Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8352535

SecureRandom Not Used After Signature.initSign() Reinitialization

XMLWordPrintable

      A DESCRIPTION OF THE PROBLEM :
      When reinitializing a Signature object with a new SecureRandom via initSign(PrivateKey, SecureRandom), the new random source is not used for subsequent signing operations with DSA/SHA256withDSA algorithms.


      ---------- BEGIN SOURCE ----------

      import java.security.*;
      import java.util.Arrays;


      public class TestInitSignWithMyOwnRandom {

          public static void main(String[] args) throws Exception {
              Provider p = Security.getProvider(
                      System.getProperty("test.provider.name", "SUN"));
              String kpgAlgorithm = "DSA";
      // args = new String[]{"DSA", "512"};
              args = new String[]{"SHA256withDSA", "2048"};
              int keySize = Integer.parseInt(args[1]);
              KeyPairGenerator kpg = KeyPairGenerator.getInstance(kpgAlgorithm, p);
              kpg.initialize(keySize);
              KeyPair kp = kpg.generateKeyPair();
              TestRandomSource rand = new TestRandomSource();
              TestRandomSource rand2 = new TestRandomSource();
              String signAlgo = args[0];
              byte[] data = new byte[20000];
              Signature sig = Signature.getInstance(signAlgo, p);
              sig.initSign(kp.getPrivate(), rand);
              sig.update(data);
              sig.sign();
              if (!rand.isUsed()) {
                  throw new Exception("Custom random source is not used");
              }

              sig.initSign(kp.getPrivate(), rand2);
              for (int i = 0; i < 20000; i++){
                  data[i] = (byte) ((System.currentTimeMillis() + i) % 256);
              }
              sig.update(data);
              sig.sign();
              if (!rand2.isUsed()) { // Check if new random is used
                  throw new Exception("New random source not used after reinitialization");
              }
          }

      }

      import java.security.SecureRandom;
      class TestRandomSource extends SecureRandom {
          private int count = 0;
          private final SecureRandom delegate = new SecureRandom();

          @Override
          public void nextBytes(byte[] bytes) {
              count++;
              delegate.nextBytes(bytes);
          }

          public boolean isUsed() {
              return count > 0;
          }
      }
      ---------- END SOURCE ----------

            jnimeh Jamil Nimeh
            webbuggrp Webbug Group
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: