OpensslSecureRandom.java
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.intel.chimera.random;
import java.util.Properties;
import java.util.Random;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.intel.chimera.utils.NativeCodeLoader;
import com.intel.chimera.utils.Utils;
/**
* OpenSSL secure random using JNI.
* This implementation is thread-safe.
* <p/>
*
* If using an Intel chipset with RDRAND, the high-performance hardware
* random number generator will be used and it's much faster than
* {@link java.security.SecureRandom}. If RDRAND is unavailable, default
* OpenSSL secure random generator will be used. It's still faster
* and can generate strong random bytes.
* <p/>
* @see https://wiki.openssl.org/index.php/Random_Numbers
* @see http://en.wikipedia.org/wiki/RdRand
*/
public class OpensslSecureRandom extends Random implements SecureRandom {
private static final long serialVersionUID = -7828193502768789584L;
private static final Log LOG =
LogFactory.getLog(OpensslSecureRandom.class.getName());
/** If native SecureRandom unavailable, use java SecureRandom */
private JavaSecureRandom fallback = null;
private static boolean nativeEnabled = false;
static {
if (NativeCodeLoader.isNativeCodeLoaded()) {
try {
OpensslSecureRandomNative.initSR();
nativeEnabled = true;
} catch (Throwable t) {
LOG.error("Failed to load Openssl SecureRandom", t);
}
}
}
/**
* Judges whether loading native library successfully.
*
* @return true if loading library successfully.
*/
public static boolean isNativeCodeLoaded() {
return nativeEnabled;
}
/**
* Constructs a {@link com.intel.chimera.random.OpensslSecureRandom}.
*
* @param props the configuration properties.
*/
public OpensslSecureRandom(Properties props) {
if (!nativeEnabled) {
fallback = new JavaSecureRandom(props);
}
}
/**
* Generates a user-specified number of random bytes.
* It's thread-safe.
*
* @param bytes the array to be filled in with random bytes.
*/
@Override
public void nextBytes(byte[] bytes) {
if (!nativeEnabled || !OpensslSecureRandomNative.nextRandBytes(bytes)) {
fallback.nextBytes(bytes);
}
}
/**
* Overrides {@link OpensslSecureRandom}.
* For {@link OpensslSecureRandom}, we don't need to set seed.
*
* @param seed the initial seed.
*/
@Override
public void setSeed(long seed) {
// Self-seeding.
}
/**
* Overrides {@link java.util.Random# next()}. Generates an integer
* containing the user-specified number of random
* bits(right justified, with leading zeros).
*
* @param numBits number of random bits to be generated, where
* 0 <= <code>numBits</code> <= 32.
* @return int an <code>int</code> containing the user-specified number
* of random bits (right justified, with leading zeros).
*/
@Override
final protected int next(int numBits) {
Utils.checkArgument(numBits >= 0 && numBits <= 32);
int numBytes = (numBits + 7) / 8;
byte b[] = new byte[numBytes];
int next = 0;
nextBytes(b);
for (int i = 0; i < numBytes; i++) {
next = (next << 8) + (b[i] & 0xFF);
}
return next >>> (numBytes * 8 - numBits);
}
/**
* Overrides {@link java.lang.AutoCloseable#close()}. Closes openssl context if native enabled.
*/
@Override
public void close() {
if (!nativeEnabled && fallback !=null) {
fallback.close();
}
}
}