Path: blob/master/src/java.base/share/classes/sun/security/provider/HmacDrbg.java
41159 views
/*1* Copyright (c) 2016, 2020, Oracle and/or its affiliates. All rights reserved.2* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.3*4* This code is free software; you can redistribute it and/or modify it5* under the terms of the GNU General Public License version 2 only, as6* published by the Free Software Foundation. Oracle designates this7* particular file as subject to the "Classpath" exception as provided8* by Oracle in the LICENSE file that accompanied this code.9*10* This code is distributed in the hope that it will be useful, but WITHOUT11* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or12* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License13* version 2 for more details (a copy is included in the LICENSE file that14* accompanied this code).15*16* You should have received a copy of the GNU General Public License version17* 2 along with this work; if not, write to the Free Software Foundation,18* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.19*20* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA21* or visit www.oracle.com if you need additional information or have any22* questions.23*/2425package sun.security.provider;2627import javax.crypto.Mac;28import javax.crypto.spec.SecretKeySpec;29import java.security.InvalidKeyException;30import java.security.NoSuchAlgorithmException;31import java.security.NoSuchProviderException;32import java.security.SecureRandomParameters;33import java.util.Arrays;34import java.util.Collections;35import java.util.HexFormat;36import java.util.List;3738public class HmacDrbg extends AbstractHashDrbg {3940private Mac mac;4142private String macAlg;4344private byte[] v;45private byte[] k;4647public HmacDrbg(SecureRandomParameters params) {48mechName = "HMAC_DRBG";49configure(params);50}5152private void status() {53if (debug != null) {54debug.println(this, "V = " + HexFormat.of().formatHex(v));55debug.println(this, "Key = " + HexFormat.of().formatHex(k));56debug.println(this, "reseed counter = " + reseedCounter);57}58}5960// 800-90Ar1 10.1.2.2: HMAC_DRBG Update Process61private void update(List<byte[]> inputs) {62try {63// Step 1. K = HMAC (K, V || 0x00 || provided_data).64mac.init(new SecretKeySpec(k, macAlg));65mac.update(v);66mac.update((byte) 0);67for (byte[] input: inputs) {68mac.update(input);69}70k = mac.doFinal();7172// Step 2. V = HMAC (K, V).73mac.init(new SecretKeySpec(k, macAlg));74v = mac.doFinal(v);7576if (!inputs.isEmpty()) {77// Step 4. K = HMAC (K, V || 0x01 || provided_data).78mac.update(v);79mac.update((byte) 1);80for (byte[] input: inputs) {81mac.update(input);82}83k = mac.doFinal();8485// Step 5. V=HMAC(K,V).86mac.init(new SecretKeySpec(k, macAlg));87v = mac.doFinal(v);88} // else Step 38990// Step 6. Return91} catch (InvalidKeyException e) {92throw new InternalError(e);93}94}9596/**97* This call, used by the constructors, instantiates the digest.98*/99@Override100protected void initEngine() {101macAlg = "HmacSHA" + algorithm.substring(4);102try {103/*104* Use the local SunJCE implementation to avoid native105* performance overhead.106*/107mac = Mac.getInstance(macAlg, "SunJCE");108} catch (NoSuchProviderException | NoSuchAlgorithmException e) {109// Fallback to any available.110try {111mac = Mac.getInstance(macAlg);112} catch (NoSuchAlgorithmException exc) {113throw new InternalError(114"internal error: " + macAlg + " not available.", exc);115}116}117}118119// This method is used by both instantiation and reseeding.120@Override121protected final synchronized void hashReseedInternal(List<byte[]> input) {122123// 800-90Ar1 10.1.2.3: Instantiate Process.124// 800-90Ar1 10.1.2.4: Reseed Process.125if (v == null) {126k = new byte[outLen];127v = new byte[outLen];128Arrays.fill(v, (byte) 1);129}130131// Step 2: HMAC_DRBG_Update132update(input);133134// Step 3: reseed_counter = 1.135reseedCounter = 1;136//status();137138// Step 4: Return139}140141/**142* Generates a user-specified number of random bytes.143*144* @param result the array to be filled in with random bytes.145*/146@Override147public synchronized void generateAlgorithm(148byte[] result, byte[] additionalInput) {149150if (debug != null) {151debug.println(this, "generateAlgorithm");152}153154// 800-90Ar1 10.1.2.5: HMAC_DRBG_Generate Process155156// Step 1: Check reseed_counter. Will not fail. Already checked in157// AbstractDrbg#engineNextBytes.158159// Step 2. HMAC_DRBG_Update160if (additionalInput != null) {161update(Collections.singletonList(additionalInput));162}163164// Step 3. temp = Null.165int pos = 0;166int len = result.length;167168// Step 4. Loop169while (len > 0) {170// Step 4.1 V = HMAC (Key, V).171try {172mac.init(new SecretKeySpec(k, macAlg));173} catch (InvalidKeyException e) {174throw new InternalError(e);175}176v = mac.doFinal(v);177// Step 4.2 temp = temp || V.178System.arraycopy(v, 0, result, pos,179len > outLen ? outLen : len);180181len -= outLen;182if (len <= 0) {183// shortcut, so that pos needn't be updated184break;185}186pos += outLen;187}188189// Step 5: No need to truncate190191// Step 6. HMAC_DRBG_Update (additional_input, Key, V).192if (additionalInput != null) {193update(Collections.singletonList(additionalInput));194} else {195update(Collections.emptyList());196}197198// Step 7. reseed_counter = reseed_counter + 1.199reseedCounter++;200201//status();202203// Step 8. Return204}205}206207208