private byte[] getEntropy() {
byte[] entropy = _entropySource.getEntropy();
if (entropy.length < (_securityStrength + 7) / 8) {
throw new IllegalStateException("Insufficient entropy provided by entropy source");
}
return entropy;
}
/**
* Construct a SP800-90A CTR DRBG.
*
* <p>Minimum entropy requirement is the security strength requested.
*
* @param engine underlying block cipher to use to support DRBG
* @param keySizeInBits size of the key to use with the block cipher.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public CTRSP800DRBG(
BlockCipher engine,
int keySizeInBits,
int securityStrength,
EntropySource entropySource,
byte[] personalizationString,
byte[] nonce) {
_entropySource = entropySource;
_engine = engine;
_keySizeInBits = keySizeInBits;
_securityStrength = securityStrength;
_seedLength = keySizeInBits + engine.getBlockSize() * 8;
_isTDEA = isTDEA(engine);
if (securityStrength > 256) {
throw new IllegalArgumentException(
"Requested security strength is not supported by the derivation function");
}
if (getMaxSecurityStrength(engine, keySizeInBits) < securityStrength) {
throw new IllegalArgumentException(
"Requested security strength is not supported by block cipher and key size");
}
if (entropySource.entropySize() < securityStrength) {
throw new IllegalArgumentException("Not enough entropy for security strength required");
}
byte[] entropy = getEntropy(); // Get_entropy_input
CTR_DRBG_Instantiate_algorithm(entropy, nonce, personalizationString);
}
/**
* Construct a SP800-90A Hash DRBG.
*
* <p>Minimum entropy requirement is the security strength requested.
*
* @param digest source digest to use for DRB stream.
* @param securityStrength security strength required (in bits)
* @param entropySource source of entropy to use for seeding/reseeding.
* @param personalizationString personalization string to distinguish this DRBG (may be null).
* @param nonce nonce to further distinguish this DRBG (may be null).
*/
public HashSP800DRBG(
Digest digest,
int securityStrength,
EntropySource entropySource,
byte[] personalizationString,
byte[] nonce) {
if (securityStrength > Utils.getMaxSecurityStrength(digest)) {
throw new IllegalArgumentException(
"Requested security strength is not supported by the derivation function");
}
if (entropySource.entropySize() < securityStrength) {
throw new IllegalArgumentException("Not enough entropy for security strength required");
}
_digest = digest;
_entropySource = entropySource;
_securityStrength = securityStrength;
_seedLength = ((Integer) seedlens.get(digest.getAlgorithmName())).intValue();
// 1. seed_material = entropy_input || nonce || personalization_string.
// 2. seed = Hash_df (seed_material, seedlen).
// 3. V = seed.
// 4. C = Hash_df ((0x00 || V), seedlen). Comment: Preceed V with a byte
// of zeros.
// 5. reseed_counter = 1.
// 6. Return V, C, and reseed_counter as the initial_working_state
byte[] entropy = getEntropy();
byte[] seedMaterial = Arrays.concatenate(entropy, nonce, personalizationString);
byte[] seed = Utils.hash_df(_digest, seedMaterial, _seedLength);
_V = seed;
byte[] subV = new byte[_V.length + 1];
System.arraycopy(_V, 0, subV, 1, _V.length);
_C = Utils.hash_df(_digest, subV, _seedLength);
_reseedCounter = 1;
}