Re: RFR 8051408: JEP 273: DRBG-Based SecureRandom Implementations

Mon, 04 Apr 2016 19:36:07 -0700 

Updated webrev again at

 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/
 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/spec
 http://cr.openjdk.java.net/~weijun/8051408/webrev.09/specdiff

The only change is that SecureRandomInstantiateParameters, 
SecureRandomNextBytesParameters and SecureRandomReseedParameters are removed 
and only a single SecureRandomParameters is added. There seems no reason to 
introduce 3 marker interfaces.

Thanks
Max


> On Apr 1, 2016, at 7:34 PM, Wang Weijun <weijun.w...@oracle.com> wrote:
> 
> Hi All
> 
> Updated webrev at
> 
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/spec
>  http://cr.openjdk.java.net/~weijun/8051408/webrev.08/specdiff
> 
> Spec changes:
> 
>  - More text in @implNote of DrbgParameters.java, which somehow matches the 
> Minimal Documentation Requirements described in 11.1 of NIST SP 800-90Ar1.
> 
>  - DrbgParameters.instantiate(strength,cap,ps) throws NPE if cap is null
> 
>  - SecureRandom.java: no more @implSpec for new methods since impl is in 
> SecureRandomSpi. Also, make the following word changes in all UOE cases:
> 
>    - * @throws UnsupportedOperationException if the implementation
>    - *         has not overridden this method.
>    + * @throws UnsupportedOperationException if the underlying provider
>    + *         implementation has not overridden this method.
> 
> "drbg" security property changes:
> 
>  - delimiter is now ",". Otherwise, "SHA-512/256" is ambiguous.
> 
>  - AbstractDrbg#toString and DrbgParameters$Instantiate#toString also use "," 
> now.
> 
>  - default value is "", thus each aspect uses its own default as described in 
> the comment.
> 
>  - examples
> 
> Code changes:
> 
>  - DRBG.java: more check for the "drbg" security property, one aspect cannot 
> be set twice,
>    and strength must be positive
> 
>  - HashDrbg.java optimization
> 
>    * Use MessageDigest#digest(output,offset,length) instead of 
> digest()+arraycopy.
>      (BTW, why is DigestException a checked exception?) --  a little useful
> 
>    * addBytes() now updates its first argument, therefore less round of 
> adding -- very useful
> 
>    * store "new byte[1]" and "new byte[]{1}" as constants -- a little useful
> 
>  - MoreDrbgParameters: now including mech, so it can fully cover the "drbg" 
> security property.  It still includes non-publicly configurable items like 
> entropy source and nonce, that the DRBG (known-answer) Test Vectors require.
> 
> Thanks
> Max
>

Reply via email to