1. /*

  2.  * @(#)SecureRandom.java	1.42 03/01/23

  3.  *

  4.  * Copyright 2003 Sun Microsystems, Inc. All rights reserved.

  5.  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.

  6.  */

  7.  

  8. package java.security;

  9. 

  10. import java.util.Enumeration;

  11. 

  12. /**

  13.  * <p>This class provides a cryptographically strong pseudo-random number

  14.  * generator (PRNG). A cryptographically strong pseudo-random number

  15.  * minimally complies with the statistical random number generator tests

  16.  * specified in <a href="http://csrc.nist.gov/cryptval/140-2.htm"><i>FIPS 140-2, Security Requirements for Cryptographic Modules</i></a>, section 4.9.1.

  17.  * Additionally, SecureRandom must produce non-deterministic 

  18.  * output and therefore it is required that the seed material be unpredictable

  19.  * and that output of SecureRandom be cryptographically strong sequences as

  20.  * described in <a href="http://www.ietf.org/rfc/rfc1750.txt"><i>RFC 1750: Randomness Recommendations for Security</i></a>.

  21.  * 

  22.  * <p>Like other algorithm-based classes in Java Security, SecureRandom 

  23.  * provides implementation-independent algorithms, whereby a caller 

  24.  * (application code) requests a particular PRNG algorithm

  25.  * and is handed back a SecureRandom object for that algorithm. It is

  26.  * also possible, if desired, to request a particular algorithm from a

  27.  * particular provider. See the <code>getInstance</code> methods.

  28.  *

  29.  * <p>Thus, there are two ways to request a SecureRandom object: by

  30.  * specifying either just an algorithm name, or both an algorithm name

  31.  * and a package provider.

  32.  *

  33.  * <ul>

  34.  *

  35.  * <li>If just an algorithm name is specified, as in:

  36.  * <pre>

  37.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  38.  * </pre>

  39.  * the system will determine if there is an implementation of the algorithm

  40.  * requested available in the environment, and if there is more than one, if

  41.  * there is a preferred one.<p>

  42.  * 

  43.  * <li>If both an algorithm name and a package provider are specified, as in:

  44.  * <pre>

  45.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");

  46.  * </pre>

  47.  * the system will determine if there is an implementation of the

  48.  * algorithm in the package requested, and throw an exception if there

  49.  * is not.

  50.  *

  51.  * </ul>

  52.  *

  53.  * <p>The SecureRandom implementation attempts to completely

  54.  * randomize the internal state of the generator itself unless

  55.  * the caller follows the call to a <code>getInstance</code> method

  56.  * with a call to the <code>setSeed</code> method:

  57.  * <pre>

  58.  *      SecureRandom random = SecureRandom.getInstance("SHA1PRNG");

  59.  *      random.setSeed(seed);

  60.  * </pre>

  61.  *

  62.  * <p>After the caller obtains the SecureRandom object from the

  63.  * <code>getInstance</code> call, it can call <code>nextBytes</code>

  64.  * to generate random bytes:

  65.  * <pre>

  66.  *      byte bytes[] = new byte[20];

  67.  *      random.nextBytes(bytes);

  68.  * </pre>

  69.  *

  70.  * <p>The caller may also invoke the <code>generateSeed</code> method

  71.  * to generate a given number of seed bytes (to seed other random number

  72.  * generators, for example):

  73.  * <pre>

  74.  *      byte seed[] = random.generateSeed(20);

  75.  * </pre>

  76.  *

  77.  * @see java.security.SecureRandomSpi

  78.  * @see java.util.Random

  79.  * 

  80.  * @version 1.42, 01/23/03

  81.  * @author Benjamin Renaud

  82.  * @author Josh Bloch 

  83.  */

  84. 

  85. public class SecureRandom extends java.util.Random {

  86. 

  87.     /**

  88.      * The provider.

  89.      *

  90.      * @serial

  91.      * @since 1.2

  92.      */

  93.     private Provider provider = null;

  94.  

  95.     /**

  96.      * The provider implementation.

  97.      *

  98.      * @serial

  99.      * @since 1.2

  100.      */

  101.     private SecureRandomSpi secureRandomSpi = null;

  102. 

  103.     // Seed Generator

  104.     private static SecureRandom seedGenerator = null;

  105. 

  106.     /**

  107.      * <p>By using this constructor, the caller obtains a SecureRandom object

  108.      * containing the implementation from the highest-priority installed

  109.      * provider that has a SecureRandom implementation.

  110.      * 

  111.      * <p>Note that this instance of SecureRandom has not been seeded.

  112.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  113.      * object.  If a call is not made to <code>setSeed</code>, the first call

  114.      * to the <code>nextBytes</code> method will force the SecureRandom object

  115.      * to seed itself.

  116.      *

  117.      * <p>This constructor is provided for backwards compatibility. 

  118.      * The caller is encouraged to use one of the alternative

  119.      * <code>getInstance</code> methods to obtain a SecureRandom object.

  120.      */

  121.     public SecureRandom() {

  122. 	/*

  123. 	 * This call to our superclass constructor will result in a call

  124. 	 * to our own <code>setSeed</code> method, which will return

  125. 	 * immediately when it is passed zero.

  126. 	 */

  127. 	super(0);

  128. 	String prng = getPrngAlgorithm();

  129. 	if (prng == null) {

  130. 	    // bummer, get the SUN implementation

  131. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  132. 	    this.provider = new sun.security.provider.Sun();

  133. 	} else {

  134. 	    try {

  135. 		SecureRandom random = SecureRandom.getInstance(prng);

  136. 		this.secureRandomSpi = random.getSecureRandomSpi();

  137. 		this.provider = random.getProvider();

  138. 	    } catch (NoSuchAlgorithmException nsae) {

  139. 		// never happens, because we made sure the algorithm exists

  140. 	    }

  141. 	}

  142.     }

  143. 

  144.     /**

  145.      * <p>By using this constructor, the caller obtains a SecureRandom object

  146.      * containing the implementation from the highest-priority installed

  147.      * provider that has a SecureRandom implementation. This constructor 

  148.      * uses a user-provided seed in

  149.      * preference to the self-seeding algorithm referred to in the empty

  150.      * constructor description. It may be preferable to the empty constructor

  151.      * if the caller has access to high-quality random bytes from some physical

  152.      * device (for example, a radiation detector or a noisy diode).

  153.      * 

  154.      * <p>This constructor is provided for backwards compatibility. 

  155.      * The caller is encouraged to use one of the alternative

  156.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  157.      * then to call the <code>setSeed</code> method to seed it.

  158.      * 

  159.      * @param seed the seed.

  160.      */

  161.     public SecureRandom(byte seed[]) {

  162. 	super(0);

  163. 	String prng = getPrngAlgorithm();

  164. 	if (prng == null) {

  165. 	    // bummer, get the SUN implementation

  166. 	    this.secureRandomSpi = new sun.security.provider.SecureRandom();

  167. 	    this.provider = new sun.security.provider.Sun();

  168. 	    this.secureRandomSpi.engineSetSeed(seed);

  169. 	} else {

  170. 	    try {

  171. 		SecureRandom random = getInstance(prng);

  172. 		this.secureRandomSpi = random.getSecureRandomSpi();

  173. 		this.provider = random.getProvider();

  174. 		this.secureRandomSpi.engineSetSeed(seed);

  175. 	    } catch (NoSuchAlgorithmException nsae) {

  176. 		// never happens, because we made sure the algorithm exists

  177. 	    }

  178. 	}

  179.     }

  180. 

  181.     /**

  182.      * Creates a SecureRandom object.

  183.      *

  184.      * @param secureRandomSpi the SecureRandom implementation.

  185.      * @param provider the provider.

  186.      */

  187.     protected SecureRandom(SecureRandomSpi secureRandomSpi,

  188. 			   Provider provider) {

  189. 	super(0);

  190. 	this.secureRandomSpi = secureRandomSpi;

  191. 	this.provider = provider;

  192.     }

  193. 

  194.     /**

  195.      * Generates a SecureRandom object that implements the specified

  196.      * Pseudo Random Number Generator (PRNG) algorithm. If the default

  197.      * provider package provides an implementation of the requested PRNG,

  198.      * an instance of SecureRandom containing that implementation is returned.

  199.      * If the PRNG is not available in the default 

  200.      * package, other packages are searched.

  201.      *

  202.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  203.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  204.      * object.  If a call is not made to <code>setSeed</code>, the first call

  205.      * to the <code>nextBytes</code> method will force the SecureRandom object

  206.      * to seed itself.

  207.      *

  208.      * @param algorithm the name of the PRNG algorithm.

  209.      * See Appendix A in the <a href=

  210.      * "../../../guide/security/CryptoSpec.html#AppA">

  211.      * Java Cryptography Architecture API Specification & Reference </a> 

  212.      * for information about standard PRNG algorithm names.

  213.      *

  214.      * @return the new SecureRandom object.

  215.      *

  216.      * @exception NoSuchAlgorithmException if the PRNG algorithm is

  217.      * not available in the caller's environment.

  218.      *

  219.      * @since 1.2

  220.      */

  221.     public static SecureRandom getInstance(String algorithm)

  222. 	throws NoSuchAlgorithmException {

  223. 	    try {

  224. 		Object[] objs = Security.getImpl(algorithm,

  225. 						 "SecureRandom",

  226. 						 (String)null);

  227. 		return new SecureRandom((SecureRandomSpi)objs[0],

  228. 					(Provider)objs[1]);

  229. 	    } catch (NoSuchProviderException e) {

  230. 		throw new NoSuchAlgorithmException(algorithm + " not found");

  231. 	    }

  232.     }

  233. 

  234.     /**

  235.      * Generates a SecureRandom object for the specified PRNG

  236.      * algorithm, as supplied from the specified provider, if such a

  237.      * PRNG implementation is available from the provider.

  238.      *

  239.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  240.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  241.      * object.  If a call is not made to <code>setSeed</code>, the first call

  242.      * to the <code>nextBytes</code> method will force the SecureRandom object

  243.      * to seed itself.

  244.      *

  245.      * @param algorithm the name of the PRNG algorithm.

  246.      * See Appendix A in the <a href=

  247.      * "../../../guide/security/CryptoSpec.html#AppA">

  248.      * Java Cryptography Architecture API Specification & Reference </a> 

  249.      * for information about standard PRNG algorithm names.

  250.      *

  251.      * @param provider the name of the provider.

  252.      *

  253.      * @return the new SecureRandom object.

  254.      *

  255.      * @exception NoSuchAlgorithmException if the requested PRNG

  256.      * implementation is not available from the provider.

  257.      *

  258.      * @exception NoSuchProviderException if the provider has not been

  259.      * configured.

  260.      *

  261.      * @exception IllegalArgumentException if the provider name is null

  262.      * or empty.

  263.      *

  264.      * @see Provider

  265.      *

  266.      * @since 1.2

  267.      */

  268.     public static SecureRandom getInstance(String algorithm, String provider)

  269. 	throws NoSuchAlgorithmException, NoSuchProviderException

  270.     {

  271. 	if (provider == null || provider.length() == 0)

  272. 	    throw new IllegalArgumentException("missing provider");

  273. 	Object[] objs = Security.getImpl(algorithm, "SecureRandom", provider);

  274. 	return new SecureRandom((SecureRandomSpi)objs[0], (Provider)objs[1]);

  275.     }

  276. 

  277.     /**

  278.      * Generates a SecureRandom object for the specified PRNG

  279.      * algorithm, as supplied from the specified provider, if such a

  280.      * PRNG implementation is available from the provider.

  281.      * Note: the <code>provider</code> doesn't have to be registered. 

  282.      *

  283.      * <p>Note that the returned instance of SecureRandom has not been seeded.

  284.      * A call to the <code>setSeed</code> method will seed the SecureRandom

  285.      * object.  If a call is not made to <code>setSeed</code>, the first call

  286.      * to the <code>nextBytes</code> method will force the SecureRandom object

  287.      * to seed itself.

  288.      *

  289.      * @param algorithm the name of the PRNG algorithm.

  290.      * See Appendix A in the <a href=

  291.      * "../../../guide/security/CryptoSpec.html#AppA">

  292.      * Java Cryptography Architecture API Specification & Reference </a> 

  293.      * for information about standard PRNG algorithm names.

  294.      *

  295.      * @param provider the provider.

  296.      *

  297.      * @return the new SecureRandom object.

  298.      *

  299.      * @exception NoSuchAlgorithmException if the requested PRNG

  300.      * implementation is not available from the provider.

  301.      *

  302.      * @exception IllegalArgumentException if the <code>provider</code> is

  303.      * null.

  304.      *

  305.      * @see Provider

  306.      *

  307.      * @since 1.4

  308.      */

  309.     public static SecureRandom getInstance(String algorithm,

  310. 					   Provider provider)

  311. 	throws NoSuchAlgorithmException

  312.     {

  313. 	if (provider == null)

  314. 	    throw new IllegalArgumentException("missing provider");

  315. 	Object[] objs = Security.getImpl(algorithm, "SecureRandom", provider);

  316. 	return new SecureRandom((SecureRandomSpi)objs[0], (Provider)objs[1]);

  317.     }

  318.  

  319.     /**

  320.      * Returns the SecureRandomSpi of this SecureRandom object.

  321.      */

  322.     SecureRandomSpi getSecureRandomSpi() {

  323. 	return secureRandomSpi;

  324.     }

  325. 

  326.     /**

  327.      * Returns the provider of this SecureRandom object.

  328.      *

  329.      * @return the provider of this SecureRandom object.

  330.      */

  331.     public final Provider getProvider() {

  332. 	return provider;

  333.     }

  334. 

  335.     /**

  336.      * Reseeds this random object. The given seed supplements, rather than

  337.      * replaces, the existing seed. Thus, repeated calls are guaranteed

  338.      * never to reduce randomness.

  339.      *

  340.      * @param seed the seed.

  341.      *

  342.      * @see #getSeed

  343.      */

  344.     synchronized public void setSeed(byte[] seed) {

  345. 	secureRandomSpi.engineSetSeed(seed);

  346.     }

  347. 

  348.     /**

  349.      * Reseeds this random object, using the eight bytes contained 

  350.      * in the given <code>long seed</code>. The given seed supplements, 

  351.      * rather than replaces, the existing seed. Thus, repeated calls 

  352.      * are guaranteed never to reduce randomness. 

  353.      * 

  354.      * <p>This method is defined for compatibility with 

  355.      * <code>java.util.Random</code>.

  356.      *

  357.      * @param seed the seed.

  358.      *

  359.      * @see #getSeed

  360.      */

  361.     public void setSeed(long seed) {

  362. 	/* 

  363. 	 * Ignore call from super constructor (as well as any other calls

  364. 	 * unfortunate enough to be passing 0).  It's critical that we

  365. 	 * ignore call from superclass constructor, as digest has not

  366. 	 * yet been initialized at that point.

  367. 	 */

  368. 	if (seed != 0)

  369. 	    secureRandomSpi.engineSetSeed(longToByteArray(seed));

  370.     }

  371. 

  372.     /**

  373.      * Generates a user-specified number of random bytes.  This method is

  374.      * used as the basis of all random entities returned by this class

  375.      * (except seed bytes).

  376.      * 

  377.      * @param bytes the array to be filled in with random bytes.

  378.      */

  379. 

  380.     synchronized public void nextBytes(byte[] bytes) {

  381. 	secureRandomSpi.engineNextBytes(bytes);

  382.     }

  383. 

  384.     /**

  385.      * Generates an integer containing the user-specified number of

  386.      * pseudo-random bits (right justified, with leading zeros).  This

  387.      * method overrides a <code>java.util.Random</code> method, and serves

  388.      * to provide a source of random bits to all of the methods inherited

  389.      * from that class (for example, <code>nextInt</code>,

  390.      * <code>nextLong</code>, and <code>nextFloat</code>).

  391.      *

  392.      * @param numBits number of pseudo-random bits to be generated, where

  393.      * 0 <= <code>numBits</code> <= 32.

  394.      *

  395.      * @return an <code>int</code> containing the user-specified number

  396.      * of pseudo-random bits (right justified, with leading zeros).

  397.      */

  398.     final protected int next(int numBits) {

  399. 	int numBytes = (numBits+7)/8;

  400. 	byte b[] = new byte[numBytes];

  401. 	int next = 0;

  402.  

  403. 	nextBytes(b);

  404. 	for (int i = 0; i < numBytes; i++)

  405. 	    next = (next << 8) + (b[i] & 0xFF);

  406.  

  407. 	return next >>> (numBytes*8 - numBits);

  408.     }

  409. 

  410.     /**

  411.      * Returns the given number of seed bytes, computed using the seed

  412.      * generation algorithm that this class uses to seed itself.  This

  413.      * call may be used to seed other random number generators.

  414.      *

  415.      * <p>This method is only included for backwards compatibility. 

  416.      * The caller is encouraged to use one of the alternative

  417.      * <code>getInstance</code> methods to obtain a SecureRandom object, and

  418.      * then call the <code>generateSeed</code> method to obtain seed bytes

  419.      * from that object.

  420.      *

  421.      * @param numBytes the number of seed bytes to generate.

  422.      * 

  423.      * @return the seed bytes.

  424.      *

  425.      * @see #setSeed

  426.      */

  427.     public static byte[] getSeed(int numBytes) {

  428. 	if (seedGenerator == null)

  429. 	    seedGenerator = new SecureRandom();

  430. 	return seedGenerator.generateSeed(numBytes);

  431.     }

  432. 

  433.     /**

  434.      * Returns the given number of seed bytes, computed using the seed

  435.      * generation algorithm that this class uses to seed itself.  This

  436.      * call may be used to seed other random number generators.

  437.      *

  438.      * @param numBytes the number of seed bytes to generate.

  439.      * 

  440.      * @return the seed bytes.

  441.      */

  442.     public byte[] generateSeed(int numBytes) {

  443. 	return secureRandomSpi.engineGenerateSeed(numBytes);

  444.     }

  445. 

  446.     /**

  447.      * Helper function to convert a long into a byte array (least significant

  448.      * byte first).

  449.      */

  450.     private static byte[] longToByteArray(long l) {

  451. 	byte[] retVal = new byte[8];

  452. 

  453. 	for (int i = 0; i < 8; i++) {

  454. 	    retVal[i] = (byte) l;

  455. 	    l >>= 8;

  456. 	}

  457. 

  458. 	return retVal;

  459.     }

  460. 

  461.     /**

  462.      * Gets a default PRNG algorithm by looking through all registered

  463.      * providers. Returns the first PRNG algorithm of the first provider that

  464.      * has registered a SecureRandom implementation, or null if none of the

  465.      * registered providers supplies a SecureRandom implementation.

  466.      */

  467.     private static String getPrngAlgorithm() {

  468. 	Provider[] provs = Security.getProviders();

  469. 	for (int i = 0; i < provs.length; i++) {

  470. 	    // search the provider's properties list for a property name

  471. 	    // that starts with "SecureRandom."

  472. 	    for (Enumeration e = provs[i].propertyNames();

  473. 		 e.hasMoreElements();) {

  474. 		String propName = (String)e.nextElement();

  475. 		// if property name is followed by an atttribute, skip it

  476. 		if ((propName.startsWith("SecureRandom.")) &&

  477. 		    (propName.indexOf(' ') < 0)) {

  478. 		    int index = propName.indexOf(".", 0);

  479.                     return propName.substring(index+1);

  480.                 }

  481. 	    }

  482. 	}

  483. 	return null;

  484.     }

  485. 

  486.     // Declare serialVersionUID to be compatible with JDK1.1

  487.     static final long serialVersionUID = 4940670005562187L;

  488. 

  489.     // Retain unused values serialized from JDK1.1

  490.     /**

  491.      * @serial

  492.      */

  493.     private byte[] state;

  494.     /**

  495.      * @serial

  496.      */

  497.     private MessageDigest digest = null;

  498.     /**

  499.      * @serial

  500.      *

  501.      * We know that the MessageDigest class does not implement

  502.      * java.io.Serializable.  However, since this field is no longer

  503.      * used, it will always be NULL and won't affect the serialization

  504.      * of the SecureRandom class itself.

  505.      */

  506.     private byte[] randomBytes;

  507.     /**

  508.      * @serial

  509.      */

  510.     private int randomBytesUsed;

  511.     /**

  512.      * @serial

  513.      */

  514.     private long counter;

  515. }