/**
* Reseed the DRBG.
*
* @param additionalInput additional input to be added to the DRBG in this step.
*/
public void reseed(byte[] additionalInput) {
// 1. seed_material = 0x01 || V || entropy_input || additional_input.
//
// 2. seed = Hash_df (seed_material, seedlen).
//
// 3. V = seed.
//
// 4. C = Hash_df ((0x00 || V), seedlen).
//
// 5. reseed_counter = 1.
//
// 6. Return V, C, and reseed_counter for the new_working_state.
//
// Comment: Precede with a byte of all zeros.
byte[] entropy = getEntropy();
byte[] seedMaterial = Arrays.concatenate(ONE, _V, entropy, additionalInput);
byte[] seed = Utils.hash_df(_digest, seedMaterial, _seedLength);
_V = seed;
byte[] subV = new byte[_V.length + 1];
subV[0] = 0x00;
System.arraycopy(_V, 0, subV, 1, _V.length);
_C = Utils.hash_df(_digest, subV, _seedLength);
_reseedCounter = 1;
}
private void CTR_DRBG_Reseed_algorithm(byte[] additionalInput) {
byte[] seedMaterial = Arrays.concatenate(getEntropy(), additionalInput);
seedMaterial = Block_Cipher_df(seedMaterial, _seedLength);
CTR_DRBG_Update(seedMaterial, _Key, _V);
_reseedCounter = 1;
}
protected int[] getCipherSuites() {
return Arrays.concatenate(
super.getCipherSuites(),
new int[] {
CipherSuite.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
CipherSuite.TLS_ECDHE_RSA_WITH_ESTREAM_SALSA20_SHA1,
CipherSuite.TLS_ECDHE_RSA_WITH_SALSA20_SHA1,
CipherSuite.TLS_RSA_WITH_ESTREAM_SALSA20_SHA1,
CipherSuite.TLS_RSA_WITH_SALSA20_SHA1,
});
}
private void CTR_DRBG_Instantiate_algorithm(
byte[] entropy, byte[] nonce, byte[] personalisationString) {
byte[] seedMaterial = Arrays.concatenate(entropy, nonce, personalisationString);
byte[] seed = Block_Cipher_df(seedMaterial, _seedLength);
int outlen = _engine.getBlockSize();
_Key = new byte[(_keySizeInBits + 7) / 8];
_V = new byte[outlen];
// _Key & _V are modified by this call
CTR_DRBG_Update(seed, _Key, _V);
_reseedCounter = 1;
}
/**
* Construct a SP800-90A Hash DRBG.
*
* <p>Minimum entropy requirement is the security strength requested.
*
* @param digest source digest to use for DRB stream.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public HashSP800DRBG(
Digest digest,
int securityStrength,
EntropySource entropySource,
byte[] personalizationString,
byte[] nonce) {
if (securityStrength > Utils.getMaxSecurityStrength(digest)) {
throw new IllegalArgumentException(
"Requested security strength is not supported by the derivation function");
}
if (entropySource.entropySize() < securityStrength) {
throw new IllegalArgumentException("Not enough entropy for security strength required");
}
_digest = digest;
_entropySource = entropySource;
_securityStrength = securityStrength;
_seedLength = ((Integer) seedlens.get(digest.getAlgorithmName())).intValue();
// 1. seed_material = entropy_input || nonce || personalization_string.
// 2. seed = Hash_df (seed_material, seedlen).
// 3. V = seed.
// 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte
// of zeros.
// 5. reseed_counter = 1.
// 6. Return V, C, and reseed_counter as the initial_working_state
byte[] entropy = getEntropy();
byte[] seedMaterial = Arrays.concatenate(entropy, nonce, personalizationString);
byte[] seed = Utils.hash_df(_digest, seedMaterial, _seedLength);
_V = seed;
byte[] subV = new byte[_V.length + 1];
System.arraycopy(_V, 0, subV, 1, _V.length);
_C = Utils.hash_df(_digest, subV, _seedLength);
_reseedCounter = 1;
}