URL https://opencores.org/ocsvn/openrisc/openrisc/trunk

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [gnu/] [javax/] [crypto/] [prng/] [Fortuna.java] - Blame information for rev 775

Go to most recent revision | Details | Compare with Previous | View Log


/* Fortuna.java -- The Fortuna PRNG.
   Copyright (C) 2004, 2006 Free Software Foundation, Inc.
 
This file is a part of GNU Classpath.
 
GNU Classpath is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at
your option) any later version.
 
GNU Classpath is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
General Public License for more details.
 
You should have received a copy of the GNU General Public License
along with GNU Classpath; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA
 
Linking this library statically or dynamically with other modules is
making a combined work based on this library.  Thus, the terms and
conditions of the GNU General Public License cover the whole
combination.
 
As a special exception, the copyright holders of this library give you
permission to link this library with independent modules to produce an
executable, regardless of the license terms of these independent
modules, and to copy and distribute the resulting executable under
terms of your choice, provided that you also meet, for each linked
independent module, the terms and conditions of the license of that
module.  An independent module is a module which is not derived from
or based on this library.  If you modify this library, you may extend
this exception to your version of the library, but you are not
obligated to do so.  If you do not wish to do so, delete this
exception statement from your version.  */
 
 
package gnu.javax.crypto.prng;
 
import gnu.java.security.Registry;
import gnu.java.security.hash.HashFactory;
import gnu.java.security.hash.IMessageDigest;
import gnu.java.security.prng.BasePRNG;
import gnu.java.security.prng.LimitReachedException;
import gnu.java.security.prng.RandomEvent;
import gnu.java.security.prng.RandomEventListener;
import gnu.javax.crypto.cipher.CipherFactory;
import gnu.javax.crypto.cipher.IBlockCipher;
 
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
 
/**
 * The Fortuna continuously-seeded pseudo-random number generator. This
 * generator is composed of two major pieces: the entropy accumulator and the
 * generator function. The former takes in random bits and incorporates them
 * into the generator's state. The latter takes this base entropy and generates
 * pseudo-random bits from it.
 * <p>
 * There are some things users of this class <em>must</em> be aware of:
 * <dl>
 * <dt>Adding Random Data</dt>
 * <dd>This class does not do any polling of random sources, but rather
 * provides an interface for adding random events. Applications that use this
 * code <em>must</em> provide this mechanism. We use this design because an
 * application writer who knows the system he is targeting is in a better
 * position to judge what random data is available.</dd>
 * <dt>Storing the Seed</dt>
 * <dd>This class implements {@link Serializable} in such a way that it writes
 * a 64 byte seed to the stream, and reads it back again when being
 * deserialized. This is the extent of seed file management, however, and those
 * using this class are encouraged to think deeply about when, how often, and
 * where to store the seed.</dd>
 * </dl>
 * <p>
 * <b>References:</b>
 * <ul>
 * <li>Niels Ferguson and Bruce Schneier, <i>Practical Cryptography</i>, pp.
 * 155--184. Wiley Publishing, Indianapolis. (2003 Niels Ferguson and Bruce
 * Schneier). ISBN 0-471-22357-3.</li>
 * </ul>
 */
public class Fortuna
    extends BasePRNG
    implements Serializable, RandomEventListener
{
  private static final long serialVersionUID = 0xFACADE;
  private static final int SEED_FILE_SIZE = 64;
  private static final int NUM_POOLS = 32;
  private static final int MIN_POOL_SIZE = 64;
  private final Generator generator;
  private final IMessageDigest[] pools;
  private long lastReseed;
  private int pool;
  private int pool0Count;
  private int reseedCount;
  public static final String SEED = "gnu.crypto.prng.fortuna.seed";
 
  public Fortuna()
  {
    super(Registry.FORTUNA_PRNG);
    generator = new Generator(CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER),
                              HashFactory.getInstance(Registry.SHA256_HASH));
    pools = new IMessageDigest[NUM_POOLS];
    for (int i = 0; i < NUM_POOLS; i++)
      pools[i] = HashFactory.getInstance(Registry.SHA256_HASH);
    lastReseed = 0;
    pool = 0;
    pool0Count = 0;
    buffer = new byte[256];
  }
 
  public void setup(Map attributes)
  {
    lastReseed = 0;
    reseedCount = 0;
    pool = 0;
    pool0Count = 0;
    generator.init(attributes);
    try
      {
        fillBlock();
      }
    catch (LimitReachedException shouldNotHappen)
      {
        throw new RuntimeException(shouldNotHappen);
      }
  }
 
  public void fillBlock() throws LimitReachedException
  {
    if (pool0Count >= MIN_POOL_SIZE
        && System.currentTimeMillis() - lastReseed > 100)
      {
        reseedCount++;
        byte[] seed = new byte[0];
        for (int i = 0; i < NUM_POOLS; i++)
          if (reseedCount % (1 << i) == 0)
            generator.addRandomBytes(pools[i].digest());
        lastReseed = System.currentTimeMillis();
        pool0Count = 0;
      }
    generator.nextBytes(buffer);
  }
 
  public void addRandomByte(byte b)
  {
    pools[pool].update(b);
    if (pool == 0)
      pool0Count++;
    pool = (pool + 1) % NUM_POOLS;
  }
 
  public void addRandomBytes(byte[] buf, int offset, int length)
  {
    pools[pool].update(buf, offset, length);
    if (pool == 0)
      pool0Count += length;
    pool = (pool + 1) % NUM_POOLS;
  }
 
  public void addRandomEvent(RandomEvent event)
  {
    if (event.getPoolNumber() < 0 || event.getPoolNumber() >= pools.length)
      throw new IllegalArgumentException("pool number out of range: "
                                         + event.getPoolNumber());
    pools[event.getPoolNumber()].update(event.getSourceNumber());
    pools[event.getPoolNumber()].update((byte) event.getData().length);
    pools[event.getPoolNumber()].update(event.getData());
    if (event.getPoolNumber() == 0)
      pool0Count += event.getData().length;
  }
 
  // Reading and writing this object is equivalent to storing and retrieving
  // the seed.
 
  private void writeObject(ObjectOutputStream out) throws IOException
  {
    byte[] seed = new byte[SEED_FILE_SIZE];
    try
      {
        generator.nextBytes(seed);
      }
    catch (LimitReachedException shouldNeverHappen)
      {
        throw new Error(shouldNeverHappen);
      }
    out.write(seed);
  }
 
  private void readObject(ObjectInputStream in) throws IOException
  {
    byte[] seed = new byte[SEED_FILE_SIZE];
    in.readFully(seed);
    generator.addRandomBytes(seed);
  }
 
  /**
   * The Fortuna generator function. The generator is a PRNG in its own right;
   * Fortuna itself is basically a wrapper around this generator that manages
   * reseeding in a secure way.
   */
  public static class Generator
      extends BasePRNG
      implements Cloneable
  {
    private static final int LIMIT = 1 << 20;
    private final IBlockCipher cipher;
    private final IMessageDigest hash;
    private final byte[] counter;
    private final byte[] key;
    private boolean seeded;
 
    public Generator(final IBlockCipher cipher, final IMessageDigest hash)
    {
      super(Registry.FORTUNA_GENERATOR_PRNG);
      this.cipher = cipher;
      this.hash = hash;
      counter = new byte[cipher.defaultBlockSize()];
      buffer = new byte[cipher.defaultBlockSize()];
      int keysize = 0;
      for (Iterator it = cipher.keySizes(); it.hasNext();)
        {
          int ks = ((Integer) it.next()).intValue();
          if (ks > keysize)
            keysize = ks;
          if (keysize >= 32)
            break;
        }
      key = new byte[keysize];
    }
 
    public byte nextByte()
    {
      byte[] b = new byte[1];
      nextBytes(b, 0, 1);
      return b[0];
    }
 
    public void nextBytes(byte[] out, int offset, int length)
    {
      if (! seeded)
        throw new IllegalStateException("generator not seeded");
      int count = 0;
      do
        {
          int amount = Math.min(LIMIT, length - count);
          try
            {
              super.nextBytes(out, offset + count, amount);
            }
          catch (LimitReachedException shouldNeverHappen)
            {
              throw new Error(shouldNeverHappen);
            }
          count += amount;
          for (int i = 0; i < key.length; i += counter.length)
            {
              fillBlock();
              int l = Math.min(key.length - i, cipher.currentBlockSize());
              System.arraycopy(buffer, 0, key, i, l);
            }
          resetKey();
        }
      while (count < length);
      fillBlock();
      ndx = 0;
    }
 
    public void addRandomByte(byte b)
    {
      addRandomBytes(new byte[] { b });
    }
 
    public void addRandomBytes(byte[] seed, int offset, int length)
    {
      hash.update(key);
      hash.update(seed, offset, length);
      byte[] newkey = hash.digest();
      System.arraycopy(newkey, 0, key, 0, Math.min(key.length, newkey.length));
      resetKey();
      incrementCounter();
      seeded = true;
    }
 
    public void fillBlock()
    {
      if (! seeded)
        throw new IllegalStateException("generator not seeded");
      cipher.encryptBlock(counter, 0, buffer, 0);
      incrementCounter();
    }
 
    public void setup(Map attributes)
    {
      seeded = false;
      Arrays.fill(key, (byte) 0);
      Arrays.fill(counter, (byte) 0);
      byte[] seed = (byte[]) attributes.get(SEED);
      if (seed != null)
        addRandomBytes(seed);
      fillBlock();
    }
 
    /**
     * Resets the cipher's key. This is done after every reseed, which combines
     * the old key and the seed, and processes that throigh the hash function.
     */
    private void resetKey()
    {
      try
        {
          cipher.reset();
          cipher.init(Collections.singletonMap(IBlockCipher.KEY_MATERIAL, key));
        }
      // We expect to never get an exception here.
      catch (InvalidKeyException ike)
        {
          throw new Error(ike);
        }
      catch (IllegalArgumentException iae)
        {
          throw new Error(iae);
        }
    }
 
    /**
     * Increment `counter' as a sixteen-byte little-endian unsigned integer by
     * one.
     */
    private void incrementCounter()
    {
      for (int i = 0; i < counter.length; i++)
        {
          counter[i]++;
          if (counter[i] != 0)
            break;
        }
    }
  }
}

Browse

Tools

Subversion Repositories openrisc

[/] [openrisc/] [trunk/] [gnu-dev/] [or1k-gcc/] [libjava/] [classpath/] [gnu/] [javax/] [crypto/] [prng/] [Fortuna.java] - Blame information for rev 775

Line No.	Rev	Author	Line
1	769	jeremybenn	`/* Fortuna.java -- The Fortuna PRNG.`
2			`Copyright (C) 2004, 2006 Free Software Foundation, Inc.`
3
4			`This file is a part of GNU Classpath.`
5
6			`GNU Classpath is free software; you can redistribute it and/or modify`
7			`it under the terms of the GNU General Public License as published by`
8			`the Free Software Foundation; either version 2 of the License, or (at`
9			`your option) any later version.`
10
11			`GNU Classpath is distributed in the hope that it will be useful, but`
12			`WITHOUT ANY WARRANTY; without even the implied warranty of`
13			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
14			`General Public License for more details.`
15
16			`You should have received a copy of the GNU General Public License`
17			`along with GNU Classpath; if not, write to the Free Software`
18			`Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301`
19			`USA`
20
21			`Linking this library statically or dynamically with other modules is`
22			`making a combined work based on this library. Thus, the terms and`
23			`conditions of the GNU General Public License cover the whole`
24			`combination.`
25
26			`As a special exception, the copyright holders of this library give you`
27			`permission to link this library with independent modules to produce an`
28			`executable, regardless of the license terms of these independent`
29			`modules, and to copy and distribute the resulting executable under`
30			`terms of your choice, provided that you also meet, for each linked`
31			`independent module, the terms and conditions of the license of that`
32			`module. An independent module is a module which is not derived from`
33			`or based on this library. If you modify this library, you may extend`
34			`this exception to your version of the library, but you are not`
35			`obligated to do so. If you do not wish to do so, delete this`
36			`exception statement from your version. */`
37
38
39			`package gnu.javax.crypto.prng;`
40
41			`import gnu.java.security.Registry;`
42			`import gnu.java.security.hash.HashFactory;`
43			`import gnu.java.security.hash.IMessageDigest;`
44			`import gnu.java.security.prng.BasePRNG;`
45			`import gnu.java.security.prng.LimitReachedException;`
46			`import gnu.java.security.prng.RandomEvent;`
47			`import gnu.java.security.prng.RandomEventListener;`
48			`import gnu.javax.crypto.cipher.CipherFactory;`
49			`import gnu.javax.crypto.cipher.IBlockCipher;`
50
51			`import java.io.IOException;`
52			`import java.io.ObjectInputStream;`
53			`import java.io.ObjectOutputStream;`
54			`import java.io.Serializable;`
55			`import java.security.InvalidKeyException;`
56			`import java.util.Arrays;`
57			`import java.util.Collections;`
58			`import java.util.Iterator;`
59			`import java.util.Map;`
60
61			`/**`
62			`* The Fortuna continuously-seeded pseudo-random number generator. This`
63			`* generator is composed of two major pieces: the entropy accumulator and the`
64			`* generator function. The former takes in random bits and incorporates them`
65			`* into the generator's state. The latter takes this base entropy and generates`
66			`* pseudo-random bits from it.`
67			`* <p>`
68			`* There are some things users of this class <em>must</em> be aware of:`
69			`* <dl>`
70			`* <dt>Adding Random Data</dt>`
71			`* <dd>This class does not do any polling of random sources, but rather`
72			`* provides an interface for adding random events. Applications that use this`
73			`* code <em>must</em> provide this mechanism. We use this design because an`
74			`* application writer who knows the system he is targeting is in a better`
75			`* position to judge what random data is available.</dd>`
76			`* <dt>Storing the Seed</dt>`
77			`* <dd>This class implements {@link Serializable} in such a way that it writes`
78			`* a 64 byte seed to the stream, and reads it back again when being`
79			`* deserialized. This is the extent of seed file management, however, and those`
80			`* using this class are encouraged to think deeply about when, how often, and`
81			`* where to store the seed.</dd>`
82			`* </dl>`
83			`* <p>`
84			`* <b>References:</b>`
85			`* <ul>`
86			`* <li>Niels Ferguson and Bruce Schneier, <i>Practical Cryptography</i>, pp.`
87			`* 155--184. Wiley Publishing, Indianapolis. (2003 Niels Ferguson and Bruce`
88			`* Schneier). ISBN 0-471-22357-3.</li>`
89			`* </ul>`
90			`*/`
91			`public class Fortuna`
92			`extends BasePRNG`
93			`implements Serializable, RandomEventListener`
94			`{`
95			`private static final long serialVersionUID = 0xFACADE;`
96			`private static final int SEED_FILE_SIZE = 64;`
97			`private static final int NUM_POOLS = 32;`
98			`private static final int MIN_POOL_SIZE = 64;`
99			`private final Generator generator;`
100			`private final IMessageDigest[] pools;`
101			`private long lastReseed;`
102			`private int pool;`
103			`private int pool0Count;`
104			`private int reseedCount;`
105			`public static final String SEED = "gnu.crypto.prng.fortuna.seed";`
106
107			`public Fortuna()`
108			`{`
109			`super(Registry.FORTUNA_PRNG);`
110			`generator = new Generator(CipherFactory.getInstance(Registry.RIJNDAEL_CIPHER),`
111			`HashFactory.getInstance(Registry.SHA256_HASH));`
112			`pools = new IMessageDigest[NUM_POOLS];`
113			`for (int i = 0; i < NUM_POOLS; i++)`
114			`pools[i] = HashFactory.getInstance(Registry.SHA256_HASH);`
115			`lastReseed = 0;`
116			`pool = 0;`
117			`pool0Count = 0;`
118			`buffer = new byte[256];`
119			`}`
120
121			`public void setup(Map attributes)`
122			`{`
123			`lastReseed = 0;`
124			`reseedCount = 0;`
125			`pool = 0;`
126			`pool0Count = 0;`
127			`generator.init(attributes);`
128			`try`
129			`{`
130			`fillBlock();`
131			`}`
132			`catch (LimitReachedException shouldNotHappen)`
133			`{`
134			`throw new RuntimeException(shouldNotHappen);`
135			`}`
136			`}`
137
138			`public void fillBlock() throws LimitReachedException`
139			`{`
140			`if (pool0Count >= MIN_POOL_SIZE`
141			`&& System.currentTimeMillis() - lastReseed > 100)`
142			`{`
143			`reseedCount++;`
144			`byte[] seed = new byte[0];`
145			`for (int i = 0; i < NUM_POOLS; i++)`
146			`if (reseedCount % (1 << i) == 0)`
147			`generator.addRandomBytes(pools[i].digest());`
148			`lastReseed = System.currentTimeMillis();`
149			`pool0Count = 0;`
150			`}`
151			`generator.nextBytes(buffer);`
152			`}`
153
154			`public void addRandomByte(byte b)`
155			`{`
156			`pools[pool].update(b);`
157			`if (pool == 0)`
158			`pool0Count++;`
159			`pool = (pool + 1) % NUM_POOLS;`
160			`}`
161
162			`public void addRandomBytes(byte[] buf, int offset, int length)`
163			`{`
164			`pools[pool].update(buf, offset, length);`
165			`if (pool == 0)`
166			`pool0Count += length;`
167			`pool = (pool + 1) % NUM_POOLS;`
168			`}`
169
170			`public void addRandomEvent(RandomEvent event)`
171			`{`
172			`if (event.getPoolNumber() < 0 \|\| event.getPoolNumber() >= pools.length)`
173			`throw new IllegalArgumentException("pool number out of range: "`
174			`+ event.getPoolNumber());`
175			`pools[event.getPoolNumber()].update(event.getSourceNumber());`
176			`pools[event.getPoolNumber()].update((byte) event.getData().length);`
177			`pools[event.getPoolNumber()].update(event.getData());`
178			`if (event.getPoolNumber() == 0)`
179			`pool0Count += event.getData().length;`
180			`}`
181
182			`// Reading and writing this object is equivalent to storing and retrieving`
183			`// the seed.`
184
185			`private void writeObject(ObjectOutputStream out) throws IOException`
186			`{`
187			`byte[] seed = new byte[SEED_FILE_SIZE];`
188			`try`
189			`{`
190			`generator.nextBytes(seed);`
191			`}`
192			`catch (LimitReachedException shouldNeverHappen)`
193			`{`
194			`throw new Error(shouldNeverHappen);`
195			`}`
196			`out.write(seed);`
197			`}`
198
199			`private void readObject(ObjectInputStream in) throws IOException`
200			`{`
201			`byte[] seed = new byte[SEED_FILE_SIZE];`
202			`in.readFully(seed);`
203			`generator.addRandomBytes(seed);`
204			`}`
205
206			`/**`
207			`* The Fortuna generator function. The generator is a PRNG in its own right;`
208			`* Fortuna itself is basically a wrapper around this generator that manages`
209			`* reseeding in a secure way.`
210			`*/`
211			`public static class Generator`
212			`extends BasePRNG`
213			`implements Cloneable`
214			`{`
215			`private static final int LIMIT = 1 << 20;`
216			`private final IBlockCipher cipher;`
217			`private final IMessageDigest hash;`
218			`private final byte[] counter;`
219			`private final byte[] key;`
220			`private boolean seeded;`
221
222			`public Generator(final IBlockCipher cipher, final IMessageDigest hash)`
223			`{`
224			`super(Registry.FORTUNA_GENERATOR_PRNG);`
225			`this.cipher = cipher;`
226			`this.hash = hash;`
227			`counter = new byte[cipher.defaultBlockSize()];`
228			`buffer = new byte[cipher.defaultBlockSize()];`
229			`int keysize = 0;`
230			`for (Iterator it = cipher.keySizes(); it.hasNext();)`
231			`{`
232			`int ks = ((Integer) it.next()).intValue();`
233			`if (ks > keysize)`
234			`keysize = ks;`
235			`if (keysize >= 32)`
236			`break;`
237			`}`
238			`key = new byte[keysize];`
239			`}`
240
241			`public byte nextByte()`
242			`{`
243			`byte[] b = new byte[1];`
244			`nextBytes(b, 0, 1);`
245			`return b[0];`
246			`}`
247
248			`public void nextBytes(byte[] out, int offset, int length)`
249			`{`
250			`if (! seeded)`
251			`throw new IllegalStateException("generator not seeded");`
252			`int count = 0;`
253			`do`
254			`{`
255			`int amount = Math.min(LIMIT, length - count);`
256			`try`
257			`{`
258			`super.nextBytes(out, offset + count, amount);`
259			`}`
260			`catch (LimitReachedException shouldNeverHappen)`
261			`{`
262			`throw new Error(shouldNeverHappen);`
263			`}`
264			`count += amount;`
265			`for (int i = 0; i < key.length; i += counter.length)`
266			`{`
267			`fillBlock();`
268			`int l = Math.min(key.length - i, cipher.currentBlockSize());`
269			`System.arraycopy(buffer, 0, key, i, l);`
270			`}`
271			`resetKey();`
272			`}`
273			`while (count < length);`
274			`fillBlock();`
275			`ndx = 0;`
276			`}`
277
278			`public void addRandomByte(byte b)`
279			`{`
280			`addRandomBytes(new byte[] { b });`
281			`}`
282
283			`public void addRandomBytes(byte[] seed, int offset, int length)`
284			`{`
285			`hash.update(key);`
286			`hash.update(seed, offset, length);`
287			`byte[] newkey = hash.digest();`
288			`System.arraycopy(newkey, 0, key, 0, Math.min(key.length, newkey.length));`
289			`resetKey();`
290			`incrementCounter();`
291			`seeded = true;`
292			`}`
293
294			`public void fillBlock()`
295			`{`
296			`if (! seeded)`
297			`throw new IllegalStateException("generator not seeded");`
298			`cipher.encryptBlock(counter, 0, buffer, 0);`
299			`incrementCounter();`
300			`}`
301
302			`public void setup(Map attributes)`
303			`{`
304			`seeded = false;`
305			`Arrays.fill(key, (byte) 0);`
306			`Arrays.fill(counter, (byte) 0);`
307			`byte[] seed = (byte[]) attributes.get(SEED);`
308			`if (seed != null)`
309			`addRandomBytes(seed);`
310			`fillBlock();`
311			`}`
312
313			`/**`
314			`* Resets the cipher's key. This is done after every reseed, which combines`
315			`* the old key and the seed, and processes that throigh the hash function.`
316			`*/`
317			`private void resetKey()`
318			`{`
319			`try`
320			`{`
321			`cipher.reset();`
322			`cipher.init(Collections.singletonMap(IBlockCipher.KEY_MATERIAL, key));`
323			`}`
324			`// We expect to never get an exception here.`
325			`catch (InvalidKeyException ike)`
326			`{`
327			`throw new Error(ike);`
328			`}`
329			`catch (IllegalArgumentException iae)`
330			`{`
331			`throw new Error(iae);`
332			`}`
333			`}`
334
335			`/**`
336			* Increment `counter' as a sixteen-byte little-endian unsigned integer by
337			`* one.`
338			`*/`
339			`private void incrementCounter()`
340			`{`
341			`for (int i = 0; i < counter.length; i++)`
342			`{`
343			`counter[i]++;`
344			`if (counter[i] != 0)`
345			`break;`
346			`}`
347			`}`
348			`}`
349			`}`