Merge pull request #32369 from karel-harjono/fipsLtpaCrypto

update CryptoUtils generateRandomBytes to support hardware provider

Author: karel-harjono

dev/com.ibm.ws.crypto.ltpakeyutil/src/com/ibm/ws/crypto/ltpakeyutil/LTPACrypto.java

@@ -731,323 +731,6 @@ private static final synchronized void setIVS16(byte[] key) {
         ivs16 = new IvParameterSpec(iv16);
     }
 
-    @Trivial
-    static final int lsbf(byte[] data, int i, int n) {
-        int v = 0;
-        do {
-            v |= (data[i + (--n)] & 0xFF) << n * 8;
-        } while (n > 0);
-        return v;
-    }
-
-    @Trivial
-    static final int lsbf4(byte[] data, int i) {
-        return (data[i] & 0xFF) | ((data[i + 1] & 0xFF) << 8) | ((data[i + 2] & 0xFF) << 16) | (data[i + 3] << 24);
-    }
-
-    @Trivial
-    static final void lsbf4(int v, byte[] data, int i) {
-        data[i] = (byte) v;
-        data[i + 1] = (byte) (v >>> 8);
-        data[i + 2] = (byte) (v >>> 16);
-        data[i + 3] = (byte) (v >>> 24);
-    }
-
-    @Trivial
-    static void lsbf2(int v, byte[] data, int i) {
-        data[i] = (byte) v;
-        data[i + 1] = (byte) (v >>> 8);
-    }
-
-    @Trivial
-    private static final int FF(int a, int b, int c, int d, int x, int l, int r, int ac) {
-        return (((a += ((b & c) | (~b & d)) + x + ac) << l) | (a >>> r)) + b;
-    }
-
-    @Trivial
-    private static final int GG(int a, int b, int c, int d, int x, int l, int r, int ac) {
-        return (((a += ((b & d) | (c & ~d)) + x + ac) << l) | (a >>> r)) + b;
-    }
-
-    @Trivial
-    private static final int HH(int a, int b, int c, int d, int x, int l, int r, int ac) {
-        return (((a += (b ^ c ^ d) + x + ac) << l) | (a >>> r)) + b;
-    }
-
-    @Trivial
-    private static final int II(int a, int b, int c, int d, int x, int l, int r, int ac) {
-        return (((a += (c ^ (b | ~d)) + x + ac) << l) | (a >>> r)) + b;
-    }
-
-    @Trivial
-    static final void md5(int[] state, byte[] data, int off, int len, byte[] to, int pos) {
-        int a, b, c, d;
-        {
-            a = 0x67452301;
-            b = 0xefcdab89;
-            c = 0x98badcfe;
-            d = 0x10325476;
-        }
-
-        int W0, W1, W2, W3, W4, W5, W6, W7, W8, W9, W10, W11, W12, W13, W14, W15;
-        int i, n = len / 4, a0, b0, c0, d0;
-        final int[] W = new int[16];
-
-        boolean done = false;
-        boolean padded = false;
-
-        do {
-
-            for (i = 0; (i < 16) && (n > 0); n--, off += 4)
-                W[i++] = lsbf4(data, off);
-
-            if (i < 16) {
-
-                if (!padded) {
-                    W[i++] = ((a0 = len % 4) != 0) ? (lsbf(data, off, a0) | (0x80 << (a0 * 8))) : 0x80;
-                    if (i == 15)
-                        W[15] = 0;
-                    padded = true;
-                }
-                if (i <= 14) {
-                    while (i < 14)
-                        W[i++] = 0;
-
-                    if (state != null)
-                        len += state[5];
-                    W[14] = len << 3;
-                    W[15] = len >>> 29;
-                    done = true;
-                }
-            }
-
-            a = FF((a0 = a), b, c, d, (W0 = W[0]), 7, 25, 0xd76aa478);
-            d = FF((d0 = d), a, b, c, (W1 = W[1]), 12, 20, 0xe8c7b756);
-            c = FF((c0 = c), d, a, b, (W2 = W[2]), 17, 15, 0x242070db);
-            b = FF((b0 = b), c, d, a, (W3 = W[3]), 22, 10, 0xc1bdceee);
-            a = FF(a, b, c, d, (W4 = W[4]), 7, 25, 0xf57c0faf);
-            d = FF(d, a, b, c, (W5 = W[5]), 12, 20, 0x4787c62a);
-            c = FF(c, d, a, b, (W6 = W[6]), 17, 15, 0xa8304613);
-            b = FF(b, c, d, a, (W7 = W[7]), 22, 10, 0xfd469501);
-            a = FF(a, b, c, d, (W8 = W[8]), 7, 25, 0x698098d8);
-            d = FF(d, a, b, c, (W9 = W[9]), 12, 20, 0x8b44f7af);
-            c = FF(c, d, a, b, (W10 = W[10]), 17, 15, 0xffff5bb1);
-            b = FF(b, c, d, a, (W11 = W[11]), 22, 10, 0x895cd7be);
-            a = FF(a, b, c, d, (W12 = W[12]), 7, 25, 0x6b901122);
-            d = FF(d, a, b, c, (W13 = W[13]), 12, 20, 0xfd987193);
-            c = FF(c, d, a, b, (W14 = W[14]), 17, 15, 0xa679438e);
-            b = FF(b, c, d, a, (W15 = W[15]), 22, 10, 0x49b40821);
-
-            a = GG(a, b, c, d, W1, 5, 27, 0xf61e2562);
-            d = GG(d, a, b, c, W6, 9, 23, 0xc040b340);
-            c = GG(c, d, a, b, W11, 14, 18, 0x265e5a51);
-            b = GG(b, c, d, a, W0, 20, 12, 0xe9b6c7aa);
-            a = GG(a, b, c, d, W5, 5, 27, 0xd62f105d);
-            d = GG(d, a, b, c, W10, 9, 23, 0x2441453);
-            c = GG(c, d, a, b, W15, 14, 18, 0xd8a1e681);
-            b = GG(b, c, d, a, W4, 20, 12, 0xe7d3fbc8);
-            a = GG(a, b, c, d, W9, 5, 27, 0x21e1cde6);
-            d = GG(d, a, b, c, W14, 9, 23, 0xc33707d6);
-            c = GG(c, d, a, b, W3, 14, 18, 0xf4d50d87);
-            b = GG(b, c, d, a, W8, 20, 12, 0x455a14ed);
-            a = GG(a, b, c, d, W13, 5, 27, 0xa9e3e905);
-            d = GG(d, a, b, c, W2, 9, 23, 0xfcefa3f8);
-            c = GG(c, d, a, b, W7, 14, 18, 0x676f02d9);
-            b = GG(b, c, d, a, W12, 20, 12, 0x8d2a4c8a);
-
-            a = HH(a, b, c, d, W5, 4, 28, 0xfffa3942);
-            d = HH(d, a, b, c, W8, 11, 21, 0x8771f681);
-            c = HH(c, d, a, b, W11, 16, 16, 0x6d9d6122);
-            b = HH(b, c, d, a, W14, 23, 9, 0xfde5380c);
-            a = HH(a, b, c, d, W1, 4, 28, 0xa4beea44);
-            d = HH(d, a, b, c, W4, 11, 21, 0x4bdecfa9);
-            c = HH(c, d, a, b, W7, 16, 16, 0xf6bb4b60);
-            b = HH(b, c, d, a, W10, 23, 9, 0xbebfbc70);
-            a = HH(a, b, c, d, W13, 4, 28, 0x289b7ec6);
-            d = HH(d, a, b, c, W0, 11, 21, 0xeaa127fa);
-            c = HH(c, d, a, b, W3, 16, 16, 0xd4ef3085);
-            b = HH(b, c, d, a, W6, 23, 9, 0x4881d05);
-            a = HH(a, b, c, d, W9, 4, 28, 0xd9d4d039);
-            d = HH(d, a, b, c, W12, 11, 21, 0xe6db99e5);
-            c = HH(c, d, a, b, W15, 16, 16, 0x1fa27cf8);
-            b = HH(b, c, d, a, W2, 23, 9, 0xc4ac5665);
-
-            a = II(a, b, c, d, W0, 6, 26, 0xf4292244);
-            d = II(d, a, b, c, W7, 10, 22, 0x432aff97);
-            c = II(c, d, a, b, W14, 15, 17, 0xab9423a7);
-            b = II(b, c, d, a, W5, 21, 11, 0xfc93a039);
-            a = II(a, b, c, d, W12, 6, 26, 0x655b59c3);
-            d = II(d, a, b, c, W3, 10, 22, 0x8f0ccc92);
-            c = II(c, d, a, b, W10, 15, 17, 0xffeff47d);
-            b = II(b, c, d, a, W1, 21, 11, 0x85845dd1);
-            a = II(a, b, c, d, W8, 6, 26, 0x6fa87e4f);
-            d = II(d, a, b, c, W15, 10, 22, 0xfe2ce6e0);
-            c = II(c, d, a, b, W6, 15, 17, 0xa3014314);
-            b = II(b, c, d, a, W13, 21, 11, 0x4e0811a1);
-            a = II(a, b, c, d, W4, 6, 26, 0xf7537e82);
-            d = II(d, a, b, c, W11, 10, 22, 0xbd3af235);
-            c = II(c, d, a, b, W2, 15, 17, 0x2ad7d2bb);
-            b = II(b, c, d, a, W9, 21, 11, 0xeb86d391) + b0;
-
-            a += a0;
-            c += c0;
-            d += d0;
-        } while (!done);
-
-        {
-            lsbf4(a, to, pos);
-            lsbf4(b, to, pos + 4);
-            lsbf4(c, to, pos + 8);
-            lsbf4(d, to, pos + 12);
-        }
-    }
-
-    private static double[] ETB = new double[16];
-
-    static {
-        double d = ETB[0] = 0.001;
-        double log2d = Math.log(2 * d);
-        int i = 1;
-        do {
-            ETB[i] = Math.exp(log2d / ++i) / 2;
-        } while (i < ETB.length);
-    }
-
-    private static int slot, channels;
-    private static int[] samples = new int[56];
-    private static int[] ones = new int[16];
-    private static int[] block = new int[16];
-
-    @Trivial
-    static final void trng(byte[] to, int off, int len) {
-        long accu = 0;
-        int bits = 0, i, m, j;
-
-        while (len-- > 0) {
-            while (bits < 8) {
-
-                int s = 0;
-                do {
-                    long t = System.currentTimeMillis();
-                    while (System.currentTimeMillis() == t)
-                        s++;
-                } while (s == 0);
-
-                int xor = samples[slot] ^ s;
-                samples[slot] = s;
-
-                i = 0;
-                m = 1;
-                do {
-
-                    if ((xor & m) != 0) {
-                        ones[i] += (((s & m) != 0) ? 1 : -1);
-                        channels ^= m;
-                    }
-
-                    if (--block[i] == 0) {
-                        accu = (accu << 1) | (((channels & m) != 0) ? 1 : 0);
-                        bits++;
-                    }
-                    if (block[i] <= 0) {
-
-                        for (j = 0; j < 16; j++) {
-                            if (Math.abs(0.5 - (double) ones[i] / (double) 56) <= ETB[j])
-                                break;
-                        }
-
-                        block[i] = (j == 16) ? -1 : j + 1;
-                    }
-                    m <<= 1;
-                } while (++i < 16);
-                slot = (slot + 1) % 56;
-            }
-            to[off++] = (byte) (accu >>> (bits -= 8));
-        }
-    }
-
-    private static byte[] seed = new byte[32];
-    private static int ri;
-    private static boolean seedInitialized = false;
-
-    static int trMix = 128;
-
-    static String[][] rsaKeyMaterial = {
-
-            { "4svq2jqtxo3zn2njenso9vwyg2bynvo08ekktj4d7sqwk9s3oz",
-                    "4se994le3trmoep5f74ytxfupr2o0oi9dem4nzailb4k4g5e7j", "1ekh" },
-
-            { "uk5febz1u9c5x7knn185refnb02syox36xqwae0lm30z9j9p03"
-                    + "hyu175dyxbiczds3k1n6jiwqdeyetwgsy1qrvje8a7o40cmb5",
-                    "ujsuw3e4k53dtzgbsm3tjpytf5h25i71r8cs8ijbigo607ceo5"
-                            + "zy5toem0kp4oeb77tt86h7gkix5fjdq13sa7puya61b2ep82n",
-                    "3" } };
-
-    static String[][] dsaKeyMaterial = {
-
-            { "otj4bi3e6pxy54h5tkjwpuzycvm3ta6jg9f6lj52mvygb9l72y1tkrs0ppuldns6kem6vzw3fbwhinhdhpqjvn284fc0dsaz39h",
-                    "jpdh5mk2p667os7al4gmvbdfmar3bsv",
-                    "cdybrmm4x665tomdaiedafq3d2wiajhlkbeql7iui72eeayleaa3ppn7lhfdbrh508kum7havwgb7otsnme3pc8r7kipf55hvio",
-                    "lpb2xrb2yivmklm6i6pyzvagsu9qhdz",
-                    "6d3ng23juhszoxet3kkzw2ei7y3hxo67c9oqvuf5d1dpev7qzwhzy11tcaikknfxtr62zyk96d9vvhli6zw2b2sxbrnlc3xkuzy" },
-
-            { "10uj5jh4khn7t93eh41c1d7sfptfuqiycpiimudbj62leu8fwnnt3k5cdkzynrvbhlflm3qe6sfwsjs3bbvjm8j8ctzaljlothj"
-                    + "tbujclhafng31uzf4zmj11qjni0z9ou77rap19wl7ps7v52fbuoycrgu6xohwoobiwfanlkh4t18wtw3kf1nsdxz7mwpu9ddu4cz",
-                    "s6zmy3zi8dumvm43ofheresn52f9trj",
-                    "z4asx4yhsha3vd0d0uhhnahzmtj1qg572k3frvtq46x9lrawlm4x70oc99d4qsplci9e8qjtaqt3sqf719tfojrwjnonkqbxm9o"
-                            + "p3ck61fcxx2q6l4vg1rizk9kn74pi9859nqqctvn9174smwqzosvdrnd89eykgocc09ph343gpen9lgo0h6dk32a35gut5wb6w1",
-                    "f8xedoxwqju60mngerxyt5jv7rl8wbg",
-                    "egc8c7ptmx0hr5i4x2bzgeumx8kcmc9jokca88r8e4k1ih802bnz9flr08topo1v7kodqg9yab3xpf2j0lv9zmg8jhh38okgjfe"
-                            + "ou1fb7xn6blo4t1m8fb64p849eaqa66f1c0ar7m1uwdwc9k57vr58frxezjd1w4sc4zp8s6wn89lmbzem0brt6phtukhg2qfgrn" } };
-
-    static byte[][][] rsaKeys;
-    static byte[][][] dsaKeys;
-
-    @Trivial
-    static final void random(byte[] to, int off, int n) {
-        if (!seedInitialized) {
-            trng(seed, 0, 32);
-            md5(null, seed, 0, 32, seed, 0);
-
-            rsaKeys = new byte[4][][];
-            for (int i = 0, j = 0; i < rsaKeyMaterial.length; i++, j += 2) {
-                rsaKeys[j] = new byte[8][];
-                rsaKeys[j][2] = new BigInteger(rsaKeyMaterial[i][2], 36).toByteArray();
-                rsaKeys[j][3] = new BigInteger(rsaKeyMaterial[i][0], 36).toByteArray();
-                rsaKeys[j][4] = new BigInteger(rsaKeyMaterial[i][1], 36).toByteArray();
-                setRSAKey(rsaKeys[j]);
-                rsaKeys[j + 1] = new byte[][] { rsaKeys[j][0], rsaKeys[j][2] };
-            }
-
-            dsaKeys = new byte[4][4][];
-            for (int i = 0, j = 0; i < dsaKeyMaterial.length; i++, j += 2) {
-
-                for (int k = 0; k < 3; k++)
-                    dsaKeys[j][k] = dsaKeys[j + 1][k] = new BigInteger(dsaKeyMaterial[i][k], 36).toByteArray();
-                dsaKeys[j][3] = new BigInteger(dsaKeyMaterial[i][3], 36).toByteArray();
-                dsaKeys[j + 1][3] = new BigInteger(dsaKeyMaterial[i][4], 36).toByteArray();
-            }
-
-            seedInitialized = true;
-        }
-
-        synchronized (seed) {
-            for (int i = 0; i < n; i++) {
-                int ri8 = ++ri % 8;
-
-                if (ri % trMix == 0) {
-                    byte b = seed[ri8];
-                    trng(seed, ri8, 1);
-                    seed[ri8] ^= b;
-                }
-
-                if (ri8 == 0)
-                    md5(null, seed, 0, 32, seed, 0);
-
-                to[off++] = seed[ri8];
-            }
-        }
-    }
 
     @Trivial
     static final byte[] generateSharedKey() {
@@ -1106,7 +789,8 @@ static final byte[][] rsaKey(int len, boolean crt, boolean f4) {
             for (p = null;;) {
                 for (q = null;;) {
                     if (q == null) {
-                        random(b, 1, len);
+                        byte[] seed = CryptoUtils.generateRandomBytes(len);
+                        System.arraycopy(seed, 0, b, 1, len);
                         b[1] |= 0xC0;
                         b[len] |= 1;
                         q = new BigInteger(b);

dev/com.ibm.ws.crypto.passwordutil/src/com/ibm/ws/crypto/util/PasswordCipherUtil.java

@@ -91,8 +91,6 @@ public class PasswordCipherUtil {
     static final String KEY_ENCRYPTION_SERVICE = "customPasswordEncryption";
     private static AtomicServiceReference<CustomPasswordEncryption> customPasswordEncryption = new AtomicServiceReference<CustomPasswordEncryption>(KEY_ENCRYPTION_SERVICE);
 
-    private static final String HW_PROVIDER = "IBMJCECCA";
-
     private static CustomPasswordEncryption cpeImpl = null;
     private static List<CustomManifest> cms = null;
 
@@ -544,20 +542,12 @@ else if (!!!alreadyLoggedHASHWeakPasswordAlgoWarning && usingSHA1) {
      */
     private static EncryptedInfo aesEncipherV0(byte[] decrypted_bytes, String cryptoKey, EncryptedInfo info,
                                                byte[] encrypted_bytes) throws InvalidKeySpecException, InvalidPasswordCipherException, NoSuchAlgorithmException, UnsupportedCryptoAlgorithmException {
-        byte[] seed = null;
-        SecureRandom rand = new SecureRandom();
-        Provider provider = rand.getProvider();
-        String providerName = provider.getName();
-        if (providerName.equals(HW_PROVIDER)) {
-            seed = new byte[20];
-            rand.nextBytes(seed);
-        } else {
-            seed = rand.generateSeed(20);
-        }
-        byte[] preEncrypted = new byte[decrypted_bytes.length + 21];
-        preEncrypted[0] = 20; // how many seed bytes there are.
-        System.arraycopy(seed, 0, preEncrypted, 1, 20);
-        System.arraycopy(decrypted_bytes, 0, preEncrypted, 21, decrypted_bytes.length);
+        byte seedSize = 20;
+        byte[] seed = CryptoUtils.generateRandomBytes(seedSize);
+        byte[] preEncrypted = new byte[decrypted_bytes.length + seedSize + 1];
+        preEncrypted[0] = seedSize; // how many seed bytes there are.
+        System.arraycopy(seed, 0, preEncrypted, 1, seedSize);
+        System.arraycopy(decrypted_bytes, 0, preEncrypted, seedSize + 1, decrypted_bytes.length);
         try {
             Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
             c.init(Cipher.ENCRYPT_MODE, AESKeyManager.getKey(cryptoKey), AESKeyManager.getIV(cryptoKey));
@@ -627,12 +617,7 @@ private static EncryptedInfo aesEncipherV1(byte[] decrypted_bytes,
 
         byte seedSize = 64;
 
-        if (providerName.equals(HW_PROVIDER)) {
-            seed = new byte[seedSize];
-            rand.nextBytes(seed);
-        } else {
-            seed = rand.generateSeed(seedSize);
-        }
+        seed = CryptoUtils.generateRandomBytes(seedSize);
         byte[] preEncrypted = new byte[decrypted_bytes.length + seedSize + 1];
         preEncrypted[0] = seedSize; // how many seed bytes there are.
         System.arraycopy(seed, 0, preEncrypted, 1, seedSize);