Re: Design review: JEP 273: DRBG-Based SecureRandom Implementations

Thu, 19 Nov 2015 08:02:07 -0800 

> On Nov 18, 2015, at 9:32 PM, Sean Mullan <[email protected]> wrote:
> 
> The getInstance methods can now take a SecureRandomParameterSpec object 
> (rather than an AlgorithmParameterSpec). They should throw 
> InvalidAlgorithmParameterException (not IllegalArgumentException) if the 
> parameters are null or not the right type to be consistent with other Spi 
> classes.
> 
> You will also need to add a protected (or public?) constructor to 
> SecureRandomSpi that takes a SecureRandomParameterSpec parameter. 
> CertStoreSpi is a good example to follow.

Cool. This is what a JCA engine should look like.

So I create a new method like this

public static SecureRandom getInstance(
        String algorithm, SecureRandomParameterSpec spec)
        throws NoSuchAlgorithmException, InvalidParameterSpecException {
    Instance instance = GetInstance.getInstance("SecureRandom",
            SecureRandomSpi.class, algorithm, spec);
    SecureRandomSpi spi = (SecureRandomSpi)instance.impl;
    SecureRandom r = new SecureRandom(spi, instance.provider, algorithm);
    return r;
}

However, I cannot get it working, and I found difficulties understanding the 
EngineDescription inner class inside Provider.java.

1. For each engine that can take an extra parameter (not provider) in 
getInstance(), it is always named XyzParameters, not an AlgorithmParameterSpec.

2. For each of these, if you have getInstance(alg, params), there is no 
getInstance(alg). Obviously, for SecureRandom we need to have both.

3. Not sure what EngineDescription.supportsParameter means. Seems only useful 
for those needing a key.

So, it seems I'll have to write the method like

public static SecureRandom getInstance(
        String algorithm, SecureRandomParameterSpec spec)
        throws NoSuchAlgorithmException, InvalidParameterSpecException {
    Instance instance = GetInstance.getInstance("SecureRandom",
            SecureRandomSpi.class, algorithm);
    SecureRandomSpi spi = (SecureRandomSpi)instance.iml;
    spi.engineConfigure(spec);
    SecureRandom r = new SecureRandom(spi, instance.provider, algorithm);
    return r;
}

which means although configure() is not in SecureRandom, it still must be in 
SecureRandomSpi, and there won't be a SecureRandomSpi constructor that takes a 
SecureRandomParameterSpec parameter.

Am I doing something wrong?

Thanks
Max

Reply via email to