Random numbers appear not to be random

[kategray]

Hello,

I seem to be getting deterministic "randomness" when calling random.generateData that's been initialized for SecureRandom.

I started working from the template found here:

https://github.com/ph4r05/javacard-gradle-template

Every time I run it, I get the same output (51373E8B6FDEC284DB569204CA13D2CAA23BD1D85DCAB02A0E3D50461E73F1BB).

In an attempt to isolate the issue, I changed the code to be a bit more specific:

		tmpBuffer = JCSystem.makeTransientByteArray(BUFFER_SIZE, JCSystem.CLEAR_ON_DESELECT);
		random.generateData(tmpBuffer, (short) 0, BUFFER_SIZE);
		Util.arrayCopyNonAtomic(tmpBuffer, (short)0, apduBuffer, (short)0, BUFFER_SIZE);
		apdu.setOutgoingAndSend((short)0, BUFFER_SIZE);

It changed the value that I received, but did not change the deterministic nature of the output.

Gradle suite > Gradle test > tests.AppletTest.hello STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- 6C5544797A91115DC3330EBD003851D239A706FF2AA2AB70039C5510DDF06420 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

Gradle suite > Gradle test > tests.AppletTest.hello2 STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- 6C5544797A91115DC3330EBD003851D239A706FF2AA2AB70039C5510DDF06420 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

Gradle suite > Gradle test > tests.AppletTest.hello3 STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- 6C5544797A91115DC3330EBD003851D239A706FF2AA2AB70039C5510DDF06420 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

Should the output of random.generateData() be random?

[kategray]

BouncyCastle's SecureRandom implementation calls setSeed(System.currentTimeMillis()); in order to make their SecureRandom more random. As the jCardSim ALG_SECURE_RANDOM documentation says that the random numbers should be cryptographically secure, I added a pull request #140 to help make that possible.

This patch only kicks in if ALG_SECURE_RANDOM is present; ALG_PSEUDO_RANDOM should still function the same, if someone wants to have deterministic "randomness" in their test suites.

[kategray]

With my patch, behaviour is as expected:

Gradle suite > Gradle test > tests.AppletTest.hello STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- D4EEC11B9AA895EF22BCC8782EA5669EBA2BE73E9C7375B2A3C6E3144C89A45C 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

Gradle suite > Gradle test > tests.AppletTest.hello2 STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- 4267C24D9E10EEB173148B7706D1B634BFC3BA99734548CD275A585C7EDE37DB 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

Gradle suite > Gradle test > tests.AppletTest.hello3 STANDARD_OUT
    Connecting to card... Done.
    --> [00C00000080000000000000000] 13
    <-- EDDE80F7B2641DADE83FA3B2F547B21A6A4825EACA9EDD9320869EB5FD07476D 9000 (32)
    ResponseAPDU: 34 bytes, SW=9000

[frankmorgner]

Bouncycastle only provides PRNGs, if you want secure random numbers, you should use java.security.SecureRandom, which delegates to a platform dependent generator that should have way more entropy.

[kategray]

I was trying to keep compatibility with the existing code, and it good enough to test.

I guess it really depends on the likelihood of someone doing something silly, like virtualizing their smart card using jcardsim and using it for web-based applications. From an IT standpoint, I can think of plenty of reasons to do that, and from a security standpoint, I can think of many reasons not to.

[kategray]

PR updated per feedback from @frankmorgner .