From 5b36334003e151707d1b2ab08b9e360bf88a8159 Mon Sep 17 00:00:00 2001
From: Peter Badenhorst <dev10@mispah.net>
Date: Wed, 20 Jun 2012 19:06:12 +0200
Subject: [PATCH] Renamed AESCounterRNG classes to be a bit more
 self-explanatory Added some comments

---
 akka-remote/src/main/resources/reference.conf   |  6 +++---
 .../akka/remote/netty/NettySSLSupport.scala     |  2 +-
 ...GSecure.scala => AES128CounterInetRNG.scala} |  9 +++++++--
 ...GFast.scala => AES128CounterSecureRNG.scala} | 11 +++++++----
 ...GSecure.scala => AES256CounterInetRNG.scala} | 17 ++++++++++++++---
 .../akka/security/provider/AkkaProvider.scala   | 12 ++++++------
 .../remote/Ticket1978CommunicationSpec.scala    | 10 +++++-----
 7 files changed, 43 insertions(+), 24 deletions(-)
 rename akka-remote/src/main/scala/akka/security/provider/{AES128CounterRNGSecure.scala => AES128CounterInetRNG.scala} (64%)
 rename akka-remote/src/main/scala/akka/security/provider/{AES128CounterRNGFast.scala => AES128CounterSecureRNG.scala} (64%)
 rename akka-remote/src/main/scala/akka/security/provider/{AES256CounterRNGSecure.scala => AES256CounterInetRNG.scala} (52%)

diff --git a/akka-remote/src/main/resources/reference.conf b/akka-remote/src/main/resources/reference.conf
index 0ba9bb3b06..a8d2cb2680 100644
--- a/akka-remote/src/main/resources/reference.conf
+++ b/akka-remote/src/main/resources/reference.conf
@@ -205,10 +205,10 @@ akka {
         # There are three options, in increasing order of security:
         # "" or SecureRandom => (default)
         # "SHA1PRNG" => Can be slow because of blocking issues on Linux
-        # "AES128CounterRNGFast" => fastest startup and based on AES encryption algorithm
+        # "AES128CounterSecureRNG" => fastest startup and based on AES encryption algorithm
         # The following use one of 3 possible seed sources, depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
-        # "AES128CounterRNGSecure"
-        # "AES256CounterRNGSecure"  (Install JCE Unlimited Strength Jurisdiction Policy Files first)
+        # "AES128CounterInetRNG"
+        # "AES256CounterInetRNG"  (Install JCE Unlimited Strength Jurisdiction Policy Files first)
         # Setting a value here may require you to supply the appropriate cipher suite (see enabled-algorithms section above)
         random-number-generator = ""
       }
diff --git a/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala b/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
index 9323fb8143..690b4522ec 100644
--- a/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
+++ b/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport.scala
@@ -38,7 +38,7 @@ private[akka] object NettySSLSupport {
     }
 
     val rng = rngName match {
-      case Some(r @ ("AES128CounterRNGFast" | "AES128CounterRNGSecure" | "AES256CounterRNGSecure")) ⇒
+      case Some(r @ ("AES128CounterSecureRNG" | "AES128CounterInetRNG" | "AES256CounterInetRNG")) ⇒
         log.debug("SSL random number generator set to: {}", r)
         SecureRandom.getInstance(r, AkkaProvider)
       case Some(s @ ("SHA1PRNG" | "NativePRNG")) ⇒
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala b/akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
similarity index 64%
rename from akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
index 846476cc2d..41d12b275f 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGSecure.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES128CounterInetRNG.scala
@@ -7,12 +7,16 @@ import org.uncommons.maths.random.{ AESCounterRNG, DefaultSeedGenerator }
 
 /**
  * Internal API
+ * This class is a wrapper around the 128-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
+ * It uses the default seed generator which uses one of the following 3 random seed sources:
+ * Depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
+ * The only method used by netty ssl is engineNextBytes(bytes)
  */
-class AES128CounterRNGSecure extends java.security.SecureRandomSpi {
+class AES128CounterInetRNG extends java.security.SecureRandomSpi {
   private val rng = new AESCounterRNG()
 
   /**
-   * This is managed internally only
+   * This is managed internally by AESCounterRNG
    */
   override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
 
@@ -24,6 +28,7 @@ class AES128CounterRNGSecure extends java.security.SecureRandomSpi {
   override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
 
   /**
+   * Unused method
    * Returns the given number of seed bytes.  This call may be used to
    * seed other random number generators.
    *
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala b/akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
similarity index 64%
rename from akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
index c355f5a548..cda59ee03b 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES128CounterRNGFast.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES128CounterSecureRNG.scala
@@ -4,16 +4,18 @@
 package akka.security.provider
 
 import org.uncommons.maths.random.{ AESCounterRNG, SecureRandomSeedGenerator }
-import java.security.SecureRandom
 
 /**
  * Internal API
+ * This class is a wrapper around the AESCounterRNG algorithm provided by http://maths.uncommons.org/ *
+ * The only method used by netty ssl is engineNextBytes(bytes)
+ * This RNG is good to use to prevent startup delay when you don't have Internet access to random.org
  */
-class AES128CounterRNGFast extends java.security.SecureRandomSpi {
+class AES128CounterSecureRNG extends java.security.SecureRandomSpi {
   private val rng = new AESCounterRNG(new SecureRandomSeedGenerator())
 
   /**
-   * This is managed internally only
+   * This is managed internally by AESCounterRNG
    */
   override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
 
@@ -25,12 +27,13 @@ class AES128CounterRNGFast extends java.security.SecureRandomSpi {
   override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
 
   /**
+   * Unused method
    * Returns the given number of seed bytes.  This call may be used to
    * seed other random number generators.
    *
    * @param numBytes the number of seed bytes to generate.
    * @return the seed bytes.
    */
-  override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = (new SecureRandom).generateSeed(numBytes)
+  override protected def engineGenerateSeed(numBytes: Int): Array[Byte] = (new SecureRandomSeedGenerator()).generateSeed(numBytes)
 }
 
diff --git a/akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala b/akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
similarity index 52%
rename from akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala
rename to akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
index d942938411..076d4fcd7f 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AES256CounterRNGSecure.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AES256CounterInetRNG.scala
@@ -7,12 +7,22 @@ import org.uncommons.maths.random.{ AESCounterRNG, DefaultSeedGenerator }
 
 /**
  * Internal API
+ * This class is a wrapper around the 256-bit AESCounterRNG algorithm provided by http://maths.uncommons.org/
+ * It uses the default seed generator which uses one of the following 3 random seed sources:
+ * Depending on availability: /dev/random, random.org and SecureRandom (provided by Java)
+ * The only method used by netty ssl is engineNextBytes(bytes)
  */
-class AES256CounterRNGSecure extends java.security.SecureRandomSpi {
-  private val rng = new AESCounterRNG(32) // Magic number is magic
+class AES256CounterInetRNG extends java.security.SecureRandomSpi {
+  /**
+   * From AESCounterRNG API docs:
+   * Valid values are 16 (128 bits), 24 (192 bits) and 32 (256 bits).
+   * Any other values will result in an exception from the AES implementation.
+   */
+  private val AES_256_BIT = 32 // Magic number is magic
+  private val rng = new AESCounterRNG(AES_256_BIT)
 
   /**
-   * This is managed internally only
+   * This is managed internally by AESCounterRNG
    */
   override protected def engineSetSeed(seed: Array[Byte]): Unit = ()
 
@@ -24,6 +34,7 @@ class AES256CounterRNGSecure extends java.security.SecureRandomSpi {
   override protected def engineNextBytes(bytes: Array[Byte]): Unit = rng.nextBytes(bytes)
 
   /**
+   * Unused method
    * Returns the given number of seed bytes.  This call may be used to
    * seed other random number generators.
    *
diff --git a/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala b/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
index 0b85231348..707ad0c399 100644
--- a/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
+++ b/akka-remote/src/main/scala/akka/security/provider/AkkaProvider.scala
@@ -12,14 +12,14 @@ object AkkaProvider extends Provider("Akka", 1.0, "Akka provider 1.0 that implem
   AccessController.doPrivileged(new PrivilegedAction[this.type] {
     def run = {
       //SecureRandom
-      put("SecureRandom.AES128CounterRNGFast", classOf[AES128CounterRNGFast].getName)
-      put("SecureRandom.AES128CounterRNGSecure", classOf[AES128CounterRNGSecure].getName)
-      put("SecureRandom.AES256CounterRNGSecure", classOf[AES256CounterRNGSecure].getName)
+      put("SecureRandom.AES128CounterSecureRNG", classOf[AES128CounterSecureRNG].getName)
+      put("SecureRandom.AES128CounterInetRNG", classOf[AES128CounterInetRNG].getName)
+      put("SecureRandom.AES256CounterInetRNG", classOf[AES256CounterInetRNG].getName)
 
       //Implementation type: software or hardware
-      put("SecureRandom.AES128CounterRNGFast ImplementedIn", "Software")
-      put("SecureRandom.AES128CounterRNGSecure ImplementedIn", "Software")
-      put("SecureRandom.AES256CounterRNGSecure ImplementedIn", "Software")
+      put("SecureRandom.AES128CounterSecureRNG ImplementedIn", "Software")
+      put("SecureRandom.AES128CounterInetRNG ImplementedIn", "Software")
+      put("SecureRandom.AES256CounterInetRNG ImplementedIn", "Software")
       null //Magic null is magic
     }
   })
diff --git a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
index 79196f321f..64408f15b1 100644
--- a/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
+++ b/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
@@ -81,19 +81,19 @@ import Configuration.{ CipherConfig, getCipherConfig }
 class Ticket1978SHA1PRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("SHA1PRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
 
 @org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES128CounterRNGFastSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterRNGFast", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
+class Ticket1978AES128CounterSecureRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterSecureRNG", "TLS_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA"))
 
 /**
- * Both of the <quote>Secure</quote> variants require access to the Internet to access random.org.
+ * Both of the <quote>Inet</quote> variants require access to the Internet to access random.org.
  */
 @org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES128CounterRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterRNGSecure", "TLS_RSA_WITH_AES_128_CBC_SHA"))
+class Ticket1978AES128CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES128CounterInetRNG", "TLS_RSA_WITH_AES_128_CBC_SHA"))
 
 /**
- * Both of the <quote>Secure</quote> variants require access to the Internet to access random.org.
+ * Both of the <quote>Inet</quote> variants require access to the Internet to access random.org.
  */
 @org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
-class Ticket1978AES256CounterRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterRNGSecure", "TLS_RSA_WITH_AES_256_CBC_SHA"))
+class Ticket1978AES256CounterInetRNGSpec extends Ticket1978CommunicationSpec(getCipherConfig("AES256CounterInetRNG", "TLS_RSA_WITH_AES_256_CBC_SHA"))
 
 @org.junit.runner.RunWith(classOf[org.scalatest.junit.JUnitRunner])
 class Ticket1978DefaultRNGSecureSpec extends Ticket1978CommunicationSpec(getCipherConfig("", "TLS_RSA_WITH_AES_128_CBC_SHA"))