a call

  121. 	 * to our own <code>setSeed</code> method, which will return

  122. 	 * immediately when it is passed zero.

  123. 	 */

  124. 	super(0);

  125. 	String prng = getPrngAlgorithm();

  126. 	if (prng == null) {

  127. 	    // bummer, get the SUN implementation

  128. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  129. 	    this.provider = new sun.security.provider.Sun();

  130. 	} else {

  131. 	    try {

  132. 		SecureRandom random = SecureRandom.getInstance(prng);

  133. 		this.secureRandomSpi = random.getSecureRandomSpi();

  134. 		this.provider = random.getProvider();

  135. 	    } catch (NoSuchAlgorithmException nsae) {

  136. 		// never happens, because we made sure the algorithm exists

  137. 	    }

  138. 	}

  139.     }

  140. 

  141.     /**

  142.      * <p>By using this constructor, the caller obtains a SecureRandom object

  143.      * containing the implementation from the highest-priority installed

  144.      * provider that has a SecureRandom implementation. This constructor 

  145.      * uses a user-provided seed in

  146.      * preference to the self-seeding algorithm referred to in the empty

  147.      * constructor description. It may be preferable to the empty constructor

  148.      * if the caller has access to high-quality random bytes from some physical

  149.      * device (for example, a radiation detector or a noisy diode).

  150.      * 

  151.      * <p>This constructor is provided for backwards compatibility. 

  152.      * The caller is encouraged to use one of the alternative

  153.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  154.      * then to call the <code>setSeed</code> method to seed it.

  155.      * 

  156.      * @param seed the seed.

  157.      */

  158.     public SecureRandom(byte seed[]) {

  159. 	super(0);

  160. 	String prng = getPrngAlgorithm();

  161. 	if (prng == null) {

  162. 	    // bummer, get the SUN implementation

  163. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  164. 	    this.provider = new sun.security.provider.Sun();

  165. 	    this.secureRandomSpi.engineSetSeed(seed);

  166. 	} else {

  167. 	    try {

  168. 		SecureRandom random = getInstance(prng);

  169. 		this.secureRandomSpi = random.getSecureRandomSpi();

  170. 		this.provider = random.getProvider();

  171. 		this.secureRandomSpi.engineSetSeed(seed);

  172. 	    } catch (NoSuchAlgorithmException nsae) {

  173. 		// never happens, because we made sure the algorithm exists

  174. 	    }

  175. 	}

  176.     }

  177. 

  178.     /**

  179.      * Creates a SecureRandom object.

  180.      *

  181.      * @param secureRandomSpi the SecureRandom implementation.

  182.      * @param provider the provider.

  183.      */

  184.     protected SecureRandom(SecureRandomSpi secureRandomSpi,

  185. 			   Provider provider) {

  186. 	super(0);

  187. 	this.secureRandomSpi = secureRandomSpi;

  188. 	this.provider = provider;

  189.     }

  190. 

  191.     /**

  192.      * Generates a SecureRandom object that implements the specified

  193.      * Pseudo Random Number Generator (PRNG) algorithm. If the default

  194.      * provider package provides an implementation of the requested PRNG,

  195.      * an instance of SecureRandom containing that implementation is returned.

  196.      * If the PRNG is not available in the default 

  197.      * package, other packages are searched.

  198.      *

  199.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  200.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  201.      * object.  If a call is not made to <code>setSeed</code>, the first call

  202.      * to the <code>nextBytes</code> method will force the SecureRandom object

  203.      * to seed itself.

  204.      *

  205.      * @param algorithm the name of the PRNG algorithm.

  206.      * See Appendix A in the <a href=

  207.      * "../../../guide/security/CryptoSpec.html#AppA">

  208.      * Java Cryptography Architecture API Specification & Reference </a> 

  209.      * for information about standard PRNG algorithm names.

  210.      *

  211.      * @return the new SecureRandom object.

  212.      *

  213.      * @exception NoSuchAlgorithmException if the PRNG algorithm is

  214.      * not available in the caller's environment.

  215.      *

  216.      * @since 1.2

  217.      */

  218.     public static SecureRandom getInstance(String algorithm)

  219. 	throws NoSuchAlgorithmException {

  220. 	    try {

  221. 		Object[] objs = Security.getImpl(algorithm,

  222. 						 "SecureRandom",

  223. 						 null);

  224. 		return new SecureRandom((SecureRandomSpi)objs[0],

  225. 					(Provider)objs[1]);

  226. 	    } catch(NoSuchProviderException e) {

  227. 		throw new NoSuchAlgorithmException(algorithm + " not found");

  228. 	    }

  229.     }

  230. 

  231.     /**

  232.      * Generates a SecureRandom object for the specified PRNG

  233.      * algorithm, as supplied from the specified provider, if such a

  234.      * PRNG implementation is available from the provider.

  235.      *

  236.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  237.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  238.      * object.  If a call is not made to <code>setSeed</code>, the first call

  239.      * to the <code>nextBytes</code> method will force the SecureRandom object

  240.      * to seed itself.

  241.      *

  242.      * @param algorithm the name of the PRNG algorithm.

  243.      * See Appendix A in the <a href=

  244.      * "../../../guide/security/CryptoSpec.html#AppA">

  245.      * Java Cryptography Architecture API Specification & Reference </a> 

  246.      * for information about standard PRNG algorithm names.

  247.      *

  248.      * @param provider the name of the provider.

  249.      *

  250.      * @return the new SecureRandom object.

  251.      *

  252.      * @exception NoSuchAlgorithmException if the requested PRNG

  253.      * implementation is not available from the provider.

  254.      *

  255.      * @exception NoSuchProviderException if the provider has not been

  256.      * configured.

  257.      *

  258.      * @see Provider

  259.      *

  260.      * @since 1.2

  261.      */

  262.     public static SecureRandom getInstance(String algorithm, String provider)

  263. 	throws NoSuchAlgorithmException, NoSuchProviderException

  264.     {

  265. 	if (provider == null || provider.length() == 0)

  266. 	    throw new IllegalArgumentException("missing provider");

  267. 	Object[] objs = Security.getImpl(algorithm, "SecureRandom", provider);

  268. 	return new SecureRandom((SecureRandomSpi)objs[0], (Provider)objs[1]);

  269.     }

  270.  

  271.     /**

  272.      * Returns the SecureRandomSpi of this SecureRandom object.

  273.      */

  274.     SecureRandomSpi getSecureRandomSpi() {

  275. 	return secureRandomSpi;

  276.     }

  277. 

  278.     /**

  279.      * Returns the provider of this SecureRandom object.

  280.      *

  281.      * @return the provider of this SecureRandom object.

  282.      */

  283.     public final Provider getProvider() {

  284. 	return provider;

  285.     }

  286. 

  287.     /**

  288.      * Reseeds this random object. The given seed supplements, rather than

  289.      * replaces, the existing seed. Thus, repeated calls are guaranteed

  290.      * never to reduce randomness.

  291.      *

  292.      * @param seed the seed.

  293.      */

  294.     synchronized public void setSeed(byte[] seed) {

  295. 	secureRandomSpi.engineSetSeed(seed);

  296.     }

  297. 

  298.     /**

  299.      * Reseeds this random object, using the eight bytes contained 

  300.      * in the given <code>long seed</code>. The given seed supplements, 

  301.      * rather than replaces, the existing seed. Thus, repeated calls 

  302.      * are guaranteed never to reduce randomness. 

  303.      * 

  304.      * <p>This method is defined for compatibility with 

  305.      * <code>java.util.Random</code>.

  306.      *

  307.      * @param seed the seed.

  308.      */

  309.     public void setSeed(long seed) {

  310. 	/* 

  311. 	 * Ignore call from super constructor (as well as any other calls

  312. 	 * unfortunate enough to be passing 0).  It's critical that we

  313. 	 * ignore call from superclass constructor, as digest has not

  314. 	 * yet been initialized at that point.

  315. 	 */

  316. 	if (seed != 0)

  317. 	    secureRandomSpi.engineSetSeed(longToByteArray(seed));

  318.     }

  319. 

  320.     /**

  321.      * Generates a user-specified number of random bytes.  This method is

  322.      * used as the basis of all random entities returned by this class

  323.      * (except seed bytes).

  324.      * 

  325.      * @param bytes the array to be filled in with random bytes.

  326.      */

  327. 

  328.     synchronized public void nextBytes(byte[] bytes) {

  329. 	secureRandomSpi.engineNextBytes(bytes);

  330.     }

  331. 

  332.     /**

  333.      * Generates an integer containing the user-specified number of

  334.      * pseudo-random bits (right justified, with leading zeros).  This

  335.      * method overrides a <code>java.util.Random</code> method, and serves

  336.      * to provide a source of random bits to all of the methods inherited

  337.      * from that class (for example, <code>nextInt</code>,

  338.      * <code>nextLong</code>, and <code>nextFloat</code>).

  339.      *

  340.      * @param numBits number of pseudo-random bits to be generated, where

  341.      * 0 <= <code>numBits</code> <= 32.

  342.      *

  343.      * @return an <code>int</code> containing the user-specified number

  344.      * of pseudo-random bits (right justified, with leading zeros).

  345.      */

  346.     final protected int next(int numBits) {

  347. 	int numBytes = (numBits+7)/8;

  348. 	byte b[] = new byte[numBytes];

  349. 	int next = 0;

  350.  

  351. 	nextBytes(b);

  352. 	for (int i=0; i<numBytes; i++)

  353. 	    next = (next << 8) + (b[i] & 0xFF);

  354.  

  355. 	return next >>> (numBytes*8 - numBits);

  356.     }

  357. 

  358.     /**

  359.      * Returns the given number of seed bytes, computed using the seed

  360.      * generation algorithm that this class uses to seed itself.  This

  361.      * call may be used to seed other random number generators.

  362.      *

  363.      * <p>This method is only included for backwards compatibility. 

  364.      * The caller is encouraged to use one of the alternative

  365.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  366.      * then call the <code>generateSeed</code> method to obtain seed bytes

  367.      * from that object.

  368.      *

  369.      * @param numBytes the number of seed bytes to generate.

  370.      * 

  371.      * @return the seed bytes.

  372.      */

  373.      public static byte[] getSeed(int numBytes) {

  374. 	if (seedGenerator == null)

  375. 	    seedGenerator = new SecureRandom();

  376. 	return seedGenerator.generateSeed(numBytes);

  377.      }

  378. 

  379.     /**

  380.      * Returns the given number of seed bytes, computed using the seed

  381.      * generation algorithm that this class uses to seed itself.  This

  382.      * call may be used to seed other random number generators.

  383.      *

  384.      * @param numBytes the number of seed bytes to generate.

  385.      * 

  386.      * @return the seed bytes.

  387.      */

  388.     public byte[] generateSeed(int numBytes) {

  389. 	return secureRandomSpi.engineGenerateSeed(numBytes);

  390.     }

  391. 

  392.     /**

  393.      * Helper function to convert a long into a byte array (least significant

  394.      * byte first).

  395.      */

  396.     private static byte[] longToByteArray(long l) {

  397. 	byte[] retVal = new byte[8];

  398. 

  399. 	for (int i=0; i<8; i++) {

  400. 	    retVal[i] = (byte) l;

  401. 	    l >>= 8;

  402. 	}

  403. 

  404. 	return retVal;

  405.     }

  406. 

  407.     /**

  408.      * Gets a default PRNG algorithm by looking through all registered

  409.      * providers. Returns the first PRNG algorithm of the first provider that

  410.      * has registered a SecureRandom implementation, or null if none of the

  411.      * registered providers supplies a SecureRandom implementation.

  412.      */

  413.     private static String getPrngAlgorithm() {

  414. 	Provider[] provs = Security.getProviders();

  415. 	for (int i=0; i<provs.length; i++) {

  416. 	    // search the provider's properties list for a property name

  417. 	    // that starts with "SecureRandom."

  418. 	    for (Enumeration e = provs[i].propertyNames();

  419. 		 e.hasMoreElements();) {

  420. 		String propName = (String)e.nextElement();

  421. 		if (propName.startsWith("SecureRandom.")) {

  422. 		    int index = propName.indexOf(".", 0);

  423. 		    return propName.substring(index+1);

  424. 		}

  425. 	    }

  426. 	}

  427. 	return null;

  428.     }

  429. 

  430.     // Declare serialVersionUID to be compatible with JDK1.1

  431.     static final long serialVersionUID = 4940670005562187L;

  432. 

  433.     // Retain unused values serialized from JDK1.1

  434.     /**

  435.      * @serial

  436.      */

  437.     private byte[] state;

  438.     /**

  439.      * @serial

  440.      */

  441.     private MessageDigest digest = null;

  442.     /**

  443.      * @serial

  444.      *

  445.      * We know that the MessageDigest class does not implement

  446.      * java.io.Serializable.  However, since this field is no longer

  447.      * used, it will always be NULL and won't affect the serialization

  448.      * of the SecureRandom class itself.

  449.      */

  450.     private byte[] randomBytes;

  451.     /**

  452.      * @serial

  453.      */

  454.     private int randomBytesUsed;

  455.     /**

  456.      * @serial

  457.      */

  458.     private long counter;

  459. }