Пример #1
0
 private byte[] getEntropy() {
   byte[] entropy = _entropySource.getEntropy();
   if (entropy.length < (_securityStrength + 7) / 8) {
     throw new IllegalStateException("Insufficient entropy provided by entropy source");
   }
   return entropy;
 }
Пример #2
0
  /**
   * Construct a SP800-90A CTR DRBG.
   *
   * <p>Minimum entropy requirement is the security strength requested.
   *
   * @param engine underlying block cipher to use to support DRBG
   * @param keySizeInBits size of the key to use with the block cipher.
   * @param securityStrength security strength required (in bits)
   * @param entropySource source of entropy to use for seeding/reseeding.
   * @param personalizationString personalization string to distinguish this DRBG (may be null).
   * @param nonce nonce to further distinguish this DRBG (may be null).
   */
  public CTRSP800DRBG(
      BlockCipher engine,
      int keySizeInBits,
      int securityStrength,
      EntropySource entropySource,
      byte[] personalizationString,
      byte[] nonce) {
    _entropySource = entropySource;
    _engine = engine;

    _keySizeInBits = keySizeInBits;
    _securityStrength = securityStrength;
    _seedLength = keySizeInBits + engine.getBlockSize() * 8;
    _isTDEA = isTDEA(engine);

    if (securityStrength > 256) {
      throw new IllegalArgumentException(
          "Requested security strength is not supported by the derivation function");
    }

    if (getMaxSecurityStrength(engine, keySizeInBits) < securityStrength) {
      throw new IllegalArgumentException(
          "Requested security strength is not supported by block cipher and key size");
    }

    if (entropySource.entropySize() < securityStrength) {
      throw new IllegalArgumentException("Not enough entropy for security strength required");
    }

    byte[] entropy = getEntropy(); // Get_entropy_input

    CTR_DRBG_Instantiate_algorithm(entropy, nonce, personalizationString);
  }
Пример #3
0
  /**
   * Construct a SP800-90A Hash DRBG.
   *
   * <p>Minimum entropy requirement is the security strength requested.
   *
   * @param digest source digest to use for DRB stream.
   * @param securityStrength security strength required (in bits)
   * @param entropySource source of entropy to use for seeding/reseeding.
   * @param personalizationString personalization string to distinguish this DRBG (may be null).
   * @param nonce nonce to further distinguish this DRBG (may be null).
   */
  public HashSP800DRBG(
      Digest digest,
      int securityStrength,
      EntropySource entropySource,
      byte[] personalizationString,
      byte[] nonce) {
    if (securityStrength > Utils.getMaxSecurityStrength(digest)) {
      throw new IllegalArgumentException(
          "Requested security strength is not supported by the derivation function");
    }

    if (entropySource.entropySize() < securityStrength) {
      throw new IllegalArgumentException("Not enough entropy for security strength required");
    }

    _digest = digest;
    _entropySource = entropySource;
    _securityStrength = securityStrength;
    _seedLength = ((Integer) seedlens.get(digest.getAlgorithmName())).intValue();

    // 1. seed_material = entropy_input || nonce || personalization_string.
    // 2. seed = Hash_df (seed_material, seedlen).
    // 3. V = seed.
    // 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte
    // of zeros.
    // 5. reseed_counter = 1.
    // 6. Return V, C, and reseed_counter as the initial_working_state

    byte[] entropy = getEntropy();
    byte[] seedMaterial = Arrays.concatenate(entropy, nonce, personalizationString);
    byte[] seed = Utils.hash_df(_digest, seedMaterial, _seedLength);

    _V = seed;
    byte[] subV = new byte[_V.length + 1];
    System.arraycopy(_V, 0, subV, 1, _V.length);
    _C = Utils.hash_df(_digest, subV, _seedLength);

    _reseedCounter = 1;
  }