diff --git a/akka-remote/src/main/resources/reference.conf b/akka-remote/src/main/resources/reference.conf
index 0ba9bb3b06..a8d2cb2680 100644
--- a/akka-remote/src/main/resources/reference.conf
+++ b/akka-remote/src/main/resources/reference.conf
@@ -205,10 +205,10 @@ akka {
# There are three options, in increasing order of security:
# "" or SecureRandom => (default)
# "SHA1PRNG" => Can be slow because of blocking issues on Linux
- # "AES128CounterRNGFast" => fastest startup and based on AES encryption algorithm
+ # "AES128CounterSecureRNG" => fastest startup and based on AES encryption algorithm
# The following use one of 3 possible seed sources, depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
- # "AES128CounterRNGSecure"
- # "AES256CounterRNGSecure" (Install JCE Unlimited Strength Jurisdiction Policy Files first)
+ # "AES128CounterInetRNG"
+ # "AES256CounterInetRNG" (Install JCE Unlimited Strength Jurisdiction Policy Files first)
# Setting a value here may require you to supply the appropriate cipher suite (see enabled-algorithms section above)
random-number-generator = ""
}
diff --git a/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala b/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
index 9323fb8143..690b4522ec 100644
--- a/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
+++ b/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
@@ -38,7 +38,7 @@ private[akka] object NettySSLSupport {
}
val rng = rngName match {
- case Some(r @ ("AES128CounterRNGFast" | "AES128CounterRNGSecure" | "AES256CounterRNGSecure")) ⇒
+ case Some(r @ ("AES128CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
log.debug("SSL random number generator set to: {}", r)
SecureRandom.getInstance(r, AkkaProvider)
case Some(s @ ("SHA1PRNG" | "NativePRNG")) ⇒
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala b/akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
similarity index 64%
rename from akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
index 846476cc2d..41d12b275f 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
@@ -7,12 +7,16 @@ import org.uncommons.maths.random.{ AESCounterRNG, DefaultSeedGenerator }
/**
* Internal API
+ * This class is a wrapper around the 128-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
+ * It uses the default seed generator which uses one of the following 3 random seed sources:
+ * Depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
+ * The only method used by netty ssl is engineNextBytes(bytes)
*/
-class AES128CounterRNGSecure extends java.security.SecureRandomSpi {
+class AES128CounterInetRNG extends java.security.SecureRandomSpi {
private val rng = new AESCounterRNG()
/**
- * This is managed internally only
+ * This is managed internally by AESCounterRNG
*/
override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
@@ -24,6 +28,7 @@ class AES128CounterRNGSecure extends java.security.SecureRandomSpi {
override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
/**
+ * Unused method
* Returns the given number of seed bytes. This call may be used to
* seed other random number generators.
*
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala b/akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
similarity index 64%
rename from akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
index c355f5a548..cda59ee03b 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
@@ -4,16 +4,18 @@
package akka.security.provider
import org.uncommons.maths.random.{ AESCounterRNG, SecureRandomSeedGenerator }
-import java.security.SecureRandom
/**
* Internal API
+ * This class is a wrapper around the AESCounterRNG algorithm provided by http://maths.uncommons.org/ *
+ * The only method used by netty ssl is engineNextBytes(bytes)
+ * This RNG is good to use to prevent startup delay when you don't have Internet access to random.org
*/
-class AES128CounterRNGFast extends java.security.SecureRandomSpi {
+class AES128CounterSecureRNG extends java.security.SecureRandomSpi {
private val rng = new AESCounterRNG(new SecureRandomSeedGenerator())
/**
- * This is managed internally only
+ * This is managed internally by AESCounterRNG
*/
override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
@@ -25,12 +27,13 @@ class AES128CounterRNGFast extends java.security.SecureRandomSpi {
override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
/**
+ * Unused method
* Returns the given number of seed bytes. This call may be used to
* seed other random number generators.
*
* @param numBytes the number of seed bytes to generate.
* @return the seed bytes.
*/
- override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = (new SecureRandom).generateSeed(numBytes)
+ override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = (new SecureRandomSeedGenerator()).generateSeed(numBytes)
}
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala b/akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
similarity index 52%
rename from akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
index d942938411..076d4fcd7f 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
@@ -7,12 +7,22 @@ import org.uncommons.maths.random.{ AESCounterRNG, DefaultSeedGenerator }
/**
* Internal API
+ * This class is a wrapper around the 256-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
+ * It uses the default seed generator which uses one of the following 3 random seed sources:
+ * Depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
+ * The only method used by netty ssl is engineNextBytes(bytes)
*/
-class AES256CounterRNGSecure extends java.security.SecureRandomSpi {
- private val rng = new AESCounterRNG(32) // Magic number is magic
+class AES256CounterInetRNG extends java.security.SecureRandomSpi {
+ /**
+ * From AESCounterRNG API docs:
+ * Valid values are 16 (128 bits), 24 (192 bits) and 32 (256 bits).
+ * Any other values will result in an exception from the AES implementation.
+ */
+ private val AES_256_BIT = 32 // Magic number is magic
+ private val rng = new AESCounterRNG(AES_256_BIT)
/**
- * This is managed internally only
+ * This is managed internally by AESCounterRNG
*/
override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
@@ -24,6 +34,7 @@ class AES256CounterRNGSecure extends java.security.SecureRandomSpi {
override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
/**
+ * Unused method
* Returns the given number of seed bytes. This call may be used to
* seed other random number generators.
*
diff --git a/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala b/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
index 0b85231348..707ad0c399 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
@@ -12,14 +12,14 @@ object AkkaProvider extends Provider("Akka", 1.0, "Akka provider 1.0 that implem
AccessController.doPrivileged(new PrivilegedAction[this.type] {
def run = {
//SecureRandom
- put("SecureRandom.AES128CounterRNGFast", classOf[AES128CounterRNGFast].getName)
- put("SecureRandom.AES128CounterRNGSecure", classOf[AES128CounterRNGSecure].getName)
- put("SecureRandom.AES256CounterRNGSecure", classOf[AES256CounterRNGSecure].getName)
+ put("SecureRandom.AES128CounterSecureRNG", classOf[AES128CounterSecureRNG].getName)
+ put("SecureRandom.AES128CounterInetRNG", classOf[AES128CounterInetRNG].getName)
+ put("SecureRandom.AES256CounterInetRNG", classOf[AES256CounterInetRNG].getName)
//Implementation type: software or hardware
- put("SecureRandom.AES128CounterRNGFast ImplementedIn", "Software")
- put("SecureRandom.AES128CounterRNGSecure ImplementedIn", "Software")
- put("SecureRandom.AES256CounterRNGSecure ImplementedIn", "Software")
+ put("SecureRandom.AES128CounterSecureRNG ImplementedIn", "Software")
+ put("SecureRandom.AES128CounterInetRNG ImplementedIn", "Software")
+ put("SecureRandom.AES256CounterInetRNG ImplementedIn", "Software")
null //Magic null is magic
}
})
diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
index 79196f321f..64408f15b1 100644
--- a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
+++ b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
@@ -81,19 +81,19 @@ import Configuration.{ CipherConfig, getCipherConfig }
class Ticket1978SHA1PRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("SHA1PRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
@org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES128CounterRNGFastSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterRNGFast", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
+class Ticket1978AES128CounterSecureRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterSecureRNG", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
/**
- * Both of the Secure
variants require access to the Internet to access random.org.
+ * Both of the Inet
variants require access to the Internet to access random.org.
*/
@org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES128CounterRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterRNGSecure", "TLS_RSA_WITH_AES_128_CBC_SHA"))
+class Ticket1978AES128CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterInetRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
/**
- * Both of the Secure
variants require access to the Internet to access random.org.
+ * Both of the Inet
variants require access to the Internet to access random.org.
*/
@org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES256CounterRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterRNGSecure", "TLS_RSA_WITH_AES_256_CBC_SHA"))
+class Ticket1978AES256CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterInetRNG", "TLS_RSA_WITH_AES_256_CBC_SHA"))
@org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
class Ticket1978DefaultRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "TLS_RSA_WITH_AES_128_CBC_SHA"))