public final class FIPS186_2usingSHA1 extends FIPS140_2Compliant
The algorithm described below uses a one-way function G(t,c), where t is 160 bits, c is b bits and G(t,c) is 160 bits.
Step 1. Choose a new, secret value for the seed-key, XKEY.
Step 2. In hexadecimal notation let
t = 67452301 EFCDAB89 98BADCFE 10325476 C3D2E1F0.
This is the initial value for H0 || H1 || H2 || H3 || H4 in the SHS
[FIPS 180-1].
Step 3. For j = 0 to m - 1 do
a. XSEEDj = optional user input.
b. XVAL = (XKEY + XSEEDj) mod 2b.
c. xj = G(t,XVAL)
d. XKEY = (1 + XKEY + xj) mod 2b.
G(t,c) is constructed using steps (a) - (e) in section 7 of the Specifications for the Secure Hash Standard, FIPS 180-1. Before executing these steps, {Hj} and M1 must be initialized as follows:
Then steps (a) through (e) of section 7 are executed, and G(t,c) is the 160 bit string represented by the five words (H0 || H1 || H2 || H3 || H4) at the end of step (e).
An instance of this algorithm can be obtained using the Java Cryptography
Architecture (JCA), by requesting a 'X9_31usingAES256' PRNG from the
Entrust cryptographic
service provider. This can be done using the following call:
SecureRandom.getInstance("FIPS186_2usingSHA1", "Entrust");
| Constructor and Description |
|---|
FIPS186_2usingSHA1()
The constructor; creates a new instance of the FIPS186_2usingSHA1
pseudo-random number generation algorithm.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
engineSetSeed(byte[] seed)
Reseeds this random object.
|
static void |
runFipsKat()
Runs a FIPS 140-2 known answer test on this PRNG.
|
engineGenerateSeed, engineNextBytespublic FIPS186_2usingSHA1()
Applications should not use this constructor, instead the signature
algorithm should be requested from the appropriate JCA/JCE cryptographic
service provider as follows:
SecureRandom.getInstance("FIPS186_2usingSHA1", "Entrust").
public static void runFipsKat()
This API is intended for internal use only during initialization in FIPS_OPERATIONAL mode; it should NEVER be called externally.
Fips140ErrorStateException - [FIPS 140-2 status output] thrown if the Toolkit is not
allowed to perform cryptographic operations or the self-test
failsprotected void engineSetSeed(byte[] seed)
throws java.lang.SecurityException
FIPS140_2CompliantThe given seed supplements, rather than replaces, the existing seed. Thus, repeated calls are guaranteed never to reduce randomness.
This implementation DOES NOT allow the caller to set the initial seed,
even when the caller follows the call to
SecureRandom.getInstance() method with a call to the
setSeed() method. This ensures that it is impossible to have
an initial seed that is not cryptographically strong.
The seed that is passed in is not used directly; instead the seed is hashed before prior to use. The hashing is done because the entropy of the provided seed may not be spread evenly through all of the seed bits (no way to guarantee a cryptographically strong seed will be passed in the API). By passing the seed through a hash (message digest) algorithm, the entropy is spread (more or less) evenly through all of the bits.
Once the provided seed has been hashed, the result is used to supplement (not replace) the existing internal seed data. Following this call, the seed passed is NOT automatically wiped from memory; this SHOULD be done manually. All internal temporary data used is in this call is also automatically wiped following usage.
engineSetSeed in class FIPS140_2Compliantseed - [FIPS 140-2 data input] [FIPS 140-2 CSP] the seed.java.lang.SecurityException