Use external HKDF impl

Expand user input seed
patrickfav · Oct 3, 2017 · 163e178 · 163e178
1 parent b54f395
commit 163e178
Show file tree

Hide file tree

Showing 9 changed files with 34 additions and 157 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -2,6 +2,8 @@
 
 ## v1.3.0
 * support max output of 10Gib (instead of 1 Gib)
+* use `at.favre.lib:hkdf` HKDF implementation
+* additional expand user input seed with hkdf
 
 ## v1.2.0
 * add debug info for entropy sources

diff --git a/pom.xml b/pom.xml
@@ -312,7 +312,11 @@
             <artifactId>rxjava</artifactId>
             <version>2.1.3</version>
         </dependency>
-
+        <dependency>
+            <groupId>at.favre.lib</groupId>
+            <artifactId>hkdf</artifactId>
+            <version>0.3.0</version>
+        </dependency>
         <!-- test -->
         <dependency>
             <groupId>junit</groupId>

diff --git a/src/main/java/at/favre/tools/dice/rnd/ExternalStrongSeedEntropySource.java b/src/main/java/at/favre/tools/dice/rnd/ExternalStrongSeedEntropySource.java
@@ -1,5 +1,6 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
 import at.favre.tools.dice.util.ByteUtils;
 
 import java.nio.ByteBuffer;
@@ -11,8 +12,6 @@
  * adding an monotonic counter, to generate different outputs each call)
  */
 public final class ExternalStrongSeedEntropySource implements ExpandableEntropySource {
-    private final static int INTERNAL_SEED_LENGTH = 64;
-
     private final static byte[] SALT = new byte[]{0x29, 0x05, 0x27, 0x2B, (byte) 0xD7, 0x56, (byte) 0x84, 0x27, (byte) 0xD6, (byte) 0xE1, 0x62, 0x4B, (byte) 0xBD, (byte) 0xC9, 0x62, (byte) 0x80};
 
     private byte[] internalSeed;
@@ -27,12 +26,14 @@ public ExternalStrongSeedEntropySource(byte[] seed) {
     }
 
     private void regenerateInternalSeed(byte[] seed) {
-        internalSeed = HKDF.hkdf(ByteUtils.concatAll(seed, ByteBuffer.allocate(Integer.BYTES).putInt(counter++).array()), SALT, SALT, INTERNAL_SEED_LENGTH);
+        internalSeed = HKDF.fromHmacSha512().extract(ByteUtils.concatAll(seed, ByteBuffer.allocate(Integer.BYTES).putInt(counter++).array()), SALT);
+
     }
 
     @Override
     public byte[] generateEntropy(int length) {
-        byte[] out = HKDF.hkdf(internalSeed, SALT, SALT, length);
+        byte[] out = HKDF.fromHmacSha512().expand(
+                internalSeed, this.getClass().getName().getBytes(StandardCharsets.UTF_8), length);
         regenerateInternalSeed(internalSeed);
         return out;
     }

diff --git a/src/main/java/at/favre/tools/dice/rnd/ExternalWeakSeedEntropySource.java b/src/main/java/at/favre/tools/dice/rnd/ExternalWeakSeedEntropySource.java
@@ -1,22 +1,27 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
+
 import java.nio.charset.StandardCharsets;
 import java.security.SecureRandom;
 
 /**
- * Used for weak external entropy source like a user input. This will be combined with a strong
- * {@link SecureRandom} instance which itself seeds with OS entropy pool, therefore mixing the
- * weaker source with a stronger, unpredictable one.
+ * Used for weak external entropy source like a user input. The seed will be extracted with HKDF
+ * and combined with a{@link SecureRandom} instance which itself seeds with OS entropy pool,
+ * therefore mixing the weaker source with a stronger, unpredictable one.
  */
 public final class ExternalWeakSeedEntropySource extends SecureRandomEntropySource {
 
+    private static final byte[] SALT = new byte[]{0x6A, (byte) 0xA0, (byte) 0x92, (byte) 0xEA, 0x51, (byte) 0xEB, (byte) 0xB4, (byte) 0xDC, 0x22, (byte) 0x82, (byte) 0xED, 0x29, 0x53, 0x4B, (byte) 0x88, (byte) 0x8C, 0x75, 0x0E, 0x75, 0x59, 0x78, 0x6D, (byte) 0xEC, (byte) 0xDD, 0x5E, (byte) 0xBA, 0x3D, (byte) 0xD6, (byte) 0xC3, 0x70, (byte) 0xB4, (byte) 0x84};
+
+
     public ExternalWeakSeedEntropySource(String seed) {
         this(seed.getBytes(StandardCharsets.UTF_8));
     }
 
     public ExternalWeakSeedEntropySource(byte[] seed) {
         super();
-        setSeed(seed);
+        setSeed(HKDF.fromHmacSha256().extract(seed, SALT));
     }
 
     @Override

diff --git a/src/main/java/at/favre/tools/dice/rnd/HKDF.java b/src/main/java/at/favre/tools/dice/rnd/HKDF.java
diff --git a/src/main/java/at/favre/tools/dice/rnd/HKDFEntropyPool.java b/src/main/java/at/favre/tools/dice/rnd/HKDFEntropyPool.java
@@ -1,7 +1,10 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
+
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.nio.charset.StandardCharsets;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -58,6 +61,6 @@ public byte[] generateEntropy(int lengthByte) {
                 throw new IllegalStateException("could not generate seed in pool", e);
             }
         });
-        return HKDF.hkdf(bos.toByteArray(), SALT, SALT, lengthByte);
+        return HKDF.fromHmacSha512().extractAndExpand(bos.toByteArray(), SALT, this.getClass().getName().getBytes(StandardCharsets.UTF_8), lengthByte);
     }
 }
diff --git a/src/main/java/at/favre/tools/dice/rnd/NonceEntropySource.java b/src/main/java/at/favre/tools/dice/rnd/NonceEntropySource.java
@@ -1,9 +1,11 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
 import at.favre.tools.dice.util.ByteUtils;
 
 import java.lang.management.ManagementFactory;
 import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
 
 /**
  * Nonce generate as described in SP800-90Ar1. This implementation uses a monotonic sequence number
@@ -27,7 +29,7 @@ public byte[] generateEntropy(int lengthByte) {
         buffer.putLong(System.nanoTime());
         buffer.putLong(System.currentTimeMillis());
         buffer.putLong(ManagementFactory.getRuntimeMXBean().getUptime());
-        return HKDF.hkdf(buffer.array(), SALT, SALT, lengthByte);
+        return HKDF.fromHmacSha256().extractAndExpand(buffer.array(), SALT, this.getClass().getName().getBytes(StandardCharsets.UTF_8), lengthByte);
     }
 
     @Override

diff --git a/src/main/java/at/favre/tools/dice/rnd/PersonalizationSource.java b/src/main/java/at/favre/tools/dice/rnd/PersonalizationSource.java
@@ -1,5 +1,6 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
 import at.favre.tools.dice.RndTool;
 import at.favre.tools.dice.util.ByteUtils;
 
@@ -173,7 +174,7 @@ public byte[] generateEntropy(int lengthByte) {
             bos.write(systemProperties());
             bos.write(readTempDirContent());
             bos.write(InetAddress.getLocalHost().toString().getBytes());
-            return HKDF.hkdf(bos.toByteArray(), SALT, SALT, lengthByte);
+            return HKDF.fromHmacSha512().extractAndExpand(bos.toByteArray(), SALT, this.getClass().getName().getBytes(StandardCharsets.UTF_8), lengthByte);
         } catch (Exception e) {
             throw new IllegalStateException("could not personalization seed", e);
         }

diff --git a/src/main/java/at/favre/tools/dice/rnd/ThreadedEntropySource.java b/src/main/java/at/favre/tools/dice/rnd/ThreadedEntropySource.java
@@ -1,5 +1,8 @@
 package at.favre.tools.dice.rnd;
 
+import at.favre.lib.crypto.HKDF;
+
+import java.nio.charset.StandardCharsets;
 import java.security.PrivilegedAction;
 
 /**
@@ -23,7 +26,7 @@ public ThreadedEntropySource() {
     public byte[] generateEntropy(int lengthByte) {
         byte[] seed = new byte[12];
         threadedSeedGenerator.getSeedBytes(seed);
-        return HKDF.hkdf(seed, SALT, SALT, lengthByte);
+        return HKDF.fromHmacSha256().extractAndExpand(seed, SALT, this.getClass().getName().getBytes(StandardCharsets.UTF_8), lengthByte);
     }
 
     @Override