Module ibm.crypto.hdwrcca
Package com.ibm.crypto.hdwrCCA.provider

Class SecureRandomWithCache

java.lang.Object
java.security.SecureRandomSpi
com.ibm.crypto.hdwrCCA.provider.SecureRandomWithCache
All Implemented Interfaces:
Serializable
public final class SecureRandomWithCache extends SecureRandomSpi

This class provides a crytpographically strong true random number generated based on cryptographic hardware. In this implementation of the SecureRandom class bytes are prefetched from cryptographic hardware to create a cache of random numbers available for a caller. This implementation of the SecureRandom class can be leveraged by setting the ibm.hwrandom.useicsfcache Java environment variable to true. If the ibm.hwrandom.useicsfcache Java environment variable is set to true when the IBMJCECCA provider is loaded then all subsequent calls to the SecureRandom class in the IBMJCECCA provider will be routed to this caching implementation. An additional environment variable of ibm.hwrandom.cachesize may also be specified to set the size of the cache to be used. Note a seed is not necessary for hardware random number generation and if one is passed it is not used. (Allowing the passing of a seed is to allow backwards compatibility with software generated random numbers)

See Also:

  • Constructor Details

    • SecureRandomWithCache

      public SecureRandomWithCache()
      Constructs a new instance of this class. The Java envionrment variable ibm.hwrandom.cachesize will be used to set the size of the cache to be used. If not specified the default size of 14400 bytes will be used.

    • SecureRandomWithCache

      public SecureRandomWithCache(byte[] seed)
      Constructor that requires a seed. Note: The seed has no real meaning in hardware and this constructor only exists for compatibility with SecureRandomSpi.
      Parameters:
      seed - a series of bytes used as seed. This value will be ignored.

  • Method Details

    • engineSetSeed

      public void engineSetSeed(byte[] seed)
      As hardware crypto does not need a seed value this method has no purpose, but is defined in SecureRandomSpi. This method is a no-op whenever called.
      Specified by:
      engineSetSeed in class SecureRandomSpi
      Parameters:
      seed - a series of bytes used as seed. This parameter is ignored.

    • engineNextBytes

      public void engineNextBytes(byte[] bytes) throws InternalError, BufferUnderflowException
      Generates a user-specified number of random bytes. A cache is used to cache the bytes fetched from the underlying hardware implementation.
      Specified by:
      engineNextBytes in class SecureRandomSpi
      Parameters:
      bytes - the array to be filled in with random bytes.
      Throws:
      InternalError - is thrown when an unexpected error occurs or bytes is equal to null.
      BufferUnderflowException - is thrown when an unexpected internal error occurs while fetching bytes from the cache.

    • engineGenerateSeed

      public byte[] engineGenerateSeed(int numBytes) throws UnsupportedOperationException
      As hardware crypto does not need a seed value this method has no purpose, but is defined in SecureRandomSpi.
      Specified by:
      engineGenerateSeed in class SecureRandomSpi
      Throws:
      UnsupportedOperationException - is always thrown if this method is invoked.