Add newSecureRandom() that uses a non-blocking SecureRandom provider on Linux

2024-12-19 04:57:58 +00:00 · 2016-06-16 17:06:01 +01:00 · 2016-06-16 17:06:01 +01:00 · a7419b116d
commit a7419b116d
parent 0c325c31a2
8 changed files with 27 additions and 12 deletions
--- a/contracts/src/main/kotlin/com/r3corda/contracts/cash/Cash.kt
+++ b/contracts/src/main/kotlin/com/r3corda/contracts/cash/Cash.kt
@ -3,6 +3,7 @@ package com.r3corda.contracts.cash
 import com.r3corda.core.contracts.*
 import com.r3corda.core.crypto.Party
 import com.r3corda.core.crypto.SecureHash
+import com.r3corda.core.crypto.newSecureRandom
 import com.r3corda.core.crypto.toStringShort
 import com.r3corda.core.utilities.Emoji
 import java.security.PublicKey
@ -74,7 +75,7 @@ class Cash : FungibleAsset<Currency>() {
         * Allows new cash states to be issued into existence: the nonce ("number used once") ensures the transaction
         * has a unique ID even when there are no inputs.
         */
-        data class Issue(override val nonce: Long = SecureRandom.getInstanceStrong().nextLong()) : FungibleAsset.Commands.Issue
+        data class Issue(override val nonce: Long = newSecureRandom().nextLong()) : FungibleAsset.Commands.Issue

        /**
         * A command stating that money has been withdrawn from the shared ledger and is now accounted for
--- a/core/src/main/kotlin/com/r3corda/core/Utils.kt
+++ b/core/src/main/kotlin/com/r3corda/core/Utils.kt
@ -4,6 +4,7 @@ import com.google.common.io.ByteStreams
 import com.google.common.util.concurrent.ListenableFuture
 import com.google.common.util.concurrent.MoreExecutors
 import com.google.common.util.concurrent.SettableFuture
+import com.r3corda.core.crypto.newSecureRandom
 import org.slf4j.Logger
 import java.io.BufferedInputStream
 import java.io.InputStream
@ -36,7 +37,7 @@ fun String.abbreviate(maxWidth: Int): String = if (length <= maxWidth) this else
 * Returns a random positive long generated using a secure RNG. This function sacrifies a bit of entropy in order to
 * avoid potential bugs where the value is used in a context where negative numbers are not expected.
 */
-fun random63BitValue(): Long = Math.abs(SecureRandom.getInstanceStrong().nextLong())
+fun random63BitValue(): Long = Math.abs(newSecureRandom().nextLong())

 // Some utilities for working with Guava listenable futures.
 fun <T> ListenableFuture<T>.then(executor: Executor, body: () -> Unit) = addListener(Runnable(body), executor)
--- a/core/src/main/kotlin/com/r3corda/core/crypto/CryptoUtilities.kt
+++ b/core/src/main/kotlin/com/r3corda/core/crypto/CryptoUtilities.kt
@ -10,6 +10,14 @@ import java.security.*
 import java.security.interfaces.ECPublicKey
 import net.i2p.crypto.eddsa.KeyPairGenerator as EddsaKeyPairGenerator

+fun newSecureRandom(): SecureRandom {
+    if (System.getProperty("os.name") == "Linux") {
+        return SecureRandom.getInstance("NativePRNGNonBlocking")
+    } else {
+        return SecureRandom.getInstanceStrong()
+    }
+}
+
 // "sealed" here means there can't be any subclasses other than the ones defined here.
 sealed class SecureHash private constructor(bits: ByteArray) : OpaqueBytes(bits) {
    class SHA256(bits: ByteArray) : SecureHash(bits) {
@ -38,7 +46,7 @@ sealed class SecureHash private constructor(bits: ByteArray) : OpaqueBytes(bits)
        @JvmStatic fun sha256Twice(bits: ByteArray) = sha256(sha256(bits).bits)
        @JvmStatic fun sha256(str: String) = sha256(str.toByteArray())

-        @JvmStatic fun randomSHA256() = sha256(SecureRandom.getInstanceStrong().generateSeed(32))
+        @JvmStatic fun randomSHA256() = sha256(newSecureRandom().generateSeed(32))
    }

    abstract val signatureAlgorithmName: String
--- a/core/src/test/kotlin/com/r3corda/core/contracts/TransactionGraphSearchTests.kt
+++ b/core/src/test/kotlin/com/r3corda/core/contracts/TransactionGraphSearchTests.kt
@ -1,5 +1,6 @@
 package com.r3corda.core.contracts

+import com.r3corda.core.crypto.newSecureRandom
 import com.r3corda.core.node.services.testing.MockTransactionStorage
 import com.r3corda.core.testing.DUMMY_NOTARY
 import com.r3corda.core.testing.MEGA_CORP_KEY
@ -16,7 +17,7 @@ class TransactionGraphSearchTests {
        }
    }

-    fun random31BitValue(): Int = Math.abs(SecureRandom.getInstanceStrong().nextInt())
+    fun random31BitValue(): Int = Math.abs(newSecureRandom().nextInt())

    /**
     * Build a pair of transactions. The first issues a dummy output state, and has a command applied, the second then
--- a/core/src/test/kotlin/com/r3corda/core/contracts/TransactionGroupTests.kt
+++ b/core/src/test/kotlin/com/r3corda/core/contracts/TransactionGroupTests.kt
@ -2,6 +2,7 @@ package com.r3corda.core.contracts

 import com.r3corda.core.crypto.Party
 import com.r3corda.core.crypto.SecureHash
+import com.r3corda.core.crypto.newSecureRandom
 import com.r3corda.core.node.services.testing.MockStorageService
 import com.r3corda.core.testing.*
 import org.junit.Test
@ -33,7 +34,7 @@ class TransactionGroupTests {
        }
        interface Commands : CommandData {
            class Move() : TypeOnlyCommandData(), Commands
-            data class Issue(val nonce: Long = SecureRandom.getInstanceStrong().nextLong()) : Commands
+            data class Issue(val nonce: Long = newSecureRandom().nextLong()) : Commands
            data class Exit(val amount: Amount<Currency>) : Commands
        }
    }
--- a/core/src/test/kotlin/com/r3corda/core/serialization/TransactionSerializationTests.kt
+++ b/core/src/test/kotlin/com/r3corda/core/serialization/TransactionSerializationTests.kt
@ -3,6 +3,7 @@ package com.r3corda.core.serialization
 import com.r3corda.core.contracts.*
 import com.r3corda.core.crypto.Party
 import com.r3corda.core.crypto.SecureHash
+import com.r3corda.core.crypto.newSecureRandom
 import com.r3corda.core.node.services.testing.MockStorageService
 import com.r3corda.core.seconds
 import com.r3corda.core.testing.*
@ -34,7 +35,7 @@ class TransactionSerializationTests {
        }
        interface Commands : CommandData {
            class Move() : TypeOnlyCommandData(), Commands
-            data class Issue(val nonce: Long = SecureRandom.getInstanceStrong().nextLong()) : Commands
+            data class Issue(val nonce: Long = newSecureRandom().nextLong()) : Commands
            data class Exit(val amount: Amount<Currency>) : Commands
        }
    }
--- a/node/src/main/kotlin/com/r3corda/node/internal/AbstractNode.kt
+++ b/node/src/main/kotlin/com/r3corda/node/internal/AbstractNode.kt
@ -44,6 +44,7 @@ import java.nio.file.FileAlreadyExistsException
 import java.nio.file.Files
 import java.nio.file.Path
 import java.security.KeyPair
+import java.security.Security
 import java.time.Clock
 import java.time.Instant
 import java.util.*
--- a/node/src/main/kotlin/com/r3corda/node/services/messaging/ArtemisMessagingService.kt
+++ b/node/src/main/kotlin/com/r3corda/node/services/messaging/ArtemisMessagingService.kt
@ -3,6 +3,7 @@ package com.r3corda.node.services.messaging
 import com.google.common.net.HostAndPort
 import com.r3corda.core.RunOnCallerThread
 import com.r3corda.core.ThreadBox
+import com.r3corda.core.crypto.newSecureRandom
 import com.r3corda.core.messaging.*
 import com.r3corda.core.serialization.SingletonSerializeAsToken
 import com.r3corda.core.utilities.loggerFor
@ -115,7 +116,7 @@ class ArtemisMessagingService(val directory: Path, val myHostPort: HostAndPort,
        val config = createArtemisConfig(directory, myHostPort)
        mq.setConfiguration(config)
        val secConfig = SecurityConfiguration()
-        val password = BigInteger(128, SecureRandom.getInstanceStrong()).toString(16)
+        val password = BigInteger(128, newSecureRandom()).toString(16)
        secConfig.addUser("internal", password)
        secConfig.addRole("internal", "internal")
        secConfig.defaultUser = "internal"